# Nginx 简介
# Nginx 介绍
Nginx(发音同 “engine X”)是一个高性能的异步的 HTTP 和反向代理 web 服务器,同时也提供了 IMAP/POP3/SMTP 服务。Nginx 是由伊戈尔·赛索耶夫为俄罗斯访问量第二的 Rambler.ru 站点(俄文:Рамблер)开发的,第一个公开版本 0.1.0 发布于 2004 年 10 月 4 日。2019年3月11日,Nginx公司被F5网络公司以 6.7 亿美元收购。 其将源代码以类BSD许可证的形式发布,因它的稳定性、丰富的功能集、简单的配置文件和低系统资源的消耗而闻名。2011 年 6 月 1 日,nginx 1.0.4 发布。 Nginx 是一款轻量级的 Web 服务器/反向代理服务器及电子邮件(IMAP/POP3)代理服务器,在 BSD-like 协议下发行。其特点是占有内存少,并发能力强,事实上 nginx 的并发能力在同类型的网页服务器中表现较好,中国大陆使用 nginx 网站用户有:百度、京东、新浪、网易、腾讯、淘宝等。
# Nginx 特点
- 内存占用少,只有 2M,tomcat 启动内存占用量 200M
- 并发能力强 3-5 万次,tomcat 支持 180 - 250,调优之后支持 1000
- Nginx 可以作为 web 服务器使用
扩展:运营商为了支持更大的并发量,一般会采购硬件设备。如:F5 负载均衡服务器
# Nginx 版本说明
在 Nginx 的官网上(http://nginx.org/en/download.html (opens new window))可以看到主要有三个版本:
- Mainline version
- Stable version
- Legacy versions
Mainline version:(官方推荐优先使用此版本)最新版本,修复之前版本中所有已知的 BUG (包括小 BUG 和大 BUG),以及新特性。
Stable version:稳定版本,不再进行新功能的开发,会对主要的 BUG 进行修复。
Legacy versions:历史版本,以前的稳定版本会保留在这里,不再进行维护。
官方之前发表过一篇文章,关于Nginx应该使用哪个版本号:https://www.nginx.com/blog/nginx-1-6-1-7-released/ (opens new window)
官方推荐:在大多数情况下都应该使用最新的 mainline 版本,而不是 stable 版本。stable 版本只会修复重大 bug,而一些小的 bug 是不会修复的。
比如,现在的最新版本号是 1.21.6,稳定版本号是 1.20.2,我们在 官网 (opens new window) 点击 CHANGES 查看版本的更新日志。
稳定版本 1.20.2 更新日志:
Changes with nginx 1.20.2 16 Nov 2021
*) Feature: OpenSSL 3.0 compatibility.
*) Bugfix: SSL variables might be empty when used in logs; the bug had
appeared in 1.19.5.
*) Bugfix: keepalive connections with gRPC backends might not be closed
after receiving a GOAWAY frame.
*) Bugfix: backend SSL connections in the stream module might hang after
an SSL handshake.
*) Bugfix: SSL connections with gRPC backends might hang if select,
poll, or /dev/poll methods were used.
*) Bugfix: in the $content_length variable when using chunked transfer
encoding.
*) Bugfix: requests might hang when using HTTP/2 and the "aio_write"
directive.
Changes with nginx 1.20.1 25 May 2021
*) Security: 1-byte memory overwrite might occur during DNS server
response processing if the "resolver" directive was used, allowing an
attacker who is able to forge UDP packets from the DNS server to
cause worker process crash or, potentially, arbitrary code execution
(CVE-2021-23017).
Changes with nginx 1.20.0 20 Apr 2021
*) 1.20.x stable branch.
最新版本 1.21.6 更新日志:
Changes with nginx 1.21.6 25 Jan 2022
*) Bugfix: when using EPOLLEXCLUSIVE on Linux client connections were
unevenly distributed among worker processes.
*) Bugfix: nginx returned the "Connection: keep-alive" header line in
responses during graceful shutdown of old worker processes.
*) Bugfix: in the "ssl_session_ticket_key" when using TLSv1.3.
Changes with nginx 1.21.5 28 Dec 2021
*) Change: now nginx is built with the PCRE2 library by default.
*) Change: now nginx always uses sendfile(SF_NODISKIO) on FreeBSD.
*) Feature: support for sendfile(SF_NOCACHE) on FreeBSD.
*) Feature: the $ssl_curve variable.
*) Bugfix: connections might hang when using HTTP/2 without SSL with the
"sendfile" and "aio" directives.
Changes with nginx 1.21.4 02 Nov 2021
*) Change: support for NPN instead of ALPN to establish HTTP/2
connections has been removed.
*) Change: now nginx rejects SSL connections if ALPN is used by the
client, but no supported protocols can be negotiated.
*) Change: the default value of the "sendfile_max_chunk" directive was
changed to 2 megabytes.
*) Feature: the "proxy_half_close" directive in the stream module.
*) Feature: the "ssl_alpn" directive in the stream module.
*) Feature: the $ssl_alpn_protocol variable.
*) Feature: support for SSL_sendfile() when using OpenSSL 3.0.
*) Feature: the "mp4_start_key_frame" directive in the
ngx_http_mp4_module.
Thanks to Tracey Jaquith.
*) Bugfix: in the $content_length variable when using chunked transfer
encoding.
*) Bugfix: after receiving a response with incorrect length from a
proxied backend nginx might nevertheless cache the connection.
Thanks to Awdhesh Mathpal.
*) Bugfix: invalid headers from backends were logged at the "info" level
instead of "error"; the bug had appeared in 1.21.1.
*) Bugfix: requests might hang when using HTTP/2 and the "aio_write"
directive.
Changes with nginx 1.21.3 07 Sep 2021
*) Change: optimization of client request body reading when using
HTTP/2.
*) Bugfix: in request body filters internal API when using HTTP/2 and
buffering of the data being processed.
Changes with nginx 1.21.2 31 Aug 2021
*) Change: now nginx rejects HTTP/1.0 requests with the
"Transfer-Encoding" header line.
*) Change: export ciphers are no longer supported.
*) Feature: OpenSSL 3.0 compatibility.
*) Feature: the "Auth-SSL-Protocol" and "Auth-SSL-Cipher" header lines
are now passed to the mail proxy authentication server.
Thanks to Rob Mueller.
*) Feature: request body filters API now permits buffering of the data
being processed.
*) Bugfix: backend SSL connections in the stream module might hang after
an SSL handshake.
*) Bugfix: the security level, which is available in OpenSSL 1.1.0 or
newer, did not affect loading of the server certificates when set
with "@SECLEVEL=N" in the "ssl_ciphers" directive.
*) Bugfix: SSL connections with gRPC backends might hang if select,
poll, or /dev/poll methods were used.
*) Bugfix: when using HTTP/2 client request body was always written to
disk if the "Content-Length" header line was not present in the
request.
Changes with nginx 1.21.1 06 Jul 2021
*) Change: now nginx always returns an error for the CONNECT method.
*) Change: now nginx always returns an error if both "Content-Length"
and "Transfer-Encoding" header lines are present in the request.
*) Change: now nginx always returns an error if spaces or control
characters are used in the request line.
*) Change: now nginx always returns an error if spaces or control
characters are used in a header name.
*) Change: now nginx always returns an error if spaces or control
characters are used in the "Host" request header line.
*) Change: optimization of configuration testing when using many
listening sockets.
*) Bugfix: nginx did not escape """, "<", ">", "\", "^", "`", "{", "|",
and "}" characters when proxying with changed URI.
*) Bugfix: SSL variables might be empty when used in logs; the bug had
appeared in 1.19.5.
*) Bugfix: keepalive connections with gRPC backends might not be closed
after receiving a GOAWAY frame.
*) Bugfix: reduced memory consumption for long-lived requests when
proxying with more than 64 buffers.
Changes with nginx 1.21.0 25 May 2021
*) Security: 1-byte memory overwrite might occur during DNS server
response processing if the "resolver" directive was used, allowing an
attacker who is able to forge UDP packets from the DNS server to
cause worker process crash or, potentially, arbitrary code execution
(CVE-2021-23017).
*) Feature: variables support in the "proxy_ssl_certificate",
"proxy_ssl_certificate_key" "grpc_ssl_certificate",
"grpc_ssl_certificate_key", "uwsgi_ssl_certificate", and
"uwsgi_ssl_certificate_key" directives.
*) Feature: the "max_errors" directive in the mail proxy module.
*) Feature: the mail proxy module supports POP3 and IMAP pipelining.
*) Feature: the "fastopen" parameter of the "listen" directive in the
stream module.
Thanks to Anbang Wen.
*) Bugfix: special characters were not escaped during automatic redirect
with appended trailing slash.
*) Bugfix: connections with clients in the mail proxy module might be
closed unexpectedly when using SMTP pipelining.
对比发现,在 25 May 2021 这天,最新版本和稳定版本都对一个安全问题进行了修复。
Security: 1-byte memory overwrite might occur during DNS server
response processing if the "resolver" directive was used, allowing an
attacker who is able to forge UDP packets from the DNS server to
cause worker process crash or, potentially, arbitrary code execution
(CVE-2021-23017).
但是,稳定版本同时还修复了一些 bug,并且修复的这些 bug 并没有在稳定版本上的更新日志体现,说明没有在稳定版本中修复:
*) Bugfix: special characters were not escaped during automatic redirect
with appended trailing slash.
*) Bugfix: connections with clients in the mail proxy module might be
closed unexpectedly when using SMTP pipelining.
这也证实了官方的说法,Nginx 的主线版本会修复所有已知 BUG,而稳定版本只修复主要 BUG(其实就是一些涉及安全问题的 BUG)。主线版本既包括所有已知 BUG 的修复,也包括了新的特性,以及一些参数的调整。
# Nginx 命令大全
默认情况下,
Nginx 安装在 /usr/local/nginx 目录下;
其二进制文件为 /usr/local/nginx/sbin/nginx;
配置文件为 /usr/local/nginx/conf/nginx.conf
# 启动 Nginx
# 用默认的配置文件启动 Nginx
cd /usr/local/nginx/sbin
./nginx
# 用指定的配置文件启动 Nginx
cd /usr/local/nginx/sbin
./nginx -c tempnginx.conf
# 强制停止 Nginx
cd /usr/local/nginx/sbin
./nginx -s stop
# 优雅停止 Nginx
优雅地停止 Nginx 服务(即处理完所有请求后再停止服务)
cd /usr/local/nginx/sbin
./nginx -s quit
# 重启 Nginx
注意,此命令不会重新加载配置文件。
如果需要重启并重新读取配置文件请使用 ./nginx -s reload
cd /usr/local/nginx/sbin
./nginx -s reopen
# 重新加载 Nginx 配置文件
重新加载 Nginx 配置文件,然后以优雅的方式重启 Nginx
cd /usr/local/nginx/sbin
./nginx -s reload
# 检查 Nginx 配置文件
测试 Nginx 的配置文件是否有语法错误
cd /usr/local/nginx/sbin
./nginx -t
# 查看 Nginx 版本号
cd /usr/local/nginx/sbin
./nginx -v
# 查看 Nginx 编译时参数
除了显示版本信息外,还可以显示配置编译阶段的信息,例如 GCC 编译器版本、操作系统版本、执行 configure 时的参数等:
V=verbose,详细信息
cd /usr/local/nginx/sbin
./nginx -V
# 获取 Nginx 帮助
可以查看当前版本所有支持的 Nginx 指令以及版本号。
[root@localhost ~]# nginx -h
nginx version: nginx/1.21.6
Usage: nginx [-?hvVtTq] [-s signal] [-p prefix]
[-e filename] [-c filename] [-g directives]
Options:
-?,-h : this help
-v : show version and exit
-V : show version and configure options then exit
-t : test configuration and exit
-T : test configuration, dump it and exit
-q : suppress non-error messages during configuration testing
-s signal : send signal to a master process: stop, quit, reopen, reload
-p prefix : set prefix path (default: /usr/local/nginx/)
-e filename : set error log file (default: logs/error.log)
-c filename : set configuration file (default: conf/nginx.conf)
-g directives : set global directives out of configuration file
参考资料:
CGB2111-Day17-项目发布 (opens new window)