负载均衡补充

1.ngx平滑升级

平滑升级：升级过程中用的访问，不断开。

1. 传统升级.
   • 备份现有的ngx命令.
   • 用新的版本的ngx命令替换原有的命令.
   • 重启ngx.
2. 平滑升级
   • 准备好新的nginx命令(已经测试的)
   • 检查旧版本的nginx是否运行,如果没有运行下.
   • 把当前环境的nginx的命令备份,使用新的替换.
   • ⭐ 通过kill命令向当前运行ngx发出信号,准备被替代kill -USR2 pid  （把当前运行ngx的pid文件改个名，使用新的nginx命令启动ngx进程）
   • 测试调试,关闭旧的ngx的进程即可.(kill即可.)

1.1 环境准备

# web01服务器
1.准备好ngx 1.26.1 /sbin/nginx #1.26.1
2.准备新版本的nginx /tmp/nginx #tengine 3.1.0 参考负载均衡监控模块 https://www.cnblogs.com/daofaziran/p/18516488

 1.2 平滑升级

查看代码

 # 查看当前nginx版本
[root@web01 ~]# nginx -V
nginx version: nginx/1.26.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC) 
built with OpenSSL 1.0.2k-fips  26 Jan 2017 (running with OpenSSL 1.0.2o-fips  27 Mar 2018)
TLS SNI support enabled
[root@web01 ~]# # 把当前环境的nginx的命令备份
[root@web01 ~]# mv /sbin/nginx /sbin/nginx-1.26# 使用新的nginx的命令替换
[root@web01 ~]# cp /opt/nginx  /sbin/
[root@web01 ~]# 
[root@web01 ~]# ll /sbin/ | grep nginx
-rwxr-xr-x 1 root root   9223624 10月 31 16:19 nginx
-rwxr-xr-x 1 root root   1407480  5月 30 03:07 nginx-1.26
-rwxr-xr-x 1 root root   1530552  5月 30 03:07 nginx-debug
[root@web01 ~]# # 查找nginx pid
[root@web01 ~]# ll /var/run/ | grep nginx
-rw-r--r--  1 root           root              5 10月 31 16:28 nginx.pid
[root@web01 ~]# 
[root@web01 ~]# cat /var/run/nginx.pid 
8976
[root@web01 ~]# 
[root@web01 ~]# ps -ef |grep nginx 
root        8976       1  0 16:28 ?        00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
www         8977    8976  0 16:28 ?        00:00:00 nginx: worker process
www         8978    8976  0 16:28 ?        00:00:00 nginx: worker process
root        9066    1252  0 16:31 pts/0    00:00:00 grep --color=auto nginx
[root@web01 ~]# # 通过kill命令向当前运行ngx发出信号,准备被替代kill -USR2 pid
[root@web01 ~]# kill -USR2 `cat /var/run/nginx.pid`
[root@web01 ~]# 
[root@web01 ~]# ll /var/run/ | grep nginx
-rw-r--r--  1 root           root              5 10月 31 16:31 nginx.pid
-rw-r--r--  1 root           root              5 10月 31 16:28 nginx.pid.oldbin
[root@web01 ~]# 
[root@web01 ~]# ps -ef |grep nginx 
root        8976       1  0 16:28 ?        00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
www         8977    8976  0 16:28 ?        00:00:00 nginx: worker process
www         8978    8976  0 16:28 ?        00:00:00 nginx: worker process
root        9070    8976  0 16:31 ?        00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
www         9071    9070  0 16:31 ?        00:00:00 nginx: worker process
www         9072    9070  0 16:31 ?        00:00:00 nginx: worker process
root        9078    1252  0 16:32 pts/0    00:00:00 grep --color=auto nginx
[root@web01 ~]# 
[root@web01 ~]# cat /var/run/nginx.pid.oldbin 
8976# 测试调试,关闭旧的ngx的进程即可.(kill即可.)
[root@web01 ~]# kill `cat /var/run/nginx.pid.oldbin`
[root@web01 ~]# 
[root@web01 ~]# ps -ef |grep nginx 
root        9070       1  0 16:31 ?        00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
www         9071    9070  0 16:31 ?        00:00:00 nginx: worker process
www         9072    9070  0 16:31 ?        00:00:00 nginx: worker process
root        9091    1252  0 16:33 pts/0    00:00:00 grep --color=auto nginx
[root@web01 ~]# 
[root@web01 ~]# ll /var/run/ | grep nginx
-rw-r--r--  1 root           root              5 10月 31 16:31 nginx.pid
[root@web01 ~]# 
[root@web01 ~]# ss -lntup | grep nginx
tcp     LISTEN   0        128              0.0.0.0:80             0.0.0.0:*      users:(("nginx",pid=9072,fd=13),("nginx",pid=9071,fd=13),("nginx",pid=9070,fd=13))
[root@web01 ~]# 
[root@web01 ~]# nginx -V
Tengine version: Tengine/3.1.0
nginx version: nginx/1.24.0
built by gcc 7.3.0 (GCC) 
built with OpenSSL 1.1.1f  31 Mar 2020
TLS SNI support enabled-pie' --add-module=modules/ngx_http_upstream_check_module
[root@web01 ~]# 
[root@web01 ~]# 
[root@web01 ~]# curl -v 10.0.0.69
*   Trying 10.0.0.69:80...
* Connected to 10.0.0.69 (10.0.0.69) port 80 (#0)
> GET / HTTP/1.1
> Host: 10.0.0.69
> User-Agent: curl/7.71.1
> Accept: */*
> 

1.3 平滑升级nginx脚本

service nginx upgrade

 [root@web01 /tmp]# cat /usr/libexec/initscripts/legacy-actions/nginx/upgrade
#!/bin/sh
# Legacy action script for "service nginx upgrade"
if [ -f /etc/sysconfig/nginx ]; then
. /etc/sysconfig/nginx
fi
prog=nginx
nginx=/usr/sbin/nginx
conffile=/etc/nginx/nginx.conf
pidfile=`/usr/bin/systemctl show -p PIDFile nginx.service |
sed 's/^PIDFile=//' | tr ' ' '\n'`
SLEEPSEC=${SLEEPSEC:-1}
UPGRADEWAITLOOPS=${UPGRADEWAITLOOPS:-5}
oldbinpidfile=${pidfile}.oldbin
${nginx} -t -c ${conffile} -q || return 6
echo -n $"Starting new master $prog: "
pkill -F ${pidfile} ${prog} --signal USR2
echo
for i in `/usr/bin/seq $UPGRADEWAITLOOPS`; do/bin/sleep $SLEEPSECif [ -f ${oldbinpidfile} -a -f ${pidfile} ]; thenecho -n $"Graceful shutdown of old $prog: "pkill -F ${oldbinpidfile} ${prog} --signal QUITechoexit 0fidone
echo $"Upgrade failed!"
exit 1

2.WEB集群-Ngx-rewrite功能

2.1 ngx重定向概述

• 重定向:重写,也叫url重定向,也叫url改写.
• 通过模块指令实现对url,uri改变.
• 未来需求:
  • ⭐ ⭐ ⭐ ⭐ ⭐ 网站是http(80)-->https(443) URL重定向
    • 用户http://www.baidu.com --> https://www.baidu.com/
  • 根据客户端访问类型进行跳转
• 希望根据用户客户端进行判断
  • • 如果用户的客户端是ios,iphone,android,访问web01.cn
    • 否则默认访问www.web01.cn
  • ⭐ 新老域名跳转: www.360buy.com ---> jd.com
  • 其他需求（进阶）:需要我们调整url格式:伪静态(搜索引擎收入) 运营要求. 动态url地址变化为静态的地址.

#书写跳转规则
http://shop.web01.cn/index.php?mod=product&act=1

2.2 模块与指令

rewrite模块

相关的指令	说明
return	实现对url的改写,一般与ngx变量一起使用.返回指定的状态码. 无法用正则
rewrite	实现对url的改写, 使用正则匹配uri,进行改写. 还有各种标记
set	创建或修改ngx变量
if	判断,一般与ngx变量一起使用. 增强版本的location,location用于匹配请求的uri
----	-----
location	对uri进行判断,判断其他的内容使用if

2.2.1 return 指令

如果用户访问/admin/页面返回403

用户访问指定的uri的时候返回指定的状态码

return 403

 [root@web01 /etc/nginx/conf.d]# vim rewrite.web01.cn.conf
[root@web01 /etc/nginx/conf.d]# cat rewrite.web01.cn.conf 
server {listen 80;server_name rewrite.web01.cn;root /app/code/rewrite;location / {index index.html;}#location ~* (\.ini|\.pass)$ {location /admin/ {return 403;}
}
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# systemctl restart nginx
[root@web01 /etc/nginx/conf.d]# mkdir -p /app/code/rewrite/admin
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# echo rewrite 家页面 > /app/code/rewrite/index.html
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# echo admin 家页面 > /app/code/rewrite/admin/index.html
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# curl -H Host:rewrite.web01.cn http://10.0.0.69/
rewrite 家页面
[root@web01 /etc/nginx/conf.d]# curl -H Host:rewrite.web01.cn http://10.0.0.69/admin
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr/>Powered by Tengine/3.1.0<hr><center>tengine</center>
</body>
</html>
[root@web01 /etc/nginx/conf.d]# curl -H Host:rewrite.web01.cn http://10.0.0.69/admin/
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>Sorry for the inconvenience.<br/>
Please report this message and include the following information to us.<br/>
Thank you very much!</p>
<table>
<tr>
<td>URL:</td>
<td>http://rewrite.web01.cn/admin/</td>
</tr>
<tr>
<td>Server:</td>
<td>web01</td>
</tr>
<tr>
<td>Date:</td>
<td>2024/11/04 08:50:15</td>
</tr>
</table>
<hr/>Powered by Tengine/3.1.0<hr><center>tengine</center>
</body>
</html>
[root@web01 /etc/nginx/conf.d]# 

这里写return 403;所有人禁止访问/admin/页面.

域名间跳转

用户访问rewrite.web01.cn --> www.baidu.com

书写

[root@web01 /etc/nginx/conf.d]# cp rewrite.web01.cn.conf rewrite_to_baidu.web01.cn.conf 
[root@web01 /etc/nginx/conf.d]# vim rewrite_to_baidu.web01.cn.conf 
[root@web01 /etc/nginx/conf.d]# cat rewrite_to_baidu.web01.cn.conf 
server {listen 80;server_name rewrite.web01_to_baidu.cn;return 301 http://www.baidu.com$request_uri;
}
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# systemctl restart nginx

测试

-L --location 跟随跳转,响应是301,302跳转的时候使用.

查看代码

 [root@web01 /etc/nginx/conf.d]# vim /etc/hosts
[root@web01 /etc/nginx/conf.d]# 
172.16.1.75 lb01
172.16.1.76 lb02
172.16.1.69 web01
172.16.1.70 web02
172.16.1.72 web03
172.16.1.68 nfs01
172.16.1.67 backup
172.16.1.81 db01
172.16.1.71 m01
10.0.0.69 rewrite.web01_to_baidu.cn
[root@web01 /etc/nginx/conf.d]#
[root@web01 /etc/nginx/conf.d]# curl -v rewrite.web01_to_baidu.cn
*   Trying 10.0.0.69:80...
* Connected to rewrite.web01_to_baidu.cn (10.0.0.69) port 80 (#0)
> GET / HTTP/1.1
> Host: rewrite.web01_to_baidu.cn
> User-Agent: curl/7.71.1
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Server: Tengine/3.1.0
< Date: Mon, 04 Nov 2024 01:14:26 GMT
< Content-Type: text/html
< Content-Length: 245
< Connection: keep-alive
< Location: http://www.baidu.com/
< 
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr/>Powered by Tengine/3.1.0<hr><center>tengine</center>
</body>
</html>
* Connection #0 to host rewrite.web01_to_baidu.cn left intact[root@web01 /etc/nginx/conf.d]# curl -Lv -H Host:rewrite.web01_to_baidu.cn http://10.0.0.69/十万个为什么？
*   Trying 10.0.0.69:80...
* Connected to 10.0.0.69 (10.0.0.69) port 80 (#0)
> GET /十万个为什么？ HTTP/1.1
> Host:rewrite.web01_to_baidu.cn
> User-Agent: curl/7.71.1
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Server: Tengine/3.1.0
< Date: Mon, 04 Nov 2024 01:17:05 GMT
< Content-Type: text/html
< Content-Length: 245
< Connection: keep-alive
< Location: http://www.baidu.com/十万个为什么？
< 
* Ignoring the response-body
* Connection #0 to host 10.0.0.69 left intact
* Issue another request to this URL: 'http://www.baidu.com/%e5%8d%81%e4%b8%87%e4%b8%aa%e4%b8%ba%e4%bb%80%e4%b9%88%ef%bc%9f'
*   Trying 110.242.68.4:80...
* Connected to www.baidu.com (110.242.68.4) port 80 (#1)
> GET /%e5%8d%81%e4%b8%87%e4%b8%aa%e4%b8%ba%e4%bb%80%e4%b9%88%ef%bc%9f HTTP/1.1
> Host: www.baidu.com
> User-Agent: curl/7.71.1
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 404 Not Found
< Content-Length: 219
< Content-Type: text/html; charset=iso-8859-1
< Date: Mon, 04 Nov 2024 01:17:05 GMT
< Server: Apache
< 
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /十万个为什么？ was not found on this server.</p>
</body></html>
* Connection #1 to host www.baidu.com left intact

http跳转https ⭐⭐⭐⭐⭐

用户请求网站一般都是http请求,http-->https

完整流程等讲完https.

 

 

$request_uri变量用于记录用户请求的uri.

return小结

• return + 状态码 与 location 或 if.
• return 实现跳转
• 返回指定的状态码.
• 域名跳转(新旧域名)
• http-->https跳转(讲解完成https后必会)

2.2.2 if 判断

if擅长与ngx变量搭配进行判断.

if相当于shell编程中的单分支判断,ngx中的if没有双分支或多分支.

如果博客请求头包含 "lb_check"，不生成访问日志

配置文件

查看代码

 cat blog.web01.cn.conf 
server{listen 80;server_name blog.web01.cn;root /app/code/blog/;error_log /var/log/nginx/blog-error.log notice;access_log /var/log/nginx/blog-access.log main;location / {index index.php;}location ~* \.php$ {if ( $http_user_agent ~* "lb_check" ){access_log off;}fastcgi_pass 127.0.0.1:9000;fastcgi_index index.php;fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;include fastcgi_params;}location =test_ngx_php.php {index test_ngx_php.php; }location =test_db_php.php {index test_db_php.php;}}

测试

[root@web01 /etc/nginx/conf.d]# cat /var/log/nginx/blog-access.log

rewrite.web01.cn 网站只准许GET,POST,HEAD,其 他访问禁止访问. ⭐⭐⭐⭐⭐

需求:为了安全.

• if用于进行判断,通过ngx中变量.(f放在server , location)
• 可以比大小.
• 也可以进行等于,不等于.
• 也可以进行匹配(过滤).

if 判断格式

if指令在ngx中的格式
if (条件) {
满足条件执行的内容.
}使用到的变量: $request_method 取出请求方法. 

配置文件

查看代码

 root@web01 /etc/nginx/conf.d]# vim rewrite_if.conf
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# nginx -t
nginx: [warn] conflicting server name "rewrite.web01.cn" on 0.0.0.0:80, ignored
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@web01 /etc/nginx/conf.d]# systemctl restart nginx
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# cat rewrite_if.conf 
server {listen 80;server_name rewrite.web01.cn;root /app/code/rewrite;if ( $request_method !~ "GET|POST|HEAD" ) {return 403; #这里可以使用405状态码,405表示使用的请求方法不被网站准许或支持.} location / {index index.html;}
}

测试

查看代码

 [root@web01 /etc/nginx/conf.d]# vim /etc/hosts
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# cat /etc/hosts
172.16.1.75 lb01
172.16.1.76 lb02
172.16.1.69 web01
172.16.1.70 web02
172.16.1.72 web03
172.16.1.68 nfs01
172.16.1.67 backup
172.16.1.81 db01
172.16.1.71 m01
10.0.0.69 rewrite.web01_to_baidu.cn
172.16.1.69 rewrite.web01.cn
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# curl rewrite.web01.cn
rewrite 家页面
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# curl -I rewrite.web01.cn
HTTP/1.1 200 OK
Server: Tengine/3.1.0
Date: Mon, 04 Nov 2024 01:53:29 GMT
Content-Type: text/html
Content-Length: 18
Last-Modified: Mon, 04 Nov 2024 00:46:22 GMT
Connection: keep-alive
ETag: "6728195e-12"
Accept-Ranges: bytes[root@web01 /etc/nginx/conf.d]# curl -v rewrite.web01.cn
*   Trying 172.16.1.69:80...
* Connected to rewrite.web01.cn (172.16.1.69) port 80 (#0)
> GET / HTTP/1.1
> Host: rewrite.web01.cn
> User-Agent: curl/7.71.1
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: Tengine/3.1.0
< Date: Mon, 04 Nov 2024 01:54:03 GMT
< Content-Type: text/html
< Content-Length: 18
< Last-Modified: Mon, 04 Nov 2024 00:46:22 GMT
< Connection: keep-alive
< ETag: "6728195e-12"
< Accept-Ranges: bytes
< 
rewrite 家页面
* Connection #0 to host rewrite.web01.cn left intact
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# curl -X POST rewrite.web01.cn
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head><title>405 Not Allowed</title></head>
<body>
<center><h1>405 Not Allowed</h1></center>Sorry for the inconvenience.<br/>
Please report this message and include the following information to us.<br/>
Thank you very much!</p>
<table>
<tr>
<td>URL:</td>
<td>http://rewrite.web01.cn/</td>
</tr>
<tr>
<td>Server:</td>
<td>web01</td>
</tr>
<tr>
<td>Date:</td>
<td>2024/11/04 09:54:21</td>
</tr>
</table>
<hr/>Powered by Tengine/3.1.0<hr><center>tengine</center>
</body>
</html>
[root@web01 /etc/nginx/conf.d]# 

if小结

• 一般与ngx内置变量或自定义变量一起使用.
• 与location使用的符号类似.
• ~ ~*
• !~ !~*
• =
• !=
• 常用, \*, ! ,!*
• ngx取反,排除,只能用if

客户端ip地址 $remote_addr
请求方法: $request_method
请求uri: $request_uri
UA客户端类型 $http_user_agent

2.2.3 set

用于自己创建或修改ngx变量

#shell写法
name=666
echo $name
#ngx中写法
set $变量名字 值;
set $name 996;

温馨提示:

ngx变量,进行赋值与进行使用都需要加上$符号.

创建/app/code/blog/weihu.html ,文件存在 则显示503网站维护

通过if+-f判断 不需要重启ngx

配置

查看代码

 [root@web01 /etc/nginx/conf.d]# cp rewrite.web01.cn.conf rewrite.web01.cn.conf.bak
[root@web01 /etc/nginx/conf.d]# vim rewrite.web01.cn.conf
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# cat rewrite.web01.cn.conf
server {listen 80;server_name rewrite.web01.cn;#error_log#acess_logif ( -f /app/code/blog/weihu.html ) {return 503;}if ( $request_method !~ "^(GET|POST|HEAD)$" ) {return 405;}return 302 http://www.baidu.com$request_uri;
}
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# nginx -t
nginx: [warn] conflicting server name "rewrite.web01.cn" on 0.0.0.0:80, ignored
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# systemctl restart nginx

测试

[root@web01 /etc/nginx/conf.d]# curl rewrite.web01.cn
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head><title>503 Service Temporarily Unavailable</title></head>
<body>
<center><h1>503 Service Temporarily Unavailable</h1></center>Sorry for the inconvenience.<br/>
Please report this message and include the following information to us.<br/>
Thank you very much!</p>

创建/app/code/blog/weihu.html ,文件存在 则显示503网站维护(放行内网)

if没有多分支,双分支.
if无法使用-a或&&表示并且.
条件1: 文件/app/code/blog/weihu.html 是否存在
条件2: 客户端ip是否为内网
处理: 文件存在 并且 不是内网 则503.

配置

查看代码

 [root@web01 /etc/nginx/conf.d]# cp rewrite.web01.cn.conf rewrite.web01.cn.conf_503
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# vim rewrite.web01.cn.conf
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# nginx -t
nginx: [warn] conflicting server name "rewrite.web01.cn" on 0.0.0.0:80, ignored
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# systemctl restart nginx
[root@web01 /etc/nginx/conf.d]# cat rewrite.web01.cn.conf
server {listen 80;server_name rewrite.web01.cn;root /app/code/rewrite;set $flag 0;set $file /app/code/rewrite/weihu.html;if ( $remote_addr !~* 172.16.1.* ) {set $flag 1;}if ( -f ${file} ) {set $flag ${flag}1;}if ( $flag = 11 ) {return 503;}if ( $request_method !~* "GET|POST|HEAD" ) {return 403;}location / {index index.html;}#location ~* (\.ini|\.pass)$ {location /admin/ {return 403;}
}

测试

查看代码

 [root@web01 /etc/nginx/conf.d]# vim /etc/hosts
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# cat /etc/hosts
172.16.1.75 lb01
172.16.1.76 lb02
172.16.1.69 web01
172.16.1.70 web02
172.16.1.72 web03
172.16.1.68 nfs01
172.16.1.67 backup
172.16.1.81 db01
172.16.1.71 m01
10.0.0.69 rewrite.web01_to_baidu.cn
10.0.0.69 rewrite.web01.cn[root@web01 /etc/nginx/conf.d]# touch /app/code/rewrite/weihu.html
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# ll /app/code/rewrite/
总用量 4
drwxr-xr-x 2 root root 24 11月  4 08:47 admin
-rw-r--r-- 1 root root 18 11月  4 08:46 index.html
-rw-r--r-- 1 root root  0 11月  4 11:19 weihu.html[root@web01 /etc/nginx/conf.d]# curl rewrite.web01.cn
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head><title>503 Service Temporarily Unavailable</title></head>
<body>
<center><h1>503 Service Temporarily Unavailable</h1></center>Sorry for the inconvenience.<br/>
Please report this message and include the following information to us.<br/>
Thank you very much!</p># 修改hosts解析为172网段。可以正常访问
[root@web01 /etc/nginx/conf.d]# curl rewrite.web01.cn
rewrite 家页面

准许内网,指定ip,127.0.0.1,localhost .....

map(相当于shell中的case语句) 放在http区域

#如果$remote_addr变量的内容是 xxx,则修改$tmp变量的内容.
map $remote_addr $tmp {hostnames;default 0;172.16.1.* 1;127.0.0.1 1;web01
}

配置可以改为

查看代码

 [root@web01 /etc/nginx/conf.d]# cat rewrite.web01.cn.conf
map $remote_addr $flag {hostnames;default 1;172.16.1.* 0;127.0.0.1 0;localhost 0;10.0.0.1 0;
}
server {listen 80;server_name rewrite.web01.cn;root /app/code/rewrite;set $flag 0;set $file /app/code/rewrite/weihu.html;# map可替代下面的if语句  
#  if ( $remote_addr !~* 172.16.1.* ) {
#    set $flag 1;
#  }if ( -f ${file} ) {set $flag ${flag}1;}if ( $flag = 11 ) {return 503;}if ( $request_method !~* "GET|POST|HEAD" ) {return 403;}location / {index index.html;}#location ~* (\.ini|\.pass)$ {location /admin/ {return 403;}
}

2.2.4 rewrite

rewrite指令

跳转指令	共同点	区别
return	实现跳转	301/302跳转,ngx变量,不支持正则. 一般用于新旧域名,http-->https
rewrite	实现跳转	支持正则表达式,实现伪静态. uri调整

rewrite格式:

rewrite正则用于匹配用户请求的uri.

命令的格式与sed 's###g'反向引用类似,实现替换功能,rewrite替换url内容.(改写)

rewrite 指令	说明
格式	rewrite 找什么(具体内容/正则/保护分组) 替换成什么(具体内容,后向引用) [标记]; 标记可以省略,默认使用redirect标记(302)
放在哪里	server , location , if
⚠	rewrite匹配的内容,匹配uri.

rewrite的301,302标记

redirect或不写   302
permanent        301

域名跳转

[root@web01 /etc/nginx/conf.d]# cat rewrite.web01.cn.conf
server{listen 80;server_name rewrite.web01.cn;#return 301 http://baidu.com$request_uri;#http://rewrite.web01.cn#                       ^    $rewrite ^(.*)$ http://baidu.com$1 permanent;
}

调试

页面直接访问rewrite.web01.cn会跳转到百度

[root@web01 /etc/nginx/conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# systemctl reload nginx
[root@web01 /etc/nginx/conf.d]# curl -Lv rewrite.web01.cn/1.txt
*   Trying 10.0.0.69:80...
* Connected to rewrite.web01.cn (10.0.0.69) port 80 (#0)
> GET /1.txt HTTP/1.1
> Host: rewrite.web01.cn
> User-Agent: curl/7.71.1
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Server: Tengine/3.1.0
< Date: Tue, 05 Nov 2024 02:20:59 GMT
< Content-Type: text/html
< Content-Length: 245
< Connection: keep-alive
< Location: http://baidu.com/1.txt
< 
* Ignoring the response-body
* Connection #0 to host rewrite.web01.cn left intact
* Issue another request to this URL: 'http://baidu.com/1.txt'
*   Trying 110.242.68.66:80...
* Connected to baidu.com (110.242.68.66) port 80 (#1)
> GET /1.txt HTTP/1.1
> Host: baidu.com
> User-Agent: curl/7.71.1
> Accept: */*
> 

http-->https

cat rewrite.web01.cn.conf
server {listen 80;server_name rewrite.web01.cn;#return 302 https://rewrite.web01.cn$request_uri;rewrite ^(.*)$ https://rewrite.web01.cn$1 ; #302}server {listen 443 ssl;server_name rewrite.web01.cn;root /app/code/rewrite/;私钥公钥(证书)location / {index index.html;}
}

Rewrite各种标记

rewrite 正则 替换内容 标记;

标记	说明	补充
redirect默认	302 临时 用户访问的时候,收到302提示及新的位置Location(响应头),用户根据Location新的位置进行访问(让用户重新发出http请求)	新旧地址都可以用
permanent	301 永久 用户访问的时候,收到302提示及新的位置Location(响应头),用户根据Location新的位置进行访问(让用户重新发出http请求)	旧的地址排名取消,旧的不用了,只用新的网站
break	用户的请求匹配到包含break指令或rewrite规则后,及时后面还有location规则,不会继续运行.终止运行.	类似于exit
last	用户请求匹配到包含last标记的rewrite规则后,停止继续执行,ngx会重新发出内部请求,请求与location规则进行匹配.	开启ngx，rewrite_log才能看到 类似于continue

配置

配置文件

[root@web01 /etc/nginx/conf.d]# cat flag.web01.cn.conf 
server {listen 80;server_name flag.web01.cn;root /app/code/flag;error_log /var/log/nginx/flag-error.log notice;rewrite_log on; #需要错误日志debug ... noticelocation / {rewrite /1.html /2.html;rewrite /2.html /3.html;}location /2.html {rewrite /2.html /b.html;}location /3.html {rewrite /3.html /a.html;}
}

测试

查看代码

# 准备资源目录
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# mkdir -p /app/code/flag/
[root@web01 /etc/nginx/conf.d]# echo "1.html页面" >/app/code/flag/1.html
[root@web01 /etc/nginx/conf.d]# echo "2.html页面" >/app/code/flag/2.html
[root@web01 /etc/nginx/conf.d]# echo "3.html页面" >/app/code/flag/3.html
[root@web01 /etc/nginx/conf.d]# echo "a.html页面" >/app/code/flag/a.html
[root@web01 /etc/nginx/conf.d]# echo "b.html页面" >/app/code/flag/b.html
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# vim /etc/hosts
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# cat /etc/hosts
10.0.0.69 rewrite.web01_to_baidu.cn
10.0.0.69 rewrite.web01.cn
10.0.0.69 flag.web01.cn# 1.访问/1.html显示a.html内容
[root@web01 /etc/nginx/conf.d]# curl -H Host:flag.web01.cn http://10.0.0.69/1.html
a.html页面 #2.访问/2.html显示b.html内容
[root@web01 /etc/nginx/conf.d]# curl -H Host:flag.web01.cn http://10.0.0.69/2.html
b.html页面# 3. 在rewrite /1.html /2.html的时候加上标记break标记.
#rewrite /1.html /2.html break; 执行完成rewrite后直接结束.
server {
... location / {rewrite /1.html /2.html break;rewrite /2.html /3.html ;}
...
}[root@web01 /etc/nginx/conf.d]# vim flag.web01.cn.conf
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# systemctl reload nginx.service 
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# curl -H Host:flag.web01.cn http://10.0.0.69/1.html
2.html页面# 4. 在rewrite /1.html /2.html的时候加上标记last标记.
[root@web01 /etc/nginx/conf.d]# cat flag.web01.cn.conf
server {
...location / {rewrite /1.html /2.html last;rewrite /2.html /3.html ;}
...
}
[root@web01 /etc/nginx/conf.d]# vim flag.web01.cn.conf
[root@web01 /etc/nginx/conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# systemctl reload nginx.service 
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# curl -H Host:flag.web01.cn http://10.0.0.69/1.html
b.html页面