`
lobin
  • 浏览: 427635 次
  • 性别: Icon_minigender_1
  • 来自: 上海
社区版块
存档分类
最新评论

nginx

 
阅读更多

 

安装

# ./configure --prefix=/usr/local/nginx-1.19.3 

./configure: error: the HTTP rewrite module requires the PCRE library.

You can either disable the module by using --without-http_rewrite_module

option, or install the PCRE library into the system, or build the PCRE library

statically from the source with nginx by using --with-pcre=<path> option.

 

# yum install -y pcre pcre-devel

# ./configure --prefix=/usr/local/nginx-1.19.3 

安装SSL模块

# ./configure --with-http_ssl_module --prefix=/usr/local/nginx-1.19.3

 

确认安装了OpenSSL

# openssl version

OpenSSL 1.0.1e-fips 11 Feb 2013

 

# make

# make install

 

写道
├── conf
│   ├── fastcgi.conf
│   ├── fastcgi.conf.default
│   ├── fastcgi_params
│   ├── fastcgi_params.default
│   ├── koi-utf
│   ├── koi-win
│   ├── mime.types
│   ├── mime.types.default
│   ├── nginx.conf
│   ├── nginx.conf.default
│   ├── scgi_params
│   ├── scgi_params.default
│   ├── uwsgi_params
│   ├── uwsgi_params.default
│   └── win-utf
├── html
│   ├── 50x.html
│   └── index.html
├── logs
└── sbin
└── nginx

 

配置

配置文件

nginx.conf

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    server {
        listen       80;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            root   html;
            index  index.html index.htm;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}
}

负载均衡配置

 

upstream

写道
Syntax: upstream name { ... }
Default: —
Context: http

 

默认采用基于权重的轮训负载均衡策略。

写道
By default, requests are distributed between the servers using a weighted round-robin balancing method.

 

写道
Syntax: server address [parameters];
Default: —
Context: upstream

 

写道
The following parameters can be defined:

weight=number
sets the weight of the server, by default, 1.

max_conns=number
limits the maximum number of simultaneous active connections to the proxied server (1.11.5). Default value is zero, meaning there is no limit. If the server group does not reside in the shared memory, the limitation works per each worker process.

If idle keepalive connections, multiple workers, and the shared memory are enabled, the total number of active and idle connections to the proxied server may exceed the max_conns value.

Since version 1.5.9 and prior to version 1.11.5, this parameter was available as part of our commercial subscription.

max_fails=number
sets the number of unsuccessful attempts to communicate with the server that should happen in the duration set by the fail_timeout parameter to consider the server unavailable for a duration also set by the fail_timeout parameter. By default, the number of unsuccessful attempts is set to 1. The zero value disables the accounting of attempts. What is considered an unsuccessful attempt is defined by the proxy_next_upstream, fastcgi_next_upstream, uwsgi_next_upstream, scgi_next_upstream, memcached_next_upstream, and grpc_next_upstream directives.

fail_timeout=time
sets
1. the time during which the specified number of unsuccessful attempts to communicate with the server should happen to consider the server unavailable;
2. and the period of time the server will be considered unavailable.

By default, the parameter is set to 10 seconds.

backup
marks the server as a backup server. It will be passed requests when the primary servers are unavailable.

The parameter cannot be used along with the hash, ip_hash, and random load balancing methods.

down
marks the server as permanently unavailable.

 

写道
Additionally, the following parameters are available as part of our commercial subscription:

resolve
monitors changes of the IP addresses that correspond to a domain name of the server, and automatically modifies the upstream configuration without the need of restarting nginx (1.5.12). The server group must reside in the shared memory.
In order for this parameter to work, the resolver directive must be specified in the http block or in the corresponding upstream block.

route=string
sets the server route name.

service=name
enables resolving of DNS SRV records and sets the service name (1.9.13). In order for this parameter to work, it is necessary to specify the resolve parameter for the server and specify a hostname without a port number.
If the service name does not contain a dot (“.”), then the RFC-compliant name is constructed and the TCP protocol is added to the service prefix. For example, to look up the _http._tcp.backend.example.com SRV record, it is necessary to specify the directive:

server backend.example.com service=http resolve;

If the service name contains one or more dots, then the name is constructed by joining the service prefix and the server name. For example, to look up the _http._tcp.backend.example.com and server1.backend.example.com SRV records, it is necessary to specify the directives:

server backend.example.com service=_http._tcp resolve;
server example.com service=server1.backend resolve;

Highest-priority SRV records (records with the same lowest-number priority value) are resolved as primary servers, the rest of SRV records are resolved as backup servers. If the backup parameter is specified for the server, high-priority SRV records are resolved as backup servers, the rest of SRV records are ignored.

slow_start=time
sets the time during which the server will recover its weight from zero to a nominal value, when unhealthy server becomes healthy, or when the server becomes available after a period of time it was considered unavailable. Default value is zero, i.e. slow start is disabled.

The parameter cannot be used along with the hash, ip_hash, and random load balancing methods.

drain
puts the server into the “draining” mode (1.13.6). In this mode, only requests bound to the server will be proxied to it.

Prior to version 1.13.6, the parameter could be changed only with the API module.

If there is only a single server in a group, max_fails, fail_timeout and slow_start parameters are ignored, and such a server will never be considered unavailable.

 

upstream backend {
    server 192.168.0.102:8081;
    server 192.168.0.102:8082;
    server 192.168.0.102:8083;
}

location / {
    proxy_pass http://backend;
}

负载均衡策略

写道
Syntax: hash key [consistent];
Default: —
Context: upstream
This directive appeared in version 1.7.2.

 

写道
Syntax: ip_hash;
Default: —
Context: upstream

 

写道
Syntax: least_conn;
Default: —
Context: upstream
This directive appeared in versions 1.3.1 and 1.2.2.

 

写道
Syntax: least_time header | last_byte [inflight];
Default: —
Context: upstream
This directive appeared in version 1.7.10.

 

写道
Syntax: random [two [method]];
Default: —
Context: upstream
This directive appeared in version 1.15.1.

 

可选参数

method

默认为least_conn。社区版本只支持least_conn,商业版本还支持least_time。

 

upstream order.com {
    random;
    server 192.168.0.102:8081;
    server 192.168.0.102:8082;
    server 192.168.0.102:8083;
}

location / {
    proxy_pass http://order.com;
}

 

 

upstream m.order.com {
    random two;
    server 192.168.0.102:8081;
    server 192.168.0.102:8082;
    server 192.168.0.102:8083;
}

location / {
    proxy_pass http://m.order.com;
}

等同于

upstream m.order.com {
    random two least_conn;
    server 192.168.0.102:8081;
    server 192.168.0.102:8082;
    server 192.168.0.102:8083;
}

location / {
    proxy_pass http://m.order.com;
}

 

访问日志配置

默认情况下,nginx将日志记录到logs/access.log中,记录格式:combined。默认访问日志配置等同于如下配置:

access_log  logs/access.log  combined;

 

自定义访问日志文件

access_log  /var/logs/nginx/access.log

 

自定义访问日志格式

通过log_format自定义访问日志格式

如默认的访问日志格式combined的格式:

log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '

                      '$status $body_bytes_sent "$http_referer" '

                      '"$http_user_agent"';

 

log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '

                      '$status $body_bytes_sent "$http_referer" '

                      '"$http_user_agent" "$http_x_forwarded_for"';

 

access_log  logs/access.log  main;

 

[root@localhost nginx-1.19.3]# tail -f logs/access.log 

192.168.0.109 - - [08/Nov/2020:00:32:22 +0800] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36" "-"

192.168.0.109 - - [08/Nov/2020:00:32:23 +0800] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36" "-"

192.168.0.109 - - [08/Nov/2020:00:32:23 +0800] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36" "-"

 

# ./nginx -V

nginx version: nginx/1.19.3

built by gcc 4.4.7 20120313 (Red Hat 4.4.7-23) (GCC) 

configure arguments: --prefix=/usr/local/nginx-1.19.3

 

安装了SSL模块

# ./nginx -V

nginx version: nginx/1.19.3

built by gcc 4.4.7 20120313 (Red Hat 4.4.7-23) (GCC) 

built with OpenSSL 1.0.1e-fips 11 Feb 2013

TLS SNI support enabled

configure arguments: --with-http_ssl_module --prefix=/usr/local/nginx-1.19.3

 

# nginx

 

# ps -ef | grep nginx

root      6290     1  1 12:17 ?        00:00:00 nginx: master process nginx

nobody    6291  6290  0 12:17 ?        00:00:00 nginx: worker process

 

# tail -f logs/access.log 

192.168.0.109 - - [07/Nov/2020:23:50:55 +0800] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36"

192.168.0.109 - - [07/Nov/2020:23:50:55 +0800] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36"

192.168.0.109 - - [07/Nov/2020:23:50:55 +0800] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36"

 

写道
NGINX writes information about client requests in the access log right after the request is processed. By default, the access log is located at logs/access.log, and the information is written to the log in the predefined combined format.

 

# tail -f logs/error.log 

2020/10/18 16:45:11 [error] 21936#0: *1 open() "/usr/local/nginx-1.19.3/html/favicon.ico" failed (2: No such file or directory), client: 192.168.0.109, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "192.168.0.102", referrer: "http://192.168.0.102/"

 

写道
NGINX writes information about encountered issues of different severity levels to the error log. The error_log directive sets up logging to a particular file, stderr, or syslog and specifies the minimal severity level of messages to log. By default, the error log is located at logs/error.log (the absolute path depends on the operating system and installation), and messages from all severity levels above the one specified are logged.

 

配置https模块

# openssl genrsa -idea -out nginx.key 1024

Generating RSA private key, 1024 bit long modulus

..................................++++++

.....++++++

e is 65537 (0x10001)

Enter pass phrase for nginx.key:

Verifying - Enter pass phrase for nginx.key:

密码为123456

 

写道
# cat ../cert/nginx.key
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: IDEA-CBC,DBD65C6553A3BBBA

vsfcFOj1ke+ub9qm7IVvWFIdGjb0vrJ9Rscc1Cr4vJoQRjkqAVuKHVPJaQI7K0uJ
sRoWl9C6IIj3jRGrmeJs0lNHVGfBpFqL2O/vImsNPVW/IIrG79yI4UJrEgTIlzwu
ara6w5irL46zk8ECLHiGfeTbQaIoNjemNoVPkx2i3yW6tPQi4+XVbawiSZqWXrw5
k0lgqEMtvJhd+8F7P/WTVVi+1AHYh9qZIus3C4RLOoR6yY5z1H4x/PQcpESDnNei
YQ5PdMya/Rg+Rd99nTwEZ+XhCqWVNE2/qhDju5/T6RmzPqSGvAktFJrRLzgPRlr7
LNmtZ50L9Eo2mO0Quunv7Rca0uKmZtot7dV3YWyVCLRyIaXBy11cXB+rgzNb2/7N
xpYOepTbckC/YY3ZXm6IkSdQlqCsmUwGinFztFNByhKPAk3xH5EfBeEfafE/0uO9
49Xtnk83ROTaayOUqV8eKAHOEz6jsPGQ8ooziBmYi5Lpv9HnevS3QHmwwnehMTIY
iZ2dYH94pHwDTlTyyX0Zk/CUNz/I9ukyUZ6NNPxmcNtO6PvyUJBw+ubQ4WudZlV/
rQFJD5PpB8D9cY7hZ4tHMQyFTqvoIZIIDF+e5s2HGXkc9vaNj7D2dhXgJ0PLdLbs
zFiuzUSyB0WPh57rcvV3Pvee/eNIUmsmYzXpzri3QCdU5o/cVUS9jtohrsFHeR+i
KOfmFISExkL/Bh+uuNcFxXFiECVTWUmcmjW3XjLDr4sPyDWTXpj9q9sNyij8qDHp
7j6yq3fz9+MvdouU6m4dO1RwzVQz4n1T5Z9ar3Spi73BclpYs/IBPg==
-----END RSA PRIVATE KEY-----

 

# openssl req -new -key nginx.key -out nginx.csr

Enter pass phrase for nginx.key:

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:cn

State or Province Name (full name) []:sh

Locality Name (eg, city) [Default City]:sh

Organization Name (eg, company) [Default Company Ltd]:

Organizational Unit Name (eg, section) []:

Common Name (eg, your name or your server's hostname) []:

Email Address []:

 

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:123456

An optional company name []:

 

写道
# cat ../cert/nginx.csr
-----BEGIN CERTIFICATE REQUEST-----
MIIBnDCCAQUCAQAwRTELMAkGA1UEBhMCY24xCzAJBgNVBAgMAnNoMQswCQYDVQQH
DAJzaDEcMBoGA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDCBnzANBgkqhkiG9w0B
AQEFAAOBjQAwgYkCgYEAxm8nHANqDt6lpsWxBslUgNENaqmEh9lJ9lqHg1tput8b
zKAd8DjPbMGRO2uMobcv1iFp5jxqBx6RnazU8EoHriKNoSqqKRMJh/lzRxj9UUG1
MV6Kkzc6z0C9XdZ7cymztO2rTaHOdfRhdHp8nmdUkeLonotqad8LStJMzsiXvGMC
AwEAAaAXMBUGCSqGSIb3DQEJBzEIDAYxMjM0NTYwDQYJKoZIhvcNAQEFBQADgYEA
C5uQ7ni3zYJAN1Owis4npoSTUwbnk2NtX1kOIe/kJV0MwPxr249E7D7bGojwgJWK
5yclYia7aH5na/aZyTFI8Y+cd/M48c0+Hef5rc/8jjij3Wh/lD183bW8OJvc2oVf
ZTH/EUjAvQlyM1b26x9UFhBk1zILWcR2HwH5DfmynuQ=
-----END CERTIFICATE REQUEST-----

 

# openssl x509 -req -days 3650 -in nginx.csr -signkey nginx.key -out nginx.crt

Signature ok

subject=/C=cn/ST=sh/L=sh/O=Default Company Ltd

Getting Private key

Enter pass phrase for nginx.key:

写道
# cat ../cert/nginx.crt
-----BEGIN CERTIFICATE-----
MIICATCCAWoCCQCulbkjPHscmjANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJj
bjELMAkGA1UECAwCc2gxCzAJBgNVBAcMAnNoMRwwGgYDVQQKDBNEZWZhdWx0IENv
bXBhbnkgTHRkMB4XDTIwMTAxODA4NDEzNFoXDTMwMTAxNjA4NDEzNFowRTELMAkG
A1UEBhMCY24xCzAJBgNVBAgMAnNoMQswCQYDVQQHDAJzaDEcMBoGA1UECgwTRGVm
YXVsdCBDb21wYW55IEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxm8n
HANqDt6lpsWxBslUgNENaqmEh9lJ9lqHg1tput8bzKAd8DjPbMGRO2uMobcv1iFp
5jxqBx6RnazU8EoHriKNoSqqKRMJh/lzRxj9UUG1MV6Kkzc6z0C9XdZ7cymztO2r
TaHOdfRhdHp8nmdUkeLonotqad8LStJMzsiXvGMCAwEAATANBgkqhkiG9w0BAQUF
AAOBgQBMb0oFBPN3GM5BpyMW/71lXjHkIESiAW0gQ4JWmi68pU3GVSNyU64oV8Lv
VuW6nqhoMiB8oSiFeNhKN3DOozwFnqJ4tHwkyyfwh5XveZELsQ9zepw4t51+1ayz
BMCx3kpH7BFwPHW1ZROVGVEPn6L1l0btPvaMJkzmqgWXn6Skuw==
-----END CERTIFICATE-----

 

 

# ll

total 5580

-rwxr-xr-x. 1 root root 5699297 Oct 18 16:33 nginx

-rw-r--r--. 1 root root     757 Oct 18 16:41 nginx.crt

-rw-r--r--. 1 root root     635 Oct 18 16:40 nginx.csr

-rw-r--r--. 1 root root     959 Oct 18 16:36 nginx.key

 

写道
# HTTPS server
#
server {
listen 443 ssl;
server_name localhost;

ssl_certificate ../cert/nginx.crt;
ssl_certificate_key ../cert/nginx.key;

ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;


location / {
root html;
index index.html index.htm;
}
}

 

# ./nginx -t -c /usr/local/nginx-1.19.3/conf/nginx.conf

Enter PEM pass phrase:

nginx: the configuration file /usr/local/nginx-1.19.3/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx-1.19.3/conf/nginx.conf test is successful

这里需要输入刚才的密码

 

# ./nginx -s reload 

Enter PEM pass phrase:

这里需要输入刚才的密码

 

重启

# ./nginx

Enter PEM pass phrase:

这里需要输入刚才的密码

 

开启443端口

# cat /etc/sysconfig/iptables

-A INPUT -p tcp --dport 443 -j ACCEPT

# service iptables restart

 

写道
# curl https://192.168.0.102
curl: (60) Peer certificate cannot be authenticated with known CA certificates
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.

 

写道
# curl --insecure https://192.168.0.102
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

 

 

nginx rewrite

Syntax: Default: Context:
rewrite regex replacement [flag];
serverlocationif
写道
If the specified regular expression matches a request URI, URI is changed as specified in the replacement string. The rewrite directives are executed sequentially in order of their appearance in the configuration file. It is possible to terminate further processing of the directives using flags. If a replacement string starts with “http://” or “https://”, the processing stops and the redirect is returned to a client.
An optional flag parameter can be one of:
last
stops processing the current set of ngx_http_rewrite_module directives and starts a search for a new location matching the changed URI;
break
stops processing the current set of ngx_http_rewrite_module directives as with the breakdirective;
redirect
returns a temporary redirect with the 302 code; used if a replacement string does not start with “http://” or “https://”;
permanent
returns a permanent redirect with the 301 code.
The full redirect URL is formed according to the request scheme ($scheme) and theserver_name_in_redirect and port_in_redirect directives.

 

Example:

server {
    ...
    rewrite ^(/download/.*)/media/(.*)\..*$ $1/mp3/$2.mp3 last;
    rewrite ^(/download/.*)/audio/(.*)\..*$ $1/mp3/$2.ra  last;
    return  403;
    ...
}

 

写道
But if these directives are put inside the “/download/” location, the last flag should be replaced by break, or otherwise nginx will make 10 cycles and return the 500 error:

 

location /download/ {
    rewrite ^(/download/.*)/media/(.*)\..*$ $1/mp3/$2.mp3 break;
    rewrite ^(/download/.*)/audio/(.*)\..*$ $1/mp3/$2.ra  break;
    return  403;
}

 

写道
If a replacement string includes the new request arguments, the previous request arguments are appended after them. If this is undesired, putting a question mark at the end of a replacement string avoids having them appended, for example:

 

rewrite ^/users/(.*)$ /show?user=$1? last;

 

写道
If a regular expression includes the “}” or “;” characters, the whole expressions should be enclosed in single or double quotes.

 

 

源代码

ngx_auto_config.h

配置头文件,源代码中没有这个文件。这个文件在./configure的时候自动生成。

#define NGX_CONFIGURE " --prefix=/usr/local/nginx-1.19.3-dev"

#ifndef NGX_COMPILER
#define NGX_COMPILER  "gcc 4.4.7 20120313 (Red Hat 4.4.7-23) (GCC) "
#endif


#ifndef NGX_HAVE_GCC_ATOMIC
#define NGX_HAVE_GCC_ATOMIC  1
#endif


#ifndef NGX_HAVE_C99_VARIADIC_MACROS
#define NGX_HAVE_C99_VARIADIC_MACROS  1
#endif


#ifndef NGX_HAVE_GCC_VARIADIC_MACROS
#define NGX_HAVE_GCC_VARIADIC_MACROS  1
#endif


#ifndef NGX_HAVE_GCC_BSWAP64
#define NGX_HAVE_GCC_BSWAP64  1
#endif


#ifndef NGX_HAVE_EPOLL
#define NGX_HAVE_EPOLL  1
#endif


#ifndef NGX_HAVE_CLEAR_EVENT
#define NGX_HAVE_CLEAR_EVENT  1
#endif


#ifndef NGX_HAVE_EPOLLRDHUP
#define NGX_HAVE_EPOLLRDHUP  1
#endif


#ifndef NGX_HAVE_SENDFILE
#define NGX_HAVE_SENDFILE  1
#endif


#ifndef NGX_HAVE_SENDFILE64
#define NGX_HAVE_SENDFILE64  1
#endif


#ifndef NGX_HAVE_PR_SET_DUMPABLE
#define NGX_HAVE_PR_SET_DUMPABLE  1
#endif


#ifndef NGX_HAVE_PR_SET_KEEPCAPS
#define NGX_HAVE_PR_SET_KEEPCAPS  1
#endif


#ifndef NGX_HAVE_CAPABILITIES
#define NGX_HAVE_CAPABILITIES  1
#endif


#ifndef NGX_HAVE_GNU_CRYPT_R
#define NGX_HAVE_GNU_CRYPT_R  1
#endif


#ifndef NGX_HAVE_NONALIGNED
#define NGX_HAVE_NONALIGNED  1
#endif


#ifndef NGX_CPU_CACHE_LINE
#define NGX_CPU_CACHE_LINE  32
#endif


#define NGX_KQUEUE_UDATA_T  (void *)


#ifndef NGX_HAVE_POSIX_FADVISE
#define NGX_HAVE_POSIX_FADVISE  1
#endif


#ifndef NGX_HAVE_O_DIRECT
#define NGX_HAVE_O_DIRECT  1
#endif


#ifndef NGX_HAVE_ALIGNED_DIRECTIO
#define NGX_HAVE_ALIGNED_DIRECTIO  1
#endif


#ifndef NGX_HAVE_STATFS
#define NGX_HAVE_STATFS  1
#endif


#ifndef NGX_HAVE_STATVFS
#define NGX_HAVE_STATVFS  1
#endif


#ifndef NGX_HAVE_DLOPEN
#define NGX_HAVE_DLOPEN  1
#endif


#ifndef NGX_HAVE_SCHED_YIELD
#define NGX_HAVE_SCHED_YIELD  1
#endif


#ifndef NGX_HAVE_SCHED_SETAFFINITY
#define NGX_HAVE_SCHED_SETAFFINITY  1
#endif


#ifndef NGX_HAVE_REUSEPORT
#define NGX_HAVE_REUSEPORT  1
#endif


#ifndef NGX_HAVE_TRANSPARENT_PROXY
#define NGX_HAVE_TRANSPARENT_PROXY  1
#endif


#ifndef NGX_HAVE_IP_PKTINFO
#define NGX_HAVE_IP_PKTINFO  1
#endif


#ifndef NGX_HAVE_IPV6_RECVPKTINFO
#define NGX_HAVE_IPV6_RECVPKTINFO  1
#endif


#ifndef NGX_HAVE_DEFERRED_ACCEPT
#define NGX_HAVE_DEFERRED_ACCEPT  1
#endif


#ifndef NGX_HAVE_KEEPALIVE_TUNABLE
#define NGX_HAVE_KEEPALIVE_TUNABLE  1
#endif


#ifndef NGX_HAVE_TCP_INFO
#define NGX_HAVE_TCP_INFO  1
#endif


#ifndef NGX_HAVE_ACCEPT4
#define NGX_HAVE_ACCEPT4  1
#endif


#ifndef NGX_HAVE_EVENTFD
#define NGX_HAVE_EVENTFD  1
#endif


#ifndef NGX_HAVE_SYS_EVENTFD_H
#define NGX_HAVE_SYS_EVENTFD_H  1
#endif


#ifndef NGX_HAVE_UNIX_DOMAIN
#define NGX_HAVE_UNIX_DOMAIN  1
#endif


#ifndef NGX_PTR_SIZE
#define NGX_PTR_SIZE  4
#endif


#ifndef NGX_SIG_ATOMIC_T_SIZE
#define NGX_SIG_ATOMIC_T_SIZE  4
#endif


#ifndef NGX_HAVE_LITTLE_ENDIAN
#define NGX_HAVE_LITTLE_ENDIAN  1
#endif


#ifndef NGX_MAX_SIZE_T_VALUE
#define NGX_MAX_SIZE_T_VALUE  2147483647
#endif


#ifndef NGX_SIZE_T_LEN
#define NGX_SIZE_T_LEN  (sizeof("-2147483648") - 1)
#endif


#ifndef NGX_MAX_OFF_T_VALUE
#define NGX_MAX_OFF_T_VALUE  9223372036854775807LL
#endif


#ifndef NGX_OFF_T_LEN
#define NGX_OFF_T_LEN  (sizeof("-9223372036854775808") - 1)
#endif


#ifndef NGX_TIME_T_SIZE
#define NGX_TIME_T_SIZE  4
#endif


#ifndef NGX_TIME_T_LEN
#define NGX_TIME_T_LEN  (sizeof("-2147483648") - 1)
#endif


#ifndef NGX_MAX_TIME_T_VALUE
#define NGX_MAX_TIME_T_VALUE  2147483647
#endif


#ifndef NGX_HAVE_INET6
#define NGX_HAVE_INET6  1
#endif


#ifndef NGX_HAVE_PREAD
#define NGX_HAVE_PREAD  1
#endif


#ifndef NGX_HAVE_PWRITE
#define NGX_HAVE_PWRITE  1
#endif


#ifndef NGX_HAVE_PWRITEV
#define NGX_HAVE_PWRITEV  1
#endif


#ifndef NGX_SYS_NERR
#define NGX_SYS_NERR  135
#endif


#ifndef NGX_HAVE_LOCALTIME_R
#define NGX_HAVE_LOCALTIME_R  1
#endif


#ifndef NGX_HAVE_CLOCK_MONOTONIC
#define NGX_HAVE_CLOCK_MONOTONIC  1
#endif


#ifndef NGX_HAVE_POSIX_MEMALIGN
#define NGX_HAVE_POSIX_MEMALIGN  1
#endif


#ifndef NGX_HAVE_MEMALIGN
#define NGX_HAVE_MEMALIGN  1
#endif


#ifndef NGX_HAVE_MAP_ANON
#define NGX_HAVE_MAP_ANON  1
#endif


#ifndef NGX_HAVE_MAP_DEVZERO
#define NGX_HAVE_MAP_DEVZERO  1
#endif


#ifndef NGX_HAVE_SYSVSHM
#define NGX_HAVE_SYSVSHM  1
#endif


#ifndef NGX_HAVE_POSIX_SEM
#define NGX_HAVE_POSIX_SEM  1
#endif


#ifndef NGX_HAVE_MSGHDR_MSG_CONTROL
#define NGX_HAVE_MSGHDR_MSG_CONTROL  1
#endif


#ifndef NGX_HAVE_FIONBIO
#define NGX_HAVE_FIONBIO  1
#endif


#ifndef NGX_HAVE_FIONREAD
#define NGX_HAVE_FIONREAD  1
#endif


#ifndef NGX_HAVE_GMTOFF
#define NGX_HAVE_GMTOFF  1
#endif


#ifndef NGX_HAVE_D_TYPE
#define NGX_HAVE_D_TYPE  1
#endif


#ifndef NGX_HAVE_SC_NPROCESSORS_ONLN
#define NGX_HAVE_SC_NPROCESSORS_ONLN  1
#endif


#ifndef NGX_HAVE_LEVEL1_DCACHE_LINESIZE
#define NGX_HAVE_LEVEL1_DCACHE_LINESIZE  1
#endif


#ifndef NGX_HAVE_OPENAT
#define NGX_HAVE_OPENAT  1
#endif


#ifndef NGX_HAVE_GETADDRINFO
#define NGX_HAVE_GETADDRINFO  1
#endif


#ifndef NGX_HTTP_CACHE
#define NGX_HTTP_CACHE  1
#endif


#ifndef NGX_HTTP_GZIP
#define NGX_HTTP_GZIP  1
#endif


#ifndef NGX_HTTP_SSI
#define NGX_HTTP_SSI  1
#endif


#ifndef NGX_CRYPT
#define NGX_CRYPT  1
#endif


#ifndef NGX_HTTP_X_FORWARDED_FOR
#define NGX_HTTP_X_FORWARDED_FOR  1
#endif


#ifndef NGX_HTTP_X_FORWARDED_FOR
#define NGX_HTTP_X_FORWARDED_FOR  1
#endif


#ifndef NGX_HTTP_UPSTREAM_ZONE
#define NGX_HTTP_UPSTREAM_ZONE  1
#endif


#ifndef NGX_PCRE
#define NGX_PCRE  1
#endif


#ifndef NGX_ZLIB
#define NGX_ZLIB  1
#endif


#ifndef NGX_PREFIX
#define NGX_PREFIX  "/usr/local/nginx-1.19.3-dev/"
#endif


#ifndef NGX_CONF_PREFIX
#define NGX_CONF_PREFIX  "conf/"
#endif


#ifndef NGX_SBIN_PATH
#define NGX_SBIN_PATH  "sbin/nginx"
#endif


#ifndef NGX_CONF_PATH
#define NGX_CONF_PATH  "conf/nginx.conf"
#endif


#ifndef NGX_PID_PATH
#define NGX_PID_PATH  "logs/nginx.pid"
#endif


#ifndef NGX_LOCK_PATH
#define NGX_LOCK_PATH  "logs/nginx.lock"
#endif


#ifndef NGX_ERROR_LOG_PATH
#define NGX_ERROR_LOG_PATH  "logs/error.log"
#endif


#ifndef NGX_HTTP_LOG_PATH
#define NGX_HTTP_LOG_PATH  "logs/access.log"
#endif


#ifndef NGX_HTTP_CLIENT_TEMP_PATH
#define NGX_HTTP_CLIENT_TEMP_PATH  "client_body_temp"
#endif


#ifndef NGX_HTTP_PROXY_TEMP_PATH
#define NGX_HTTP_PROXY_TEMP_PATH  "proxy_temp"
#endif


#ifndef NGX_HTTP_FASTCGI_TEMP_PATH
#define NGX_HTTP_FASTCGI_TEMP_PATH  "fastcgi_temp"
#endif


#ifndef NGX_HTTP_UWSGI_TEMP_PATH
#define NGX_HTTP_UWSGI_TEMP_PATH  "uwsgi_temp"
#endif


#ifndef NGX_HTTP_SCGI_TEMP_PATH
#define NGX_HTTP_SCGI_TEMP_PATH  "scgi_temp"
#endif


#ifndef NGX_SUPPRESS_WARN
#define NGX_SUPPRESS_WARN  1
#endif


#ifndef NGX_SMP
#define NGX_SMP  1
#endif


#ifndef NGX_USER
#define NGX_USER  "nobody"
#endif


#ifndef NGX_GROUP
#define NGX_GROUP  "nobody"
#endif

 

 

1、http://nginx.org/en/docs/http/ngx_http_rewrite_module.html#rewrite

nginx command type

 

#define NGX_CONF_NOARGS      0x00000001

#define NGX_CONF_TAKE1       0x00000002

#define NGX_CONF_TAKE2       0x00000004

#define NGX_CONF_TAKE3       0x00000008

#define NGX_CONF_TAKE4       0x00000010

#define NGX_CONF_TAKE5       0x00000020

#define NGX_CONF_TAKE6       0x00000040

#define NGX_CONF_TAKE7       0x00000080

 

#define NGX_CONF_TAKE12      (NGX_CONF_TAKE1|NGX_CONF_TAKE2)

#define NGX_CONF_TAKE13      (NGX_CONF_TAKE1|NGX_CONF_TAKE3)

 

 

#define NGX_CONF_TAKE23      (NGX_CONF_TAKE2|NGX_CONF_TAKE3)

 

#define NGX_CONF_TAKE123     (NGX_CONF_TAKE1|NGX_CONF_TAKE2|NGX_CONF_TAKE3)

#define NGX_CONF_TAKE1234    (NGX_CONF_TAKE1|NGX_CONF_TAKE2|NGX_CONF_TAKE3   \

                              |NGX_CONF_TAKE4)

 

 

 

#define NGX_CONF_ARGS_NUMBER 0x000000ff

#define NGX_CONF_BLOCK       0x00000100

#define NGX_CONF_FLAG        0x00000200

#define NGX_CONF_ANY         0x00000400

#define NGX_CONF_1MORE       0x00000800

#define NGX_CONF_2MORE       0x00001000

#define NGX_CONF_MULTI       0x00000000  /* compatibility */

 

#define NGX_DIRECT_CONF      0x00010000

 

#define NGX_MAIN_CONF        0x01000000

#define NGX_ANY_CONF         0x0F000000

 

 

 

 

 

 

 

http:

 

#define NGX_HTTP_MAIN_CONF        0x02000000

#define NGX_HTTP_SRV_CONF         0x04000000

#define NGX_HTTP_LOC_CONF         0x08000000

#define NGX_HTTP_UPS_CONF         0x10000000

#define NGX_HTTP_SIF_CONF         0x20000000

#define NGX_HTTP_LIF_CONF         0x40000000

#define NGX_HTTP_LMT_CONF         0x80000000

 

nginx的一个bug:

这样的一个请求:

GET / HTTP/1.1\r\n

Host:\r\n

\r\n

这个请求按照http1.1规范来看,应该是正确的,但是却返回400 Bad Request错误:

HTTP/1.1 400 Bad Request

Server: nginx/0.8.18

Date: Fri, 22 Mar 2019 14:56:14 GMT

Content-Type: text/html

Content-Length: 173

Connection: close

 

<html>

<head><title>400 Bad Request</title></head>

<body bgcolor="white">

<center><h1>400 Bad Request</h1></center>

<hr><center>nginx/0.8.18</center>

</body>

</html>

如果Host头随便指定一个值,就正确了:

GET / HTTP/1.1\r\n

Host:abc\r\n

\r\n

返回:

HTTP/1.1 200 OK

Server: nginx/0.8.18

Date: Fri, 22 Mar 2019 15:00:17 GMT

Content-Type: text/html

Content-Length: 151

Last-Modified: Wed, 30 Aug 2006 06:39:18 GMT

Connection: keep-alive

Accept-Ranges: bytes

 

<html>

<head>

<title>Welcome to nginx!</title>

</head>

<body bgcolor="white" text="black">

<center><h1>Welcome to nginx!</h1></center>

</body>

</html>

 

 

 

 

 

 

分享到:
评论

相关推荐

    nginx版本升级步骤

    **Nginx版本升级步骤详解** 在Web服务器领域,Nginx以其高性能、低内存消耗以及高并发处理能力而备受青睐。随着新版本的发布,可能会包含性能优化、安全修复和新特性,因此定期更新Nginx版本是必要的。本文将详细...

    arm 架构 docker运行nginx镜像包

    arm 架构 docker运行nginx镜像包,arm 架构 docker运行nginx镜像包,arm 架构 docker运行nginx镜像包,arm 架构 docker运行nginx镜像包,arm 架构 docker运行nginx镜像包,arm 架构 docker运行nginx镜像包,arm 架构...

    nginx-1.24.0.tar

    Nginx 1.24.0 是 Nginx 开源项目发布的一个重要更新版本,该版本在性能优化、功能增强以及安全性提升方面带来了诸多改进。当您下载 Nginx 1.24.0 的压缩包时,您将获得一个包含 Nginx 源代码的压缩文件,通常命名为 ...

    centos8 nginx1.20.1 与nginx配置文件

    现在,我们可以下载Nginx的源代码包`nginx-1.20.1.tar.gz`。你可以通过wget或者浏览器将文件下载到本地,然后解压: ```bash wget http://nginx.org/download/nginx-1.20.1.tar.gz tar -zxvf nginx-1.20.1.tar.gz cd...

    nginx arm64版本nginx-linux-arrch64.zip

    这个名为"nginx-linux-arm64.zip"的压缩包提供的是专为ARM64架构(也称为AArch64)编译的Nginx版本,适用于基于Linux操作系统的64位ARM处理器设备,如树莓派、某些云服务器或嵌入式系统。无需繁琐的编译过程,只需...

    nginx替代方案,nginx代替apache与jboss

    ### Nginx 作为 Apache 和 JBoss 的替代方案 #### 背景介绍 随着互联网技术的不断发展,网站流量的增长对服务器性能提出了更高要求。Apache 和 JBoss 是两种广泛使用的 Web 服务器和应用服务器,但在高并发场景下,...

    nginx-1.13.3,nginx1.13.3不存在信息泄漏漏洞安全稳定nginx版本

    **Nginx 1.13.3 版本详解** Nginx 是一款高性能的 HTTP 和反向代理服务器,广泛应用于网站托管、负载均衡以及应用程序交付等领域。它以其高效、稳定和轻量级的特性著称,尤其在处理静态内容和高并发请求时表现优秀...

    nginx-upstream-jvm-route 和 nginx 对应版本,亲测可用

    此资源有两个文件,含 nginx-upstream-jvm-route 和 nginx 对应版本,都是tar.gz文件。 安装方法网上很多就不写了,亲测可用。 不用担心版本不匹配造成安装失败,再浪费积分去到处下载尝试的烦恼。 此资源有两个文件...

    Linux离线安装nginx安装包

    在Linux系统中,离线安装Nginx是一个常见的需求,特别是在没有互联网连接或者网络环境受限的服务器上。本文将详细讲解如何通过离线方式在Linux上安装Nginx,同时也会涉及Nginx依赖的软件如openssl和gcc的安装过程。 ...

    nginx配置tcp转发(nginx通过白名单访问)

    要配置Nginx进行TCP代理转发,我们需要创建一个新的Nginx配置文件,通常放在`/etc/nginx/conf.d/`目录下,例如命名为`tcp_proxy.conf`。在该文件中,我们需要使用`stream`模块来处理TCP流量。下面是一个基础的配置...

    实战nginx.pdf

    实战nginx.pdf。主要内容包括:第1章 Nginx简介;第2章Nginx服务器安装与配置;第3章Nginx基本配置与优化;第4章Nginx与PHP;第5章Nginx与JSP、ASP.NET..第6章Nginx http负载均衡和反向代理;第7章Nginx 的rewrite...

    windows平台nginx编译nginx-http-flv-module

    1. **下载源码**:首先,从Nginx官网获取稳定版本的源代码,例如nginx-1.17.10。同时,从GitHub或其他可靠的来源下载HTTP FLV Module的源代码。 2. **安装编译工具**:Windows上需要安装MinGW或Visual Studio等编译...

    升级gitlab中nginx版本.docx

    "GitLab系统中Nginx版本升级和配置" 在实际生产环境中,GitLab系统的Nginx版本升级和配置是一个非常重要的任务。为确保系统的稳定性和安全性,需要对GitLab系统中的Nginx版本进行升级和配置。本文将详细介绍如何...

    Nginx课件完整版.pdf

    Nginx课件完整版.pdf Nginx是一款功能强大的网络服务器软件,能够提供高性能的Web服务器、反向代理、负载均衡等功能。本资源摘要信息将对Nginx的主要知识点进行详细的介绍。 什么是Nginx? Nginx是一个基于C语言...

    nginx带nginx-http-flv模块windows编译版rtmp

    **Nginx与Nginx-RTMP及Nginx-HTTP-FLV模块** Nginx是一款高性能、轻量级的Web服务器/反向代理服务器,被广泛应用于高并发场景,尤其在处理静态文件、HTTP缓存以及反向代理等方面表现出色。Nginx以其高效的事件驱动...

    arm架构nginx编译器安装

    在IT领域,尤其是在服务器配置和优化的过程中,ARM架构和Nginx扮演着至关重要的角色。ARM(Advanced RISC Machines)架构是一种广泛应用于嵌入式设备、移动设备以及高性能计算的处理器架构,以其低功耗和高效能而...

    带nginx-rtmp-module模块的Nginx

    【标题】: "带nginx-rtmp-module模块的Nginx" 在当今互联网技术日新月异的时代,实时流媒体传输已经成为在线视频分享、直播、远程教育等应用场景不可或缺的一部分。Nginx,作为一款高性能的HTTP和反向代理服务器,...

    在linux系统上升级nginx版本

    在 Linux 系统上升级 Nginx 版本 Nginx 是一个流行的开源 Web 服务器软件,可以运行在多种操作系统上,其中包括 Linux。随着 Nginx 的不断更新和发展,升级 Nginx 版本成为一个不可避免的问题。本文将指导您在 ...

    nginx-1.19.3_nginx-http-flv-module.rar

    标题中的"nginx-1.19.3_nginx-http-flv-module.rar"表明这是一个关于Nginx服务器的软件包,特别地,它包含了Nginx的1.19.3版本,并且已经集成了`nginx-http-flv-module`模块。这个模块是用于支持HTTP FLV(Flash ...

    nginx-1.14.2.tar.gz nginx-1.14.2下载

    **Nginx 1.14.2 是一个流行的开源 Web 服务器和反向代理服务器,它以其高性能、稳定性以及低内存占用而闻名。在本文中,我们将详细探讨 Nginx 的核心特性、1.14.2 版本的重要更新、在64位Linux系统上的安装与配置,...

Global site tag (gtag.js) - Google Analytics