• Nginx之常用基本配置(一)



    [root@www ~]# rpm -ql nginx
    [root@www ~]# 

      提示:从上面的显示,我们大概可以了解到nginx的主配置文件是/etc/ngxin/ngxin.conf,nginx.conf.default是默认配置文件,从这个文件中我们可以了解到nginx的默认配置是怎么配置的;主程序是/usr/sbin/nginx,日志文件路径是/var/log/nginx,Unit File是nginx.service;/etc/nginx/fastcgi.conf和fastcgi_parems,这两个文件一个是fastcig协议的配置文件,一个是变量配置文件。了解了nginx 的程序环境,我们在来看看主配置文件内容

    [root@www ~]# cat /etc/nginx/nginx.conf
    # For more information on configuration, see:
    #   * Official English Documentation: http://nginx.org/en/docs/
    #   * Official Russian Documentation: http://nginx.org/ru/docs/
    user nginx;
    worker_processes auto;
    error_log /var/log/nginx/error.log;
    pid /run/nginx.pid;
    # Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
    include /usr/share/nginx/modules/*.conf;
    events {
        worker_connections 1024;
    http {
        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                          '$status $body_bytes_sent "$http_referer" '
                          '"$http_user_agent" "$http_x_forwarded_for"';
        access_log  /var/log/nginx/access.log  main;
        sendfile            on;
        tcp_nopush          on;
        tcp_nodelay         on;
        keepalive_timeout   65;
        types_hash_max_size 2048;
        include             /etc/nginx/mime.types;
        default_type        application/octet-stream;
        # Load modular configuration files from the /etc/nginx/conf.d directory.
        # See http://nginx.org/en/docs/ngx_core_module.html#include
        # for more information.
        include /etc/nginx/conf.d/*.conf;
        server {
            listen       80 default_server;
            listen       [::]:80 default_server;
            server_name  _;
            root         /usr/share/nginx/html;
            # Load configuration files for the default server block.
            include /etc/nginx/default.d/*.conf;
            location / {
            error_page 404 /404.html;
                location = /40x.html {
            error_page 500 502 503 504 /50x.html;
                location = /50x.html {
    # Settings for a TLS enabled server.
    #    server {
    #        listen       443 ssl http2 default_server;
    #        listen       [::]:443 ssl http2 default_server;
    #        server_name  _;
    #        root         /usr/share/nginx/html;
    #        ssl_certificate "/etc/pki/nginx/server.crt";
    #        ssl_certificate_key "/etc/pki/nginx/private/server.key";
    #        ssl_session_cache shared:SSL:1m;
    #        ssl_session_timeout  10m;
    #        ssl_ciphers HIGH:!aNULL:!MD5;
    #        ssl_prefer_server_ciphers on;
    #        # Load configuration files for the default server block.
    #        include /etc/nginx/default.d/*.conf;
    #        location / {
    #        }
    #        error_page 404 /404.html;
    #            location = /40x.html {
    #        }
    #        error_page 500 502 503 504 /50x.html;
    #            location = /50x.html {
    #        }
    #    }
    [root@www ~]# 



    [root@www ~]# head /etc/nginx/nginx.conf
      For more information on configuration, see:
    #   * Official English Documentation: http://nginx.org/en/docs/
    #   * Official Russian Documentation: http://nginx.org/ru/docs/
    user nginx;
    worker_processes auto;
    error_log /var/log/nginx/error.log;
    pid /run/nginx.pid;
    # Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
    [root@www ~]# ps aux |grep nginx
    root       1425  0.0  0.0 120832  2244 ?        Ss   19:49   0:00 nginx: master process nginx
    nginx      1426  0.0  0.0 121228  3132 ?        S    19:49   0:00 nginx: worker process
    nginx      1427  0.0  0.0 121228  3132 ?        S    19:49   0:00 nginx: worker process
    nginx      1428  0.0  0.0 121228  3132 ?        S    19:49   0:00 nginx: worker process
    nginx      1429  0.0  0.0 121228  3132 ?        S    19:49   0:00 nginx: worker process
    root       1439  0.0  0.0 112660   968 pts/0    S+   19:51   0:00 grep --color=auto nginx
    [root@www ~]#


      worker_processes :指定worker进程的数量,一般是和运行nginx主机的CUP核心数来定,一般都是小于或者等于物理cpu核心数,auto表示自动去匹配cup核心数来启动worker进程数量

    [root@www ~]# lscpu 
    Architecture:          x86_64
    CPU op-mode(s):        32-bit, 64-bit
    Byte Order:            Little Endian
    CPU(s):                4
    On-line CPU(s) list:   0-3
    Thread(s) per core:    1
    Core(s) per socket:    2
    Socket(s):             2
    NUMA node(s):          1
    Vendor ID:             GenuineIntel
    CPU family:            6
    Model:                 158
    Model name:            Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz
    Stepping:              9
    CPU MHz:               3599.644
    CPU max MHz:           0.0000
    CPU min MHz:           0.0000
    BogoMIPS:              7200.06
    Hypervisor vendor:     VMware
    Virtualization type:   full
    L1d cache:             32K
    L1i cache:             32K
    L2 cache:              256K
    L3 cache:              8192K
    NUMA node0 CPU(s):     0-3
    Flags:                 fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts nopl xtopology tsc_reliable nonstop_tsc aperfmperf eagerfpu pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 invpcid rtm rdseed adx smap xsaveopt xsavec xgetbv1 dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp
    [root@www ~]# ps aux |grep nginx
    root       1425  0.0  0.1 121500  5272 ?        Ss   19:49   0:00 nginx: master process nginx
    nginx      1453  0.0  0.0 121748  3668 ?        S    19:56   0:00 nginx: worker process
    nginx      1454  0.0  0.0 121748  3668 ?        S    19:56   0:00 nginx: worker process
    nginx      1455  0.0  0.0 121748  3668 ?        S    19:56   0:00 nginx: worker process
    nginx      1456  0.0  0.0 121748  3668 ?        S    19:56   0:00 nginx: worker process
    root       1465  0.0  0.0 112660   972 pts/0    S+   19:57   0:00 grep --color=auto nginx
    [root@www ~]# 


    [root@www ~]# ll /var/log/nginx/error.log 
    -rw-r--r-- 1 root root 120 Feb 27 19:56 /var/log/nginx/error.log
    [root@www ~]# cat /var/log/nginx/error.log
    2020/02/27 19:52:18 [notice] 1442#0: signal process started
    2020/02/27 19:56:47 [notice] 1452#0: signal process started
    [root@www ~]# 


    [root@www ~]# ps aux |grep nginx
    root       1567  0.0  0.0 120832  2248 ?        Ss   20:05   0:00 nginx: master process /usr/sbin/nginx
    nginx      1568  0.0  0.0 121228  3336 ?        S    20:05   0:00 nginx: worker process
    nginx      1569  0.0  0.0 121228  3336 ?        S    20:05   0:00 nginx: worker process
    nginx      1570  0.0  0.0 121228  3336 ?        S    20:05   0:00 nginx: worker process
    nginx      1571  0.0  0.0 121228  3136 ?        S    20:05   0:00 nginx: worker process
    root       1574  0.0  0.0 112660   972 pts/0    S+   20:05   0:00 grep --color=auto nginx
    [root@www ~]# ll /var/run/nginx.pid 
    -rw-r--r-- 1 root root 5 Feb 27 20:05 /var/run/nginx.pid
    [root@www ~]# nginx -s stop
    [root@www ~]# ll /var/run/nginx.pid 
    ls: cannot access /var/run/nginx.pid: No such file or directory
    [root@www ~]# 

      提示:pid文件就是存放nginx主控进程的进程号的,如果nginx没有运行或者停止了服务,那么pid文件也会跟着消失;这里提示一下在centos7上/var/run 和/run是同一文件夹 ,它俩做的是硬链接

    [root@www ~]# ll -id /var/run/
    1150 drwxr-xr-x 22 root root 620 Feb 27 20:07 /var/run/
    [root@www ~]# ll -id /run
    1150 drwxr-xr-x 22 root root 620 Feb 27 20:07 /run
    [root@www ~]# 




      worker_connections :每个worker进程所能够打开的最大并发连接数;

      use method:指定并发请求的处理方法;如use epoll;

      accept_mutex on|off:处理新的连接请求的方法;on表示各worker进程轮流处理新请求,off表示每来一个新请求就会通知所有的worker进程


      worker_cpu_affinity cpumask:手动或自动绑定cpu,默认情况下是没有绑定cpu的,这意味着worker进程会在每个CPU上来会调度的,这样一来在cpu就存在频繁的切换,影响性能;我们可以手动把每个进程绑定到不同的CPU上。禁止worker进程在每个CPU上来回切换


      提示:在没有绑定cpu时,我们对nginx worker进程发起并发连接请求,可以看到4个worker进程在不同的CUP上来回切换,很显然这无疑在给系统多余的开销,我们可以绑定nginx 的worker线程。

    [root@www ~]# grep worker_cpu /etc/nginx/nginx.conf
    worker_cpu_affinity 0001 0010 0100 1000;
    [root@www ~]# nginx -t
    nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
    nginx: configuration file /etc/nginx/nginx.conf test is successful
    [root@www ~]# nginx -s reload
    [root@www ~]# 


      提示:绑定cpu我们也可以直接使用worker_cpu_affinity auto;来指定,让其自动绑定到每个cpu核心上去

       worker_priority number:指定worker进程的nice值,设定worker进程优先级;[-20,19]

    [root@www ~]# grep "worker_priority" /etc/nginx/nginx.conf
    worker_priority -5;
    [root@www ~]# nginx -t
    nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
    nginx: configuration file /etc/nginx/nginx.conf test is successful
    [root@www ~]# nginx -s reload                             
    [root@www ~]# ps axo comm,pid,nice,psr|grep nginx
    nginx             2583   0   0
    nginx            31567  -5   0
    nginx            31568  -5   1
    nginx            31569  -5   2
    nginx            31570  -5   3
    [root@www ~]# 




      server:这个指令表示定义个虚拟主机类似httpd里的virtualhost,这也是一个http里的一个子配置段,里面有server_name指令 root等等



        root:设置web资源路径映射;用于指明用户请求的url所对应的本地文件系统上的文档所在目录路径;可用的位置:http, server, location, if in location;


          listen address[:port] [default_server] [ssl] [http2 | spdy]  [backlog=number] [rcvbuf=size] [sndbuf=size]






    [root@www ~]# echo "this is default path " > /usr/share/nginx/html/test.html
    [root@www ~]# cat /usr/share/nginx/html/test.html
    this is default path 
    [root@www ~]# curl http://www.ilinux.io/test.html
    this is default path 
    [root@www ~]# 

        tcp_nodelay on|off :在keepalived模式下的连接是否启用TCP_NODELAY选项;

        tcp_nopush on|off:在sendfile模式下,是否启用TCP_CORK选项;

        sendfile on|off:是否启用sendfile功能;



        语法:location [ = | ~ | ~* | ^~ ] uri { ... }






          匹配优先级:=, ^~, ~/~*,不带符号;


    location = / {
        [ configuration A ]
    location / {
        [ configuration B ]
    location /documents/ {
        [ configuration C ]
    location ^~ /images/ {
        [ configuration D ]
    location ~* .(gif|jpg|jpeg)$ {
        [ configuration E ]

      说明:如果是用户请求uri是/ 那么在以上location中将匹配到A,如果是/index 将匹配到B,如果是/documents/index将匹配到C,如果是/images/1.jpg将匹配到D和E,但是D的优先级高于E,所有应用D的配置,如果是/document/1.jpg将匹配到C和E,但是E的优先级高于C,所以会应用E的配置;

      alias path:定义资源路径别名,仅用于location中;它和root定义资源路径不同的是,root定义的资源路径应用在/uri/左侧的'/',而alias定义的资源路径应用在/uri/的右侧'/';


    [root@www ~]# cat /etc/nginx/conf.d/test.conf
    server {
            listen 80;
            server_name www.ilinux.io;
            location  /test/ {
                    root /data/web/html/;
                    allow all;
    [root@www ~]# cat /data/web/html/index.html 
    this is /data/web/html/index.html
    [root@www ~]# cat /data/web/html/index.html 
    this is /data/web/html/index.html
    [root@www ~]# nginx -t
    nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
    nginx: configuration file /etc/nginx/nginx.conf test is successful
    [root@www ~]# nginx -s reload
    [root@www ~]# curl http://www.ilinux.io/test/index.html
    this is /data/web/html/test/index.html
    [root@www ~]# 

      提示:我们用root来指定资源路径时,我们访问/test/.index.html 它返回的是/data/web/html/test/index.html,就相当于把location左侧的“/”更换成root定义的路径,用户访问资源的真实路径就是/data/web/html/test/index.html;换句话讲,root指定资源路径,匹配用户URI最左侧“/”,真实路径是root指定的路径+用户URI(不带左侧"/")

    [root@www ~]# cat /etc/nginx/conf.d/test.conf 
    server {
            listen 80;
            server_name www.ilinux.io;
            location  /test/ {
                    alias /data/web/html/;
                    allow all;
    [root@www ~]# cat /data/web/html/index.html 
    this is /data/web/html/index.html
    [root@www ~]# cat /data/web/html/test/index.html 
    this is /data/web/html/test/index.html
    [root@www ~]# nginx -t
    nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
    nginx: configuration file /etc/nginx/nginx.conf test is successful
    [root@www ~]# nginx -s reload
    [root@www ~]# curl http://www.ilinux.io/test/index.html
    this is /data/web/html/index.html
    [root@www ~]# 

      提示:用alias 指定资源路径时,我们访问/test/index.html,它返回/data/web/html/index.html,相当于alias 指定的资源路径覆盖了用户请求的URI最右侧的“/”,换句话说用户URI最右侧的“/”就是alias所指定的资源路径,用户访问/test/index.html 就相当于访问/data/web/html/index.html;这里还需要注意一点的是 alias 指定资源路径时,必须是“/”结尾,如果不以“/”结尾,资源将无法找到;对于root来讲是不是“/”结尾这个无要求;

      index file:指定默认主页,可配置在http, server, location;


    [root@www html]# cat /etc/nginx/conf.d/test.conf 
    server {
            listen 80;
            server_name www.ilinux.io;
            location  /test/ {
                    alias /data/web/html/;
                    index test.html;
                    allow all;
    [root@www html]# nginx -t
    nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
    nginx: configuration file /etc/nginx/nginx.conf test is successful
    [root@www html]# nginx -s reload
    [root@www html]# curl http://www.ilinux.io/test/
    <head><title>403 Forbidden</title></head>
    <center><h1>403 Forbidden</h1></center>
    [root@www html]# echo "this is default page" > /data/web/html/test.html
    [root@www html]# curl http://www.ilinux.io/test/                       
    this is default page
    [root@www html]# 

      error_page code ... [=[response]] uri:指定错误页面,匹配指定的状态码,返回指定的URL


    [root@www html]# cat /etc/nginx/conf.d/test.conf
    server {
            listen 80;
            server_name www.ilinux.io;
            location  /test/ {
                    alias /data/web/html/;
                    index test.html;
                    allow all;
            error_page 404 403 /error.html;
            location /error.html {
                    root /data/web/html/error;
    [root@www html]# nginx -t
    nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
    nginx: configuration file /etc/nginx/nginx.conf test is successful
    [root@www html]# nginx -s reload
    [root@www html]# mkdir /data/web/html/error/
    [root@www html]# echo "error page" > /data/web/html/error/error.html
    [root@www html]# curl http://www.ilinux.io/abc/
    error page
    [root@www html]# 


