nginx

• Nginx 源代码分析 https://lobin.iteye.com/admin/blogs/2518134
• Nginx 源代码分析 - 模块 https://lobin.iteye.com/admin/blogs/2518135
• Nginx 源代码分析 - main https://lobin.iteye.com/admin/blogs/2518066
• Nginx 源代码分析 - struct ngx_cycle_s https://lobin.iteye.com/admin/blogs/2518065
• Nginx 源代码分析 - struct ngx_pool_s https://lobin.iteye.com/admin/blogs/2518067
• Nginx 源代码分析 - 进程 https://lobin.iteye.com/admin/blogs/2518132
• Nginx 源代码分析 - 主（master）进程 https://lobin.iteye.com/admin/blogs/2518131
• Nginx 源代码分析 - 工作进程 https://lobin.iteye.com/admin/blogs/2518130
• Nginx 源代码分析 - cache进程 https://lobin.iteye.com/admin/blogs/2518133

 

安装

# ./configure --prefix=/usr/local/nginx-1.19.3 

./configure: error: the HTTP rewrite module requires the PCRE library.

You can either disable the module by using --without-http_rewrite_module

option, or install the PCRE library into the system, or build the PCRE library

statically from the source with nginx by using --with-pcre=<path> option.

 

# yum install -y pcre pcre-devel

# ./configure --prefix=/usr/local/nginx-1.19.3 

安装SSL模块

# ./configure --with-http_ssl_module --prefix=/usr/local/nginx-1.19.3

 

确认安装了OpenSSL

# openssl version

OpenSSL 1.0.1e-fips 11 Feb 2013

 

# make

# make install

 

写道

├── conf
│   ├── fastcgi.conf
│   ├── fastcgi.conf.default
│   ├── fastcgi_params
│   ├── fastcgi_params.default
│   ├── koi-utf
│   ├── koi-win
│   ├── mime.types
│   ├── mime.types.default
│   ├── nginx.conf
│   ├── nginx.conf.default
│   ├── scgi_params
│   ├── scgi_params.default
│   ├── uwsgi_params
│   ├── uwsgi_params.default
│   └── win-utf
├── html
│   ├── 50x.html
│   └── index.html
├── logs
└── sbin
└── nginx

 

配置

配置文件

nginx.conf

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    server {
        listen       80;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            root   html;
            index  index.html index.htm;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}
}

负载均衡配置

 

upstream

写道

Syntax: upstream name { ... }
Default: —
Context: http

 

默认采用基于权重的轮训负载均衡策略。

写道

By default, requests are distributed between the servers using a weighted round-robin balancing method.

 

写道

Syntax: server address [parameters];
Default: —
Context: upstream

 

写道

The following parameters can be defined:

weight=number
sets the weight of the server, by default, 1.

max_conns=number
limits the maximum number of simultaneous active connections to the proxied server (1.11.5). Default value is zero, meaning there is no limit. If the server group does not reside in the shared memory, the limitation works per each worker process.

If idle keepalive connections, multiple workers, and the shared memory are enabled, the total number of active and idle connections to the proxied server may exceed the max_conns value.

Since version 1.5.9 and prior to version 1.11.5, this parameter was available as part of our commercial subscription.

max_fails=number
sets the number of unsuccessful attempts to communicate with the server that should happen in the duration set by the fail_timeout parameter to consider the server unavailable for a duration also set by the fail_timeout parameter. By default, the number of unsuccessful attempts is set to 1. The zero value disables the accounting of attempts. What is considered an unsuccessful attempt is defined by the proxy_next_upstream, fastcgi_next_upstream, uwsgi_next_upstream, scgi_next_upstream, memcached_next_upstream, and grpc_next_upstream directives.

fail_timeout=time
sets
1. the time during which the specified number of unsuccessful attempts to communicate with the server should happen to consider the server unavailable;
2. and the period of time the server will be considered unavailable.

By default, the parameter is set to 10 seconds.

backup
marks the server as a backup server. It will be passed requests when the primary servers are unavailable.

The parameter cannot be used along with the hash, ip_hash, and random load balancing methods.

down
marks the server as permanently unavailable.

 

写道

Additionally, the following parameters are available as part of our commercial subscription:

resolve
monitors changes of the IP addresses that correspond to a domain name of the server, and automatically modifies the upstream configuration without the need of restarting nginx (1.5.12). The server group must reside in the shared memory.
In order for this parameter to work, the resolver directive must be specified in the http block or in the corresponding upstream block.

route=string
sets the server route name.

service=name
enables resolving of DNS SRV records and sets the service name (1.9.13). In order for this parameter to work, it is necessary to specify the resolve parameter for the server and specify a hostname without a port number.
If the service name does not contain a dot (“.”), then the RFC-compliant name is constructed and the TCP protocol is added to the service prefix. For example, to look up the _http._tcp.backend.example.com SRV record, it is necessary to specify the directive:

server backend.example.com service=http resolve;

If the service name contains one or more dots, then the name is constructed by joining the service prefix and the server name. For example, to look up the _http._tcp.backend.example.com and server1.backend.example.com SRV records, it is necessary to specify the directives:

server backend.example.com service=_http._tcp resolve;
server example.com service=server1.backend resolve;

Highest-priority SRV records (records with the same lowest-number priority value) are resolved as primary servers, the rest of SRV records are resolved as backup servers. If the backup parameter is specified for the server, high-priority SRV records are resolved as backup servers, the rest of SRV records are ignored.

slow_start=time
sets the time during which the server will recover its weight from zero to a nominal value, when unhealthy server becomes healthy, or when the server becomes available after a period of time it was considered unavailable. Default value is zero, i.e. slow start is disabled.

The parameter cannot be used along with the hash, ip_hash, and random load balancing methods.

drain
puts the server into the “draining” mode (1.13.6). In this mode, only requests bound to the server will be proxied to it.

Prior to version 1.13.6, the parameter could be changed only with the API module.

If there is only a single server in a group, max_fails, fail_timeout and slow_start parameters are ignored, and such a server will never be considered unavailable.

 

upstream backend {
    server 192.168.0.102:8081;
    server 192.168.0.102:8082;
    server 192.168.0.102:8083;
}

location / {
    proxy_pass http://backend;
}

负载均衡策略

写道

Syntax: hash key [consistent];
Default: —
Context: upstream
This directive appeared in version 1.7.2.

 

写道

Syntax: ip_hash;
Default: —
Context: upstream

 

写道

Syntax: least_conn;
Default: —
Context: upstream
This directive appeared in versions 1.3.1 and 1.2.2.

 

写道

Syntax: least_time header | last_byte [inflight];
Default: —
Context: upstream
This directive appeared in version 1.7.10.

 

写道

Syntax: random [two [method]];
Default: —
Context: upstream
This directive appeared in version 1.15.1.

 

可选参数

method

默认为least_conn。社区版本只支持least_conn，商业版本还支持least_time。

 

upstream order.com {
    random;
    server 192.168.0.102:8081;
    server 192.168.0.102:8082;
    server 192.168.0.102:8083;
}

location / {
    proxy_pass http://order.com;
}

 

 

upstream m.order.com {
    random two;
    server 192.168.0.102:8081;
    server 192.168.0.102:8082;
    server 192.168.0.102:8083;
}

location / {
    proxy_pass http://m.order.com;
}

等同于

upstream m.order.com {
    random two least_conn;
    server 192.168.0.102:8081;
    server 192.168.0.102:8082;
    server 192.168.0.102:8083;
}

location / {
    proxy_pass http://m.order.com;
}

 

访问日志配置

默认情况下，nginx将日志记录到logs/access.log中，记录格式：combined。默认访问日志配置等同于如下配置：

access_log  logs/access.log  combined;

 

自定义访问日志文件

access_log  /var/logs/nginx/access.log

 

自定义访问日志格式

通过log_format自定义访问日志格式

如默认的访问日志格式combined的格式：

log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '

                      '$status $body_bytes_sent "$http_referer" '

                      '"$http_user_agent"';

 

log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '

                      '$status $body_bytes_sent "$http_referer" '

                      '"$http_user_agent" "$http_x_forwarded_for"';

 

access_log  logs/access.log  main;

 

[root@localhost nginx-1.19.3]# tail -f logs/access.log 

192.168.0.109 - - [08/Nov/2020:00:32:22 +0800] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36" "-"

192.168.0.109 - - [08/Nov/2020:00:32:23 +0800] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36" "-"

192.168.0.109 - - [08/Nov/2020:00:32:23 +0800] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36" "-"

 

# ./nginx -V

nginx version: nginx/1.19.3

built by gcc 4.4.7 20120313 (Red Hat 4.4.7-23) (GCC) 

configure arguments: --prefix=/usr/local/nginx-1.19.3

 

安装了SSL模块

# ./nginx -V

nginx version: nginx/1.19.3

built by gcc 4.4.7 20120313 (Red Hat 4.4.7-23) (GCC) 

built with OpenSSL 1.0.1e-fips 11 Feb 2013

TLS SNI support enabled

configure arguments: --with-http_ssl_module --prefix=/usr/local/nginx-1.19.3

 

# nginx

 

# ps -ef | grep nginx

root      6290     1  1 12:17 ?        00:00:00 nginx: master process nginx

nobody    6291  6290  0 12:17 ?        00:00:00 nginx: worker process

 

# tail -f logs/access.log 

192.168.0.109 - - [07/Nov/2020:23:50:55 +0800] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36"

192.168.0.109 - - [07/Nov/2020:23:50:55 +0800] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36"

192.168.0.109 - - [07/Nov/2020:23:50:55 +0800] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36"

 

写道

NGINX writes information about client requests in the access log right after the request is processed. By default, the access log is located at logs/access.log, and the information is written to the log in the predefined combined format.

 

# tail -f logs/error.log 

2020/10/18 16:45:11 [error] 21936#0: *1 open() "/usr/local/nginx-1.19.3/html/favicon.ico" failed (2: No such file or directory), client: 192.168.0.109, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "192.168.0.102", referrer: "http://192.168.0.102/"

 

写道

NGINX writes information about encountered issues of different severity levels to the error log. The error_log directive sets up logging to a particular file, stderr, or syslog and specifies the minimal severity level of messages to log. By default, the error log is located at logs/error.log (the absolute path depends on the operating system and installation), and messages from all severity levels above the one specified are logged.

 

配置https模块

# openssl genrsa -idea -out nginx.key 1024

Generating RSA private key, 1024 bit long modulus

..................................++++++

.....++++++

e is 65537 (0x10001)

Enter pass phrase for nginx.key:

Verifying - Enter pass phrase for nginx.key:

密码为123456

 

写道

# cat ../cert/nginx.key
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: IDEA-CBC,DBD65C6553A3BBBA

vsfcFOj1ke+ub9qm7IVvWFIdGjb0vrJ9Rscc1Cr4vJoQRjkqAVuKHVPJaQI7K0uJ
sRoWl9C6IIj3jRGrmeJs0lNHVGfBpFqL2O/vImsNPVW/IIrG79yI4UJrEgTIlzwu
ara6w5irL46zk8ECLHiGfeTbQaIoNjemNoVPkx2i3yW6tPQi4+XVbawiSZqWXrw5
k0lgqEMtvJhd+8F7P/WTVVi+1AHYh9qZIus3C4RLOoR6yY5z1H4x/PQcpESDnNei
YQ5PdMya/Rg+Rd99nTwEZ+XhCqWVNE2/qhDju5/T6RmzPqSGvAktFJrRLzgPRlr7
LNmtZ50L9Eo2mO0Quunv7Rca0uKmZtot7dV3YWyVCLRyIaXBy11cXB+rgzNb2/7N
xpYOepTbckC/YY3ZXm6IkSdQlqCsmUwGinFztFNByhKPAk3xH5EfBeEfafE/0uO9
49Xtnk83ROTaayOUqV8eKAHOEz6jsPGQ8ooziBmYi5Lpv9HnevS3QHmwwnehMTIY
iZ2dYH94pHwDTlTyyX0Zk/CUNz/I9ukyUZ6NNPxmcNtO6PvyUJBw+ubQ4WudZlV/
rQFJD5PpB8D9cY7hZ4tHMQyFTqvoIZIIDF+e5s2HGXkc9vaNj7D2dhXgJ0PLdLbs
zFiuzUSyB0WPh57rcvV3Pvee/eNIUmsmYzXpzri3QCdU5o/cVUS9jtohrsFHeR+i
KOfmFISExkL/Bh+uuNcFxXFiECVTWUmcmjW3XjLDr4sPyDWTXpj9q9sNyij8qDHp
7j6yq3fz9+MvdouU6m4dO1RwzVQz4n1T5Z9ar3Spi73BclpYs/IBPg==
-----END RSA PRIVATE KEY-----

 

# openssl req -new -key nginx.key -out nginx.csr

Enter pass phrase for nginx.key:

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:cn

State or Province Name (full name) []:sh

Locality Name (eg, city) [Default City]:sh

Organization Name (eg, company) [Default Company Ltd]:

Organizational Unit Name (eg, section) []:

Common Name (eg, your name or your server's hostname) []:

Email Address []:

 

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:123456

An optional company name []:

 

写道

# cat ../cert/nginx.csr
-----BEGIN CERTIFICATE REQUEST-----
MIIBnDCCAQUCAQAwRTELMAkGA1UEBhMCY24xCzAJBgNVBAgMAnNoMQswCQYDVQQH
DAJzaDEcMBoGA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDCBnzANBgkqhkiG9w0B
AQEFAAOBjQAwgYkCgYEAxm8nHANqDt6lpsWxBslUgNENaqmEh9lJ9lqHg1tput8b
zKAd8DjPbMGRO2uMobcv1iFp5jxqBx6RnazU8EoHriKNoSqqKRMJh/lzRxj9UUG1
MV6Kkzc6z0C9XdZ7cymztO2rTaHOdfRhdHp8nmdUkeLonotqad8LStJMzsiXvGMC
AwEAAaAXMBUGCSqGSIb3DQEJBzEIDAYxMjM0NTYwDQYJKoZIhvcNAQEFBQADgYEA
C5uQ7ni3zYJAN1Owis4npoSTUwbnk2NtX1kOIe/kJV0MwPxr249E7D7bGojwgJWK
5yclYia7aH5na/aZyTFI8Y+cd/M48c0+Hef5rc/8jjij3Wh/lD183bW8OJvc2oVf
ZTH/EUjAvQlyM1b26x9UFhBk1zILWcR2HwH5DfmynuQ=
-----END CERTIFICATE REQUEST-----

 

# openssl x509 -req -days 3650 -in nginx.csr -signkey nginx.key -out nginx.crt

Signature ok

subject=/C=cn/ST=sh/L=sh/O=Default Company Ltd

Getting Private key

Enter pass phrase for nginx.key:

写道

# cat ../cert/nginx.crt
-----BEGIN CERTIFICATE-----
MIICATCCAWoCCQCulbkjPHscmjANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJj
bjELMAkGA1UECAwCc2gxCzAJBgNVBAcMAnNoMRwwGgYDVQQKDBNEZWZhdWx0IENv
bXBhbnkgTHRkMB4XDTIwMTAxODA4NDEzNFoXDTMwMTAxNjA4NDEzNFowRTELMAkG
A1UEBhMCY24xCzAJBgNVBAgMAnNoMQswCQYDVQQHDAJzaDEcMBoGA1UECgwTRGVm
YXVsdCBDb21wYW55IEx0ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxm8n
HANqDt6lpsWxBslUgNENaqmEh9lJ9lqHg1tput8bzKAd8DjPbMGRO2uMobcv1iFp
5jxqBx6RnazU8EoHriKNoSqqKRMJh/lzRxj9UUG1MV6Kkzc6z0C9XdZ7cymztO2r
TaHOdfRhdHp8nmdUkeLonotqad8LStJMzsiXvGMCAwEAATANBgkqhkiG9w0BAQUF
AAOBgQBMb0oFBPN3GM5BpyMW/71lXjHkIESiAW0gQ4JWmi68pU3GVSNyU64oV8Lv
VuW6nqhoMiB8oSiFeNhKN3DOozwFnqJ4tHwkyyfwh5XveZELsQ9zepw4t51+1ayz
BMCx3kpH7BFwPHW1ZROVGVEPn6L1l0btPvaMJkzmqgWXn6Skuw==
-----END CERTIFICATE-----

 

 

# ll

total 5580

-rwxr-xr-x. 1 root root 5699297 Oct 18 16:33 nginx

-rw-r--r--. 1 root root     757 Oct 18 16:41 nginx.crt

-rw-r--r--. 1 root root     635 Oct 18 16:40 nginx.csr

-rw-r--r--. 1 root root     959 Oct 18 16:36 nginx.key

 

写道

# HTTPS server
#
server {
listen 443 ssl;
server_name localhost;

ssl_certificate ../cert/nginx.crt;
ssl_certificate_key ../cert/nginx.key;

ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;


location / {
root html;
index index.html index.htm;
}
}

 

# ./nginx -t -c /usr/local/nginx-1.19.3/conf/nginx.conf

Enter PEM pass phrase:

nginx: the configuration file /usr/local/nginx-1.19.3/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx-1.19.3/conf/nginx.conf test is successful

这里需要输入刚才的密码

 

# ./nginx -s reload 

Enter PEM pass phrase:

这里需要输入刚才的密码

 

重启

# ./nginx

Enter PEM pass phrase:

这里需要输入刚才的密码

 

开启443端口

# cat /etc/sysconfig/iptables

-A INPUT -p tcp --dport 443 -j ACCEPT

# service iptables restart

 

写道

# curl https://192.168.0.102
curl: (60) Peer certificate cannot be authenticated with known CA certificates
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.

 

写道

# curl --insecure https://192.168.0.102
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

 

 

nginx rewrite

Syntax: Default: Context:

rewrite regex replacement [flag];

—

server, location, if

写道

If the specified regular expression matches a request URI, URI is changed as specified in the replacement string. The rewrite directives are executed sequentially in order of their appearance in the configuration file. It is possible to terminate further processing of the directives using flags. If a replacement string starts with “http://” or “https://”, the processing stops and the redirect is returned to a client.
An optional flag parameter can be one of:
last
stops processing the current set of ngx_http_rewrite_module directives and starts a search for a new location matching the changed URI;
break
stops processing the current set of ngx_http_rewrite_module directives as with the breakdirective;
redirect
returns a temporary redirect with the 302 code; used if a replacement string does not start with “http://” or “https://”;
permanent
returns a permanent redirect with the 301 code.
The full redirect URL is formed according to the request scheme ($scheme) and theserver_name_in_redirect and port_in_redirect directives.

 

Example:

server {
    ...
    rewrite ^(/download/.*)/media/(.*)\..*$ $1/mp3/$2.mp3 last;
    rewrite ^(/download/.*)/audio/(.*)\..*$ $1/mp3/$2.ra  last;
    return  403;
    ...
}

 

写道

But if these directives are put inside the “/download/” location, the last flag should be replaced by break, or otherwise nginx will make 10 cycles and return the 500 error:

 

location /download/ {
    rewrite ^(/download/.*)/media/(.*)\..*$ $1/mp3/$2.mp3 break;
    rewrite ^(/download/.*)/audio/(.*)\..*$ $1/mp3/$2.ra  break;
    return  403;
}

 

写道

If a replacement string includes the new request arguments, the previous request arguments are appended after them. If this is undesired, putting a question mark at the end of a replacement string avoids having them appended, for example:

 

rewrite ^/users/(.*)$ /show?user=$1? last;

 

写道

If a regular expression includes the “}” or “;” characters, the whole expressions should be enclosed in single or double quotes.

 

 

源代码

ngx_auto_config.h

配置头文件，源代码中没有这个文件。这个文件在./configure的时候自动生成。

#define NGX_CONFIGURE " --prefix=/usr/local/nginx-1.19.3-dev"

#ifndef NGX_COMPILER
#define NGX_COMPILER  "gcc 4.4.7 20120313 (Red Hat 4.4.7-23) (GCC) "
#endif


#ifndef NGX_HAVE_GCC_ATOMIC
#define NGX_HAVE_GCC_ATOMIC  1
#endif


#ifndef NGX_HAVE_C99_VARIADIC_MACROS
#define NGX_HAVE_C99_VARIADIC_MACROS  1
#endif


#ifndef NGX_HAVE_GCC_VARIADIC_MACROS
#define NGX_HAVE_GCC_VARIADIC_MACROS  1
#endif


#ifndef NGX_HAVE_GCC_BSWAP64
#define NGX_HAVE_GCC_BSWAP64  1
#endif


#ifndef NGX_HAVE_EPOLL
#define NGX_HAVE_EPOLL  1
#endif


#ifndef NGX_HAVE_CLEAR_EVENT
#define NGX_HAVE_CLEAR_EVENT  1
#endif


#ifndef NGX_HAVE_EPOLLRDHUP
#define NGX_HAVE_EPOLLRDHUP  1
#endif


#ifndef NGX_HAVE_SENDFILE
#define NGX_HAVE_SENDFILE  1
#endif


#ifndef NGX_HAVE_SENDFILE64
#define NGX_HAVE_SENDFILE64  1
#endif


#ifndef NGX_HAVE_PR_SET_DUMPABLE
#define NGX_HAVE_PR_SET_DUMPABLE  1
#endif


#ifndef NGX_HAVE_PR_SET_KEEPCAPS
#define NGX_HAVE_PR_SET_KEEPCAPS  1
#endif


#ifndef NGX_HAVE_CAPABILITIES
#define NGX_HAVE_CAPABILITIES  1
#endif


#ifndef NGX_HAVE_GNU_CRYPT_R
#define NGX_HAVE_GNU_CRYPT_R  1
#endif


#ifndef NGX_HAVE_NONALIGNED
#define NGX_HAVE_NONALIGNED  1
#endif


#ifndef NGX_CPU_CACHE_LINE
#define NGX_CPU_CACHE_LINE  32
#endif


#define NGX_KQUEUE_UDATA_T  (void *)


#ifndef NGX_HAVE_POSIX_FADVISE
#define NGX_HAVE_POSIX_FADVISE  1
#endif


#ifndef NGX_HAVE_O_DIRECT
#define NGX_HAVE_O_DIRECT  1
#endif


#ifndef NGX_HAVE_ALIGNED_DIRECTIO
#define NGX_HAVE_ALIGNED_DIRECTIO  1
#endif


#ifndef NGX_HAVE_STATFS
#define NGX_HAVE_STATFS  1
#endif


#ifndef NGX_HAVE_STATVFS
#define NGX_HAVE_STATVFS  1
#endif


#ifndef NGX_HAVE_DLOPEN
#define NGX_HAVE_DLOPEN  1
#endif


#ifndef NGX_HAVE_SCHED_YIELD
#define NGX_HAVE_SCHED_YIELD  1
#endif


#ifndef NGX_HAVE_SCHED_SETAFFINITY
#define NGX_HAVE_SCHED_SETAFFINITY  1
#endif


#ifndef NGX_HAVE_REUSEPORT
#define NGX_HAVE_REUSEPORT  1
#endif


#ifndef NGX_HAVE_TRANSPARENT_PROXY
#define NGX_HAVE_TRANSPARENT_PROXY  1
#endif


#ifndef NGX_HAVE_IP_PKTINFO
#define NGX_HAVE_IP_PKTINFO  1
#endif


#ifndef NGX_HAVE_IPV6_RECVPKTINFO
#define NGX_HAVE_IPV6_RECVPKTINFO  1
#endif


#ifndef NGX_HAVE_DEFERRED_ACCEPT
#define NGX_HAVE_DEFERRED_ACCEPT  1
#endif


#ifndef NGX_HAVE_KEEPALIVE_TUNABLE
#define NGX_HAVE_KEEPALIVE_TUNABLE  1
#endif


#ifndef NGX_HAVE_TCP_INFO
#define NGX_HAVE_TCP_INFO  1
#endif


#ifndef NGX_HAVE_ACCEPT4
#define NGX_HAVE_ACCEPT4  1
#endif


#ifndef NGX_HAVE_EVENTFD
#define NGX_HAVE_EVENTFD  1
#endif


#ifndef NGX_HAVE_SYS_EVENTFD_H
#define NGX_HAVE_SYS_EVENTFD_H  1
#endif


#ifndef NGX_HAVE_UNIX_DOMAIN
#define NGX_HAVE_UNIX_DOMAIN  1
#endif


#ifndef NGX_PTR_SIZE
#define NGX_PTR_SIZE  4
#endif


#ifndef NGX_SIG_ATOMIC_T_SIZE
#define NGX_SIG_ATOMIC_T_SIZE  4
#endif


#ifndef NGX_HAVE_LITTLE_ENDIAN
#define NGX_HAVE_LITTLE_ENDIAN  1
#endif


#ifndef NGX_MAX_SIZE_T_VALUE
#define NGX_MAX_SIZE_T_VALUE  2147483647
#endif


#ifndef NGX_SIZE_T_LEN
#define NGX_SIZE_T_LEN  (sizeof("-2147483648") - 1)
#endif


#ifndef NGX_MAX_OFF_T_VALUE
#define NGX_MAX_OFF_T_VALUE  9223372036854775807LL
#endif


#ifndef NGX_OFF_T_LEN
#define NGX_OFF_T_LEN  (sizeof("-9223372036854775808") - 1)
#endif


#ifndef NGX_TIME_T_SIZE
#define NGX_TIME_T_SIZE  4
#endif


#ifndef NGX_TIME_T_LEN
#define NGX_TIME_T_LEN  (sizeof("-2147483648") - 1)
#endif


#ifndef NGX_MAX_TIME_T_VALUE
#define NGX_MAX_TIME_T_VALUE  2147483647
#endif


#ifndef NGX_HAVE_INET6
#define NGX_HAVE_INET6  1
#endif


#ifndef NGX_HAVE_PREAD
#define NGX_HAVE_PREAD  1
#endif


#ifndef NGX_HAVE_PWRITE
#define NGX_HAVE_PWRITE  1
#endif


#ifndef NGX_HAVE_PWRITEV
#define NGX_HAVE_PWRITEV  1
#endif


#ifndef NGX_SYS_NERR
#define NGX_SYS_NERR  135
#endif


#ifndef NGX_HAVE_LOCALTIME_R
#define NGX_HAVE_LOCALTIME_R  1
#endif


#ifndef NGX_HAVE_CLOCK_MONOTONIC
#define NGX_HAVE_CLOCK_MONOTONIC  1
#endif


#ifndef NGX_HAVE_POSIX_MEMALIGN
#define NGX_HAVE_POSIX_MEMALIGN  1
#endif


#ifndef NGX_HAVE_MEMALIGN
#define NGX_HAVE_MEMALIGN  1
#endif


#ifndef NGX_HAVE_MAP_ANON
#define NGX_HAVE_MAP_ANON  1
#endif


#ifndef NGX_HAVE_MAP_DEVZERO
#define NGX_HAVE_MAP_DEVZERO  1
#endif


#ifndef NGX_HAVE_SYSVSHM
#define NGX_HAVE_SYSVSHM  1
#endif


#ifndef NGX_HAVE_POSIX_SEM
#define NGX_HAVE_POSIX_SEM  1
#endif


#ifndef NGX_HAVE_MSGHDR_MSG_CONTROL
#define NGX_HAVE_MSGHDR_MSG_CONTROL  1
#endif


#ifndef NGX_HAVE_FIONBIO
#define NGX_HAVE_FIONBIO  1
#endif


#ifndef NGX_HAVE_FIONREAD
#define NGX_HAVE_FIONREAD  1
#endif


#ifndef NGX_HAVE_GMTOFF
#define NGX_HAVE_GMTOFF  1
#endif


#ifndef NGX_HAVE_D_TYPE
#define NGX_HAVE_D_TYPE  1
#endif


#ifndef NGX_HAVE_SC_NPROCESSORS_ONLN
#define NGX_HAVE_SC_NPROCESSORS_ONLN  1
#endif


#ifndef NGX_HAVE_LEVEL1_DCACHE_LINESIZE
#define NGX_HAVE_LEVEL1_DCACHE_LINESIZE  1
#endif


#ifndef NGX_HAVE_OPENAT
#define NGX_HAVE_OPENAT  1
#endif


#ifndef NGX_HAVE_GETADDRINFO
#define NGX_HAVE_GETADDRINFO  1
#endif


#ifndef NGX_HTTP_CACHE
#define NGX_HTTP_CACHE  1
#endif


#ifndef NGX_HTTP_GZIP
#define NGX_HTTP_GZIP  1
#endif


#ifndef NGX_HTTP_SSI
#define NGX_HTTP_SSI  1
#endif


#ifndef NGX_CRYPT
#define NGX_CRYPT  1
#endif


#ifndef NGX_HTTP_X_FORWARDED_FOR
#define NGX_HTTP_X_FORWARDED_FOR  1
#endif


#ifndef NGX_HTTP_X_FORWARDED_FOR
#define NGX_HTTP_X_FORWARDED_FOR  1
#endif


#ifndef NGX_HTTP_UPSTREAM_ZONE
#define NGX_HTTP_UPSTREAM_ZONE  1
#endif


#ifndef NGX_PCRE
#define NGX_PCRE  1
#endif


#ifndef NGX_ZLIB
#define NGX_ZLIB  1
#endif


#ifndef NGX_PREFIX
#define NGX_PREFIX  "/usr/local/nginx-1.19.3-dev/"
#endif


#ifndef NGX_CONF_PREFIX
#define NGX_CONF_PREFIX  "conf/"
#endif


#ifndef NGX_SBIN_PATH
#define NGX_SBIN_PATH  "sbin/nginx"
#endif


#ifndef NGX_CONF_PATH
#define NGX_CONF_PATH  "conf/nginx.conf"
#endif


#ifndef NGX_PID_PATH
#define NGX_PID_PATH  "logs/nginx.pid"
#endif


#ifndef NGX_LOCK_PATH
#define NGX_LOCK_PATH  "logs/nginx.lock"
#endif


#ifndef NGX_ERROR_LOG_PATH
#define NGX_ERROR_LOG_PATH  "logs/error.log"
#endif


#ifndef NGX_HTTP_LOG_PATH
#define NGX_HTTP_LOG_PATH  "logs/access.log"
#endif


#ifndef NGX_HTTP_CLIENT_TEMP_PATH
#define NGX_HTTP_CLIENT_TEMP_PATH  "client_body_temp"
#endif


#ifndef NGX_HTTP_PROXY_TEMP_PATH
#define NGX_HTTP_PROXY_TEMP_PATH  "proxy_temp"
#endif


#ifndef NGX_HTTP_FASTCGI_TEMP_PATH
#define NGX_HTTP_FASTCGI_TEMP_PATH  "fastcgi_temp"
#endif


#ifndef NGX_HTTP_UWSGI_TEMP_PATH
#define NGX_HTTP_UWSGI_TEMP_PATH  "uwsgi_temp"
#endif


#ifndef NGX_HTTP_SCGI_TEMP_PATH
#define NGX_HTTP_SCGI_TEMP_PATH  "scgi_temp"
#endif


#ifndef NGX_SUPPRESS_WARN
#define NGX_SUPPRESS_WARN  1
#endif


#ifndef NGX_SMP
#define NGX_SMP  1
#endif


#ifndef NGX_USER
#define NGX_USER  "nobody"
#endif


#ifndef NGX_GROUP
#define NGX_GROUP  "nobody"
#endif

 

 

1、http://nginx.org/en/docs/http/ngx_http_rewrite_module.html#rewrite

nginx command type

 

#define NGX_CONF_NOARGS      0x00000001

#define NGX_CONF_TAKE1       0x00000002

#define NGX_CONF_TAKE2       0x00000004

#define NGX_CONF_TAKE3       0x00000008

#define NGX_CONF_TAKE4       0x00000010

#define NGX_CONF_TAKE5       0x00000020

#define NGX_CONF_TAKE6       0x00000040

#define NGX_CONF_TAKE7       0x00000080

 

#define NGX_CONF_TAKE12      (NGX_CONF_TAKE1|NGX_CONF_TAKE2)

#define NGX_CONF_TAKE13      (NGX_CONF_TAKE1|NGX_CONF_TAKE3)

 

 

#define NGX_CONF_TAKE23      (NGX_CONF_TAKE2|NGX_CONF_TAKE3)

 

#define NGX_CONF_TAKE123     (NGX_CONF_TAKE1|NGX_CONF_TAKE2|NGX_CONF_TAKE3)

#define NGX_CONF_TAKE1234    (NGX_CONF_TAKE1|NGX_CONF_TAKE2|NGX_CONF_TAKE3   \

                              |NGX_CONF_TAKE4)

 

 

 

#define NGX_CONF_ARGS_NUMBER 0x000000ff

#define NGX_CONF_BLOCK       0x00000100

#define NGX_CONF_FLAG        0x00000200

#define NGX_CONF_ANY         0x00000400

#define NGX_CONF_1MORE       0x00000800

#define NGX_CONF_2MORE       0x00001000

#define NGX_CONF_MULTI       0x00000000  /* compatibility */

 

#define NGX_DIRECT_CONF      0x00010000

 

#define NGX_MAIN_CONF        0x01000000

#define NGX_ANY_CONF         0x0F000000

 

 

 

 

 

 

 

http:

 

#define NGX_HTTP_MAIN_CONF        0x02000000

#define NGX_HTTP_SRV_CONF         0x04000000

#define NGX_HTTP_LOC_CONF         0x08000000

#define NGX_HTTP_UPS_CONF         0x10000000

#define NGX_HTTP_SIF_CONF         0x20000000

#define NGX_HTTP_LIF_CONF         0x40000000

#define NGX_HTTP_LMT_CONF         0x80000000

 

nginx的一个bug：

这样的一个请求：

GET / HTTP/1.1\r\n

Host:\r\n

\r\n

这个请求按照http1.1规范来看，应该是正确的，但是却返回400 Bad Request错误：

HTTP/1.1 400 Bad Request

Server: nginx/0.8.18

Date: Fri, 22 Mar 2019 14:56:14 GMT

Content-Type: text/html

Content-Length: 173

Connection: close

 

<html>

<head><title>400 Bad Request</title></head>

<body bgcolor="white">

<center><h1>400 Bad Request</h1></center>

<hr><center>nginx/0.8.18</center>

</body>

</html>

如果Host头随便指定一个值，就正确了：

GET / HTTP/1.1\r\n

Host:abc\r\n

\r\n

返回：

HTTP/1.1 200 OK

Server: nginx/0.8.18

Date: Fri, 22 Mar 2019 15:00:17 GMT

Content-Type: text/html

Content-Length: 151

Last-Modified: Wed, 30 Aug 2006 06:39:18 GMT

Connection: keep-alive

Accept-Ranges: bytes

 

<html>

<head>

<title>Welcome to nginx!</title>

</head>

<body bgcolor="white" text="black">

<center><h1>Welcome to nginx!</h1></center>

</body>

</html>