本文转自:http://www.178linux.com/14119#rd?sukey=ecafc0a7cc4a741b573a095a3eb78af6b4c9116b74d0bbc9844d8fc5e8b50b3fc807541ae53fd06c67ac4f4adaae6981
在此只是做个笔记给自己看的。
Nginx专题: 从编译安装到URL重写
前言
本文主要实现使用
Nginx作为Web服务器, 并使用URL Rewrite实现将手机对Web站点的请求专门重写到一个专门为手机定制的Web页面中
环境介绍
笔者只有一台虚拟机, 桥接到室内的路由器便于手机进行访问, IP地址为192.168.1.103
Nginx介绍
engine x发音同Nginx, 作者是Igor Sysoev,是目前世界上占有率第三的Web服务器软件.Nginx是一款轻量级的Web服务器,可实现反向代理,URL rewrite等功能。Nginx拥有消耗内存小、可支持高并发连接达5W个、还支持热部署、高性能的网络IO模型等特性。淘宝还基于Nginx进行二次研发出Tengine
编译安装Nginx
需要安装
Development Tools和Server Platform Development包组和zlib-devel, pcre-devel, openssl-devel等包
[[email protected] ~]# yum groupinstall "Development Tools" "Server Platform Development" #安装包组[[email protected] ~]# yum install pcre-devel openssl-devel zlib-devel -y #安装相应软件[[email protected] ~]# tar xf nginx-1.6.1.tar.gz -C /usr/src/ #解压nginx源码包到/usr/src/目录中[[email protected] ~]# cd /usr/src/[[email protected] src]# cd nginx-1.6.1/[[email protected] nginx-1.6.1]# groupadd -r nginx #创建组[[email protected] nginx-1.6.1]# useradd -r -g nginx nginx #创建用户[[email protected] nginx-1.6.1]# ./configure --prefix=/usr/src/nginx --sbin-path=/sbin/ --conf-path=/etc/nginx/nginx.conf --with-http_ssl_module --user=nginx --group=nginx --with-http_gzip_static_module #关于编译选项的参数含义,请查阅官方文档[[email protected] nginx-1.6.1]# make && make install配置文件解释
关于
Nginx的一些工作原理我们这里不做解释,但是我们解释一下Nginx的配置文件中常用选项的意思nginx的主配置文件是nginx.conf,配置文件的位置随着编译的配置选项而定,我们这里是/etc/nginx/nginx.conf文件
Nginx作为web服务器时主配置文件一般分为三段, main和event{}, http{}、我们分别进行介绍
main和event{}的配置
运行相关的配置 user User_Name [Group_name]; #运行Nginx进程的用户和组. 默认为nobody error_log /path/to/error_log; #是否启用错误日志,并指定错误日志的存放位置, 可指定为相对路径 error_log /path/to/error_log notice; #指定错误日志的记录的级别 pid /path/to/pidfile; #指定守护进程pid文件的位置
性能相关的配置 worker_processes number; #运行的worker进程的个数, 默认为1 worker_cpu_affinity cpumask ...; #定义worker进程和cpu的绑定, 这里不做过多介绍, 不了解的可自行查找 time_resolution interval ; 计数器的解析度,记录日志时时间的精确性 worker_priority number; #worker进程的优先级
事件相关的配置 accept_mutex on|off; #master进程调度用户请求至worker进程的算法,轮询和随机. on表示轮询 use [epoll|rtsing|select|poll]; #指明使用的事件驱动模型 worker_connections number; 指明一个worker进程能够接受的最大请求书
http{}的基本配置
1. server{}: 定义一个虚拟主机 示例: server { listen 80; server_name www.anyisalin.com; root "/htdocs/www" } 2. listen 语法: listen address[:port]; 示例: listen 127.0.0.1:8000; listen 127.0.0.1; listen 8000; listen *:8000; listen localhost:8000; 3. server_name 语法: server_name name...; 支持通配符: 匹配顺序: 1. 精确匹配 2. 从左向右匹配通配符 *.anyisalin.com 3. 从右向左匹配通配符 anyisalin.* 4. 匹配正则表达式 ~^*\.anyisalin\.com$ 5. default_server
4. root 语法: root path;
5. location 语法: location [=] [~] [~*] [^~] URL {...} 功能:根据用户请求的URI来匹配定义的location =: 精确匹配检查 ~: 正则表达式匹配 ~*: 正则表达式匹配, 不区分大小写 ^~: URI的前半部分匹配, 不支持正则表达式
示例: server { listen 80; server_name www.anyisalin.com; location / { root "/htdocs/www"; } location /imgs/ { root "/htdocs/imgs" } location ~* \.php$ { root "/htdocs/php" } }
配置Nginx
搭建一个基本的Nginx Web服务器
编辑Nginx配置文件效果如下
server { listen 80; server_name www.anyisalin.com;
location / { root /htdocs/html; index index.html index.htm; error_page 404 =200 404.html; } }
创建对应网页文件
[root@server1 /]# mkdir htdocs/html -pv #创建文件夹 mkdir: created directory `htdocs‘ mkdir: created directory `htdocs/html‘[root@server1 /]# cd htdocs/html/[root@server1 html]# echo "<h1>www.anyisalin.com</h1>" >> index.html #创建网页文件[root@server1 html]# echo "Sorry, Page Not Found" > 404.html #创建404页面[root@server1 html]# nginx -t #检查配置文件语法 nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful[root@server1 html]# nginx #启动nginx测试页面访问正常
实现https
创建CA并签署Nginx证书
这里对于openssl的操作不做解释, 有兴趣可以看我以前的文章: AnyISalIn的文章
创建私有CA并自签证书
[[email protected] html]# cd /etc/pki/CA[[email protected] CA]# (umask 077; openssl genrsa -out private/cakey.pem 2048)[[email protected] CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 7300 You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter ‘.‘, the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:AH Locality Name (eg, city) [Default City]:HF Organization Name (eg, company) [Default Company Ltd]:AnyISalIn LTD Organizational Unit Name (eg, section) []:ops Common Name (eg, your name or your server‘s hostname) []:www.anyisalin.com Email Address []:webadmin.anyisalin.com
[[email protected] CA]# touch serial index.txt[[email protected] CA]# echo 01 > serial创建nginx证书
[[email protected] CA]# cd /etc/nginx/[[email protected] nginx]# mkdir ssl[[email protected] nginx]# cd ssl/[[email protected] ssl]# (umask 077; openssl genrsa -out nginx.key 1024)Generating RSA private key, 1024 bit long modulus..++++++.............................................................................................++++++e is 65537 (0x10001)[[email protected] ssl]# openssl req -new -key nginx.key -out nginx.csrYou are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter ‘.‘, the field will be left blank.-----Country Name (2 letter code) [XX]:CNState or Province Name (full name) []:AHLocality Name (eg, city) [Default City]:HFOrganization Name (eg, company) [Default Company Ltd]:AnyISalIn LTDOrganizational Unit Name (eg, section) []:ops Common Name (eg, your name or your server‘s hostname) []:www.anyisalin.comEmail Address []:webadmin.anyisalin.com
Please enter the following ‘extra‘ attributesto be sent with your certificate requestA challenge password []:An optional company name []:签署证书
[[email protected] ssl]# openssl ca -in nginx.csr -out nginx.crt -days 365Using configuration from /etc/pki/tls/openssl.cnfCheck that the request matches the signatureSignature okCertificate Details: Serial Number: 1 (0x1) Validity Not Before: Apr 4 13:57:02 2016 GMT Not After : Apr 4 13:57:02 2017 GMT Subject: countryName = CN stateOrProvinceName = AH organizationName = AnyISalIn LTD organizationalUnitName = ops commonName = www.anyisalin.com emailAddress = webadmin.anyisalin.com X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: A3:68:8D:FD:49:FD:08:1B:E3:09:45:9F:3B:48:35:1E:0F:38:C4:92 X509v3 Authority Key Identifier: keyid:26:2E:FE:F6:52:41:DC:2F:C6:C1:4F:19:A0:BE:F6:14:99:93:54:4B
Certificate is to be certified until Apr 4 13:57:02 2017 GMT (365 days)Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]yWrite out database with 1 new entriesData Base Updated
修改配置文件
server { listen 443 ssl; server_name www.anyisalin.com; ssl_certificate /etc/nginx/ssl/nginx.crt; ssl_certificate_key /etc/nginx/ssl/nginx.key;
location / { root /htdocs/html; index index.html index.htm; error_page 404 =200 404.html; } }测试https
重载服务进行测试
[[email protected] ssl]# nginx -tnginx: the configuration file /etc/nginx/nginx.conf syntax is oknginx: configuration file /etc/nginx/nginx.conf test is successful[[email protected] ssl]# nginx -s reload未导入证书前
导入证书后,因为chrome自身问题认为证书不可靠,但是已经成功
实现URL Rewrite将不同浏览器的请求响应不同页面
URL重写的相关配置选项
语法:rewrite regex replacement flag;
例如: rewrite ^/images/(.*\.jpg)$ /img/abc/$1 break;
效果: http://www.anyisalin.com/images/1.jpg --> http://www.anyisalin.com/img/abc/1.jpg
flag: last: 被重写完后不会继续匹配下面的rewrite规则, 由User_agent重新发起对新URL的请求, 但是会重新匹配rewrite规则 break:被重写后不会继续匹配下面的rewrite规则, 由User_agent重新发起对新URL的请求, 但是不会继续匹配 redirect:以302(临时重定向)返回新的URL permanent:以301(永久重定向)返回新的URL分析日志查看相应用户代理的类型
针对用户代理URL Rewrite
修改location为如下配置
location / {root /htdocs/html;index index.html index.htm;error_page 404 =200 404.html;
if ($http_user_agent ~* Android) { #匹配到User_Agent包含Android跳转到/Moblie中 rewrite ^(.*)$ /Moblie/$1 break; }
if ($http_user_agent ~* Chrome) { #匹配到User_Agent包含chrome跳转到/Chrome中 rewrite ^(.*)$ /Chrome/$1 break; }
if ($http_user_agent ~* MSIE) { #匹配到User_Agent包含MSIE跳转到/IE中 rewrite ^(.*)$ /IE/$1 break; }
}创建对应的网页文件
[root@server1 /]# mkdir /htdocs/html/{Chrome,IE,Moblie}[root@server1 /]# echo "Welecom Moblie" > /htdocs/html/Moblie/index.html [root@server1 /]# echo "Welecom Chrome" > /htdocs/html/Chrome/index.html [root@server1 /]# echo "Welecom IE" > /htdocs/html/IE/index.html测试
手机
chrome
IE
转载请注明:linux运维部落 » Nginx专题: 从编译安装到URL重写
时间: 2024-10-28 22:18:21