积土成山，风雨兴焉；积水成渊，蛟龙生焉；积善成德，而神明自得，圣心备焉。故不积跬步，无以至千里，不积小流无以成江海。齐骥一跃，不能十步，驽马十驾，功不在舍。面对悬崖峭壁，一百年也看不出一条裂缝来，但用斧凿，能进一寸进一寸，能进一尺进一尺，不断积累，飞跃必来，突破随之。

目录

安装

sudo apt install nginx

查看安装路径：

whereis nginx

Nginx的配置文件默认放在：/etc/nginx 目录下。

我的安装路径：

nginx: /usr/sbin/nginx /usr/lib/nginx /etc/nginx /usr/share/nginx /usr/share/man/man8/nginx.8.gz

启动

找到自己安装的Nginx二进制文件的路径。（找到Nginx的二进制文件进行启动）

#检查 nginx.conf 配置文件是否有错
/usr/local/nginx/sbin/nginx -t
#nginx启动命令:
/usr/local/nginx/sbin/nginx
#指定配置文件启动
/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
#关闭命令:
/usr/local/nginx/sbin/nginx -s stop
#重启命令:
/usr/local/nginx/sbin/nginx -s reload

手动安装

手动安装：即将Nginx的安装包上传到服务器，然后再安装。那么，就需要一些其他的依赖。

在线安装

yum install pcre -y
yum install pcre-devel -y
yum install zlib -y
yum install zlib-devel -y
yum install openssl -y
yum install openssl-devel -y

然后再解压Nginx、再安装Nginx：

#解压
cd /usr/local
tar -zxvf nginx-1.16.0.tar.gz
#进行configure配置,查看是否报错
cd nginx-1.16.0/
./configure
#编译
make
#安装
make install
#在 /usr/local/nginx目录下,可以看到如下4个目录:
#conf配置文件,html网页文件,logs日志文件,sbin主要二进制程序

PS：如果出现这个错误：./configure: error: C compiler cc is not found，则执行这个命令：

yum -y install gcc gcc-c++ autoconf automake make

启动命令同上。

离线安装

安装pcre

tar -xvf pcre-8.43.tar.gz
cd pcre-8.43
./configure  
make
make install

安装openssl

tar -xvf openssl-1.0.2r.tar.gz
cd openssl-1.0.2r
./config
make
make install

安装zlib

tar -zxvf zlib-1.2.11.tar.gz
cd zlib-1.2.11
./configure
make
make install

安装Nginx

tar -zxvf nginx-1.16.0.tar.gz
cd nginx-1.16.0
./configure
make
make install

启动命令同上。

配置文件

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
	worker_connections 768;
	# multi_accept on;
}

http {

	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	# server_tokens off;

	# server_names_hash_bucket_size 64;
	# server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# SSL Settings
	##

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	##
	# Gzip Settings
	##

	gzip on;

	# gzip_vary on;
	# gzip_proxied any;
	# gzip_comp_level 6;
	# gzip_buffers 16 8k;
	# gzip_http_version 1.1;
	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

	##
	# Virtual Host Configs
	##

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;
}


#mail {
#	# See sample authentication script at:
#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
# 
#	# auth_http localhost/auth.php;
#	# pop3_capabilities "TOP" "USER";
#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
# 
#	server {
#		listen     localhost:110;
#		protocol   pop3;
#		proxy      on;
#	}
# 
#	server {
#		listen     localhost:143;
#		protocol   imap;
#		proxy      on;
#	}
#}

全局模块

user www-data;
worker_processes auto;
pid /run/nginx.pid;

• worker_processes：数值越大，Nginx的并发能力越强。但是，这是需要根据服务器的配置情况而定的，不能随意写！！！

event块

events {
	worker_connections 768;
	# multi_accept on;
}

• worker_connections：数值越大，Nginx的并发能力越强。同样的，是根据服务器配置来设置，不能随意写。

http块

该模块中最重要的就是server模块，因为这才是转发跳转的关键。

并且，一个server块里面可以写多个location。

http {

	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	# server_tokens off;

	# server_names_hash_bucket_size 64;
	# server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# SSL Settings
	##

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	##
	# Gzip Settings
	##

	gzip on;

	# gzip_vary on;
	# gzip_proxied any;
	# gzip_comp_level 6;
	# gzip_buffers 16 8k;
	# gzip_http_version 1.1;
	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

	##
	# Virtual Host Configs
	##

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;
}

• include：引入外部文件。
• include /etc/nginx/conf.d/*.conf;：引入了外部所有的conf文件。我们可以去该目录下查看一下。有的可能没有文件（比如我），那再去sites-enabled目录下看看，有一个default文件。打开后可以看见里面有一个server模块，如下。

##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#
server {
	listen 80 default_server;
	listen [::]:80 default_server;

	# SSL configuration
	#
	# listen 443 ssl default_server;
	# listen [::]:443 ssl default_server;
	#
	# Note: You should disable gzip for SSL traffic.
	# See: https://bugs.debian.org/773332
	#
	# Read up on ssl_ciphers to ensure a secure configuration.
	# See: https://bugs.debian.org/765782
	#
	# Self signed certs generated by the ssl-cert package
	# Don't use them in a production server!
	#
	# include snippets/snakeoil.conf;

	root /var/www/html;

	# Add index.php to the list if you are using PHP
	index index.html index.htm index.nginx-debian.html;

	server_name _;

	location / {
		# First attempt to serve request as file, then
		# as directory, then fall back to displaying a 404.
		try_files $uri $uri/ =404;
	}

	# pass PHP scripts to FastCGI server
	#
	#location ~ \.php$ {
	#	include snippets/fastcgi-php.conf;
	#
	#	# With php-fpm (or other unix sockets):
	#	fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
	#	# With php-cgi (or other tcp sockets):
	#	fastcgi_pass 127.0.0.1:9000;
	#}

	# deny access to .htaccess files, if Apache's document root
	# concurs with nginx's one
	#
	#location ~ /\.ht {
	#	deny all;
	#}
}


# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
#	listen 80;
#	listen [::]:80;
#
#	server_name example.com;
#
#	root /var/www/example.com;
#	index index.html;
#
#	location / {
#		try_files $uri $uri/ =404;
#	}
#}

在http模块中引入了该文件，所以相当于把server模块里面的内容都放在了http模块中，如下（去除了注释掉的部分）

http {


	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;


	include /etc/nginx/mime.types;
	default_type application/octet-stream;


	ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;


	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;


	gzip on;


    server {
    listen 80 default_server;
    listen [::]:80 default_server;
    
    root /var/www/html;

    index index.html index.htm index.nginx-debian.html;

    server_name _;

    location / {
      try_files $uri $uri/ =404;
    }

  }
}

这也是为什么默认在80端口可以看见Nginx的页面。

• listen：Nginx监听的端口号。
• server_name：代表Nginx接受请求的IP。
• root：将接收到的请求根据该值去查找静态资源。
• index：默认去上述（root）的路径中找到指定的文件。

反向代理示例

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
	worker_connections 768;
	# multi_accept on;
}

http { 
        
      server{
         listen 8081;
         server_name 110.119.120.123;
         location / {
           proxy_pass http://111.222.11.22:80/;
         }
      }




	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	# server_tokens off;

	# server_names_hash_bucket_size 64;
	# server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# SSL Settings
	##

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	##
	# Gzip Settings
	##

	gzip on;


	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;
}

请求访问：110.119.120.123:8081，会转发请求跳转到：111.222.11.22:80

location映射路径

精准匹配

等号（=）匹配

location = / {
	# 精准匹配，主机名后面不能带任何的字符串
	# 如：www.baidu.com 可以，但 www.baidu.com/xxx 就不行
}

示例：

server{
  listen 8081;
  server_name 110.119.120.123;
    location / {
    	proxy_pass http://111.222.11.22:80/;
    }
}

• 直接请求 110.119.120.123:8081 将被转发到 111.222.11.22:80。

通用匹配

就是文件默认的一种。

location /xxx {
	# 匹配所有以 /xxx 开头的路径
}

示例：

server{
  listen 8081;
  server_name 110.119.120.123;
    location /test {
    	proxy_pass http://111.222.11.22:80/;
    }
}

• 直接请求 110.119.120.123:8081/test 将被转发到 111.222.11.22:80。

正则匹配

和通用匹配一样的效果，但是优先级高于通用匹配。

location ~ /xxx {
	# 匹配所有以 /xxx 开头的路径
}

路径前缀匹配

优先级高于正则匹配。

location ^~ /xxx/ {
	# 匹配所有以 /xxx 开头的路径
}

示例

server{
  listen 8081;
  server_name 110.119.120.123;

  location /te {
  	proxy_pass http://111.222.11.22:80/nacos;
  }

  location ~ /te {
  	proxy_pass http://baidu.com;
  }

  location ^~ /te/ {
  	proxy_pass http://www.tothefor.com;
  }

}

访问 110.119.120.123:8081/te 转发到 www.tothefor.com/te/ 。

删除第三个，保留第一和第二个。访问 110.119.120.123:8081/te 转发到 baidu.com/search/error.html。

• 个人总结：也就是根据什么匹配，然后会代理到对应的服务，并且会带上请求的路径。

负载均衡

Nginx默认提供了三种负载均衡的策略：

• 轮训：将客户端发起的请求，平均分配给每一台服务器。
• 权重：将客户端发起的请求，根据服务器的权重不同，分配不同的数量。
• IP_Hash：基于发起请求的客户端的IP地址不同，始终将请求发送到指定的服务器上。

轮训

使用和之前差不多，只是在配置转发代理的时候，用了一个类似数组的东西，将所有的都放在了里面。每次请求就和每次访问数组中的一个元素一样，下标不同得到的数据就不同。这里在upstream中声明多个服务器，每次请求都会转发到其中一个上。

使用：

http {

	upstream myServer{
	  server ip:port;
	  server ip:port;
	  ...
	}

  server{
  listen 8081;
  server_name 110.119.120.123;

    location / {
      proxy_pass http://myServer;
    }
  }
}

示例：

http {

	upstream myServer{
	  server 111.111.111.11:8081;
	  server 222.222.222.22:8081;
	}

  server{
  listen 8081;
  server_name 110.119.120.123;

    location / {
      proxy_pass http://myServer;
    }
  }
}

访问 110.119.120.123:8081 会将请求转发到 111.111.111.11:8081;222.222.222.22:8081; 两台服务器上。每次访问的服务器一般不会相同，但是不一定。

权重

在轮训的基础上，加一点配置即可。如下：

weight：表示权重，值越大被转发到的几率越大。配置好的服务器就可以将权重设置大点。

http {

	upstream myServer{
	  server 111.111.111.11:8081 weight=10; # weight表示权重，越大被转发到的几率越大
	  server 222.222.222.22:8081 weight=5;
	}

  server{
  listen 8081;
  server_name 110.119.120.123;

    location / {
      proxy_pass http://myServer;
    }
  }
}

IP_Hash

在权重的基础上，再加一个配置即可，但此时已经和权重没有关系了。

http {

	upstream myServer{
	ip_hash; # 表示ip_hash
	  server 111.111.111.11:8081 weight=10; # weight表示权重，越大被转发到的几率越大
	  server 222.222.222.22:8081 weight=5;
	}

  server{
  listen 8081;
  server_name 110.119.120.123;

    location / {
      proxy_pass http://myServer;
    }
  }
}

动静分离

Nginx的并发能力： worker_processes * worker_connections / 4 | 2 = Nginx的并发能力。动态资源除以4，静态资源除以2。

动态资源代理

动态资源代理就和前面的使用一样。

location / {
	proxy_pass 路径;
}

静态资源代理

即放在Nginx服务器上的静态资源，如：html、css、图片等。

location / {
	root 静态资源路径;
	index 默认访问路径下的哪个资源;
	autoindex on; # 表示展示静态资源下的全部内容，以列表的形式展示在界面上
}