負載均衡補充

1.ngx平滑升級

平滑升級：升級過程中用的訪問，不斷開。

1. 傳統升級.
   • 備份現有的ngx命令.
   • 用新的版本的ngx命令替換原有的命令.
   • 重啟ngx.
2. 平滑升級
   • 準備好新的nginx命令(已經測試的)
   • 檢查舊版本的nginx是否執行,如果沒有執行下.
   • 把當前環境的nginx的命令備份,使用新的替換.
   • ⭐ 透過kill命令向當前執行ngx發出訊號,準備被替代kill -USR2 pid （把當前執行ngx的pid檔案改個名，使用新的nginx命令啟動ngx程序）
   • 測試除錯,關閉舊的ngx的程序即可.(kill即可.)

1.1 環境準備

# web01伺服器
1.準備好ngx 1.26.1 /sbin/nginx #1.26.1
2.準備新版本的nginx /tmp/nginx #tengine 3.1.0 參考負載均衡監控模組 https://www.cnblogs.com/daofaziran/p/18516488

1.2 平滑升級

檢視程式碼

 # 檢視當前nginx版本
[root@web01 ~]# nginx -V
nginx version: nginx/1.26.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC) 
built with OpenSSL 1.0.2k-fips  26 Jan 2017 (running with OpenSSL 1.0.2o-fips  27 Mar 2018)
TLS SNI support enabled
[root@web01 ~]# 

# 把當前環境的nginx的命令備份
[root@web01 ~]# mv /sbin/nginx /sbin/nginx-1.26

# 使用新的nginx的命令替換
[root@web01 ~]# cp /opt/nginx  /sbin/
[root@web01 ~]# 
[root@web01 ~]# ll /sbin/ | grep nginx
-rwxr-xr-x 1 root root   9223624 10月 31 16:19 nginx
-rwxr-xr-x 1 root root   1407480  5月 30 03:07 nginx-1.26
-rwxr-xr-x 1 root root   1530552  5月 30 03:07 nginx-debug
[root@web01 ~]# 

# 查詢nginx pid
[root@web01 ~]# ll /var/run/ | grep nginx
-rw-r--r--  1 root           root              5 10月 31 16:28 nginx.pid
[root@web01 ~]# 
[root@web01 ~]# cat /var/run/nginx.pid 
8976
[root@web01 ~]# 
[root@web01 ~]# ps -ef |grep nginx 
root        8976       1  0 16:28 ?        00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
www         8977    8976  0 16:28 ?        00:00:00 nginx: worker process
www         8978    8976  0 16:28 ?        00:00:00 nginx: worker process
root        9066    1252  0 16:31 pts/0    00:00:00 grep --color=auto nginx
[root@web01 ~]# 

# 透過kill命令向當前執行ngx發出訊號,準備被替代kill -USR2 pid
[root@web01 ~]# kill -USR2 `cat /var/run/nginx.pid`
[root@web01 ~]# 
[root@web01 ~]# ll /var/run/ | grep nginx
-rw-r--r--  1 root           root              5 10月 31 16:31 nginx.pid
-rw-r--r--  1 root           root              5 10月 31 16:28 nginx.pid.oldbin
[root@web01 ~]# 
[root@web01 ~]# ps -ef |grep nginx 
root        8976       1  0 16:28 ?        00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
www         8977    8976  0 16:28 ?        00:00:00 nginx: worker process
www         8978    8976  0 16:28 ?        00:00:00 nginx: worker process
root        9070    8976  0 16:31 ?        00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
www         9071    9070  0 16:31 ?        00:00:00 nginx: worker process
www         9072    9070  0 16:31 ?        00:00:00 nginx: worker process
root        9078    1252  0 16:32 pts/0    00:00:00 grep --color=auto nginx
[root@web01 ~]# 
[root@web01 ~]# cat /var/run/nginx.pid.oldbin 
8976

# 測試除錯,關閉舊的ngx的程序即可.(kill即可.)
[root@web01 ~]# kill `cat /var/run/nginx.pid.oldbin`
[root@web01 ~]# 
[root@web01 ~]# ps -ef |grep nginx 
root        9070       1  0 16:31 ?        00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
www         9071    9070  0 16:31 ?        00:00:00 nginx: worker process
www         9072    9070  0 16:31 ?        00:00:00 nginx: worker process
root        9091    1252  0 16:33 pts/0    00:00:00 grep --color=auto nginx
[root@web01 ~]# 
[root@web01 ~]# ll /var/run/ | grep nginx
-rw-r--r--  1 root           root              5 10月 31 16:31 nginx.pid
[root@web01 ~]# 
[root@web01 ~]# ss -lntup | grep nginx
tcp     LISTEN   0        128              0.0.0.0:80             0.0.0.0:*      users:(("nginx",pid=9072,fd=13),("nginx",pid=9071,fd=13),("nginx",pid=9070,fd=13))
[root@web01 ~]# 
[root@web01 ~]# nginx -V
Tengine version: Tengine/3.1.0
nginx version: nginx/1.24.0
built by gcc 7.3.0 (GCC) 
built with OpenSSL 1.1.1f  31 Mar 2020
TLS SNI support enabled
 -pie' --add-module=modules/ngx_http_upstream_check_module
[root@web01 ~]# 
[root@web01 ~]# 
[root@web01 ~]# curl -v 10.0.0.69
*   Trying 10.0.0.69:80...
* Connected to 10.0.0.69 (10.0.0.69) port 80 (#0)
> GET / HTTP/1.1
> Host: 10.0.0.69
> User-Agent: curl/7.71.1
> Accept: */*
> 

1.3 平滑升級nginx指令碼

service nginx upgrade

 [root@web01 /tmp]# cat /usr/libexec/initscripts/legacy-actions/nginx/upgrade
#!/bin/sh
# Legacy action script for "service nginx upgrade"
if [ -f /etc/sysconfig/nginx ]; then
. /etc/sysconfig/nginx
fi
prog=nginx
nginx=/usr/sbin/nginx
conffile=/etc/nginx/nginx.conf
pidfile=`/usr/bin/systemctl show -p PIDFile nginx.service |
sed 's/^PIDFile=//' | tr ' ' '\n'`
SLEEPSEC=${SLEEPSEC:-1}
UPGRADEWAITLOOPS=${UPGRADEWAITLOOPS:-5}
oldbinpidfile=${pidfile}.oldbin
${nginx} -t -c ${conffile} -q || return 6
echo -n $"Starting new master $prog: "
pkill -F ${pidfile} ${prog} --signal USR2
echo
for i in `/usr/bin/seq $UPGRADEWAITLOOPS`; 
  do
    /bin/sleep $SLEEPSEC
    if [ -f ${oldbinpidfile} -a -f ${pidfile} ]; then
      echo -n $"Graceful shutdown of old $prog: "
      pkill -F ${oldbinpidfile} ${prog} --signal QUIT
      echo
      exit 0
    fi
  done
echo $"Upgrade failed!"
exit 1

2.WEB叢集-Ngx-rewrite功能

2.1 ngx重定向概述

• 重定向:重寫,也叫url重定向,也叫url改寫.
• 透過模組指令實現對url,uri改變.
• 未來需求:
  • ⭐ ⭐ ⭐ ⭐ ⭐ 網站是http(80)-->https(443) URL重定向
    • 使用者http://www.baidu.com --> https://www.baidu.com/
  • 根據客戶端訪問型別進行跳轉
• 希望根據使用者客戶端進行判斷
  • • 如果使用者的客戶端是ios,iphone,android,訪問web01.cn
    • 否則預設訪問www.web01.cn
  • ⭐ 新老域名跳轉: www.360buy.com ---> jd.com
  • 其他需求（進階）:需要我們調整url格式:偽靜態(搜尋引擎收入) 運營要求. 動態url地址變化為靜態的地址.

#書寫跳轉規則
http://shop.web01.cn/index.php?mod=product&act=1

2.2 模組與指令

rewrite模組

相關的指令	說明
return	實現對url的改寫,一般與ngx變數一起使用.返回指定的狀態碼. 無法用正則
rewrite	實現對url的改寫, 使用正則匹配uri,進行改寫. 還有各種標記
set	建立或修改ngx變數
if	判斷,一般與ngx變數一起使用. 增強版本的location,location用於匹配請求的uri
----	-----
location	對uri進行判斷,判斷其他的內容使用if

2.2.1 return 指令

如果使用者訪問/admin/頁面返回403

使用者訪問指定的uri的時候返回指定的狀態碼

return 403

 [root@web01 /etc/nginx/conf.d]# vim rewrite.web01.cn.conf
[root@web01 /etc/nginx/conf.d]# cat rewrite.web01.cn.conf 
server {
  listen 80;
  server_name rewrite.web01.cn;
  root /app/code/rewrite;
  location / {
    index index.html;
  }
  #location ~* (\.ini|\.pass)$ {
  location /admin/ {
  return 403;
  }
}
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# systemctl restart nginx
[root@web01 /etc/nginx/conf.d]# mkdir -p /app/code/rewrite/admin
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# echo rewrite 家頁面 > /app/code/rewrite/index.html
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# echo admin 家頁面 > /app/code/rewrite/admin/index.html
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# curl -H Host:rewrite.web01.cn http://10.0.0.69/
rewrite 家頁面
[root@web01 /etc/nginx/conf.d]# curl -H Host:rewrite.web01.cn http://10.0.0.69/admin
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr/>Powered by Tengine/3.1.0<hr><center>tengine</center>
</body>
</html>
[root@web01 /etc/nginx/conf.d]# curl -H Host:rewrite.web01.cn http://10.0.0.69/admin/
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
 Sorry for the inconvenience.<br/>
Please report this message and include the following information to us.<br/>
Thank you very much!</p>
<table>
<tr>
<td>URL:</td>
<td>http://rewrite.web01.cn/admin/</td>
</tr>
<tr>
<td>Server:</td>
<td>web01</td>
</tr>
<tr>
<td>Date:</td>
<td>2024/11/04 08:50:15</td>
</tr>
</table>
<hr/>Powered by Tengine/3.1.0<hr><center>tengine</center>
</body>
</html>
[root@web01 /etc/nginx/conf.d]# 

這裡寫return 403;所有人禁止訪問/admin/頁面.

域名間跳轉

使用者訪問rewrite.web01.cn --> www.baidu.com

書寫

[root@web01 /etc/nginx/conf.d]# cp rewrite.web01.cn.conf rewrite_to_baidu.web01.cn.conf 
[root@web01 /etc/nginx/conf.d]# vim rewrite_to_baidu.web01.cn.conf 
[root@web01 /etc/nginx/conf.d]# cat rewrite_to_baidu.web01.cn.conf 
server {
  listen 80;
  server_name rewrite.web01_to_baidu.cn;
  return 301 http://www.baidu.com$request_uri;
}
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# systemctl restart nginx

測試

-L --location 跟隨跳轉,響應是301,302跳轉的時候使用.

檢視程式碼

 [root@web01 /etc/nginx/conf.d]# vim /etc/hosts
[root@web01 /etc/nginx/conf.d]# 
172.16.1.75 lb01
172.16.1.76 lb02
172.16.1.69 web01
172.16.1.70 web02
172.16.1.72 web03
172.16.1.68 nfs01
172.16.1.67 backup
172.16.1.81 db01
172.16.1.71 m01
10.0.0.69 rewrite.web01_to_baidu.cn
[root@web01 /etc/nginx/conf.d]#
[root@web01 /etc/nginx/conf.d]# curl -v rewrite.web01_to_baidu.cn
*   Trying 10.0.0.69:80...
* Connected to rewrite.web01_to_baidu.cn (10.0.0.69) port 80 (#0)
> GET / HTTP/1.1
> Host: rewrite.web01_to_baidu.cn
> User-Agent: curl/7.71.1
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Server: Tengine/3.1.0
< Date: Mon, 04 Nov 2024 01:14:26 GMT
< Content-Type: text/html
< Content-Length: 245
< Connection: keep-alive
< Location: http://www.baidu.com/
< 
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr/>Powered by Tengine/3.1.0<hr><center>tengine</center>
</body>
</html>
* Connection #0 to host rewrite.web01_to_baidu.cn left intact


[root@web01 /etc/nginx/conf.d]# curl -Lv -H Host:rewrite.web01_to_baidu.cn http://10.0.0.69/十萬個為什麼？
*   Trying 10.0.0.69:80...
* Connected to 10.0.0.69 (10.0.0.69) port 80 (#0)
> GET /十萬個為什麼？ HTTP/1.1
> Host:rewrite.web01_to_baidu.cn
> User-Agent: curl/7.71.1
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Server: Tengine/3.1.0
< Date: Mon, 04 Nov 2024 01:17:05 GMT
< Content-Type: text/html
< Content-Length: 245
< Connection: keep-alive
< Location: http://www.baidu.com/十萬個為什麼？
< 
* Ignoring the response-body
* Connection #0 to host 10.0.0.69 left intact
* Issue another request to this URL: 'http://www.baidu.com/%e5%8d%81%e4%b8%87%e4%b8%aa%e4%b8%ba%e4%bb%80%e4%b9%88%ef%bc%9f'
*   Trying 110.242.68.4:80...
* Connected to www.baidu.com (110.242.68.4) port 80 (#1)
> GET /%e5%8d%81%e4%b8%87%e4%b8%aa%e4%b8%ba%e4%bb%80%e4%b9%88%ef%bc%9f HTTP/1.1
> Host: www.baidu.com
> User-Agent: curl/7.71.1
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 404 Not Found
< Content-Length: 219
< Content-Type: text/html; charset=iso-8859-1
< Date: Mon, 04 Nov 2024 01:17:05 GMT
< Server: Apache
< 
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /十萬個為什麼？ was not found on this server.</p>
</body></html>
* Connection #1 to host www.baidu.com left intact

http跳轉https ⭐⭐⭐⭐⭐

使用者請求網站一般都是http請求,http-->https

完整流程等講完https.

$request_uri變數用於記錄使用者請求的uri.

return小結

• return + 狀態碼 與 location 或 if.
• return 實現跳轉
• 返回指定的狀態碼.
• 域名跳轉(新舊域名)
• http-->https跳轉(講解完成https後必會)

2.2.2 if 判斷

if擅長與ngx變數搭配進行判斷.

if相當於shell程式設計中的單分支判斷,ngx中的if沒有雙分支或多分支.

如果部落格請求頭包含 "lb_check"，不生成訪問日誌

配置檔案

檢視程式碼

 cat blog.web01.cn.conf 
server{
  listen 80;
  server_name blog.web01.cn;
  root /app/code/blog/;
  error_log /var/log/nginx/blog-error.log notice;
  access_log /var/log/nginx/blog-access.log main;
  location / {
    index index.php;
  }

  location ~* \.php$ {
    if ( $http_user_agent ~* "lb_check" ){
      access_log off;
     }

    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
  }
 
  location =test_ngx_php.php {
    index test_ngx_php.php; 
  }

  location =test_db_php.php {
    index test_db_php.php;
  }

}

測試

[root@web01 /etc/nginx/conf.d]# cat /var/log/nginx/blog-access.log

rewrite.web01.cn 網站只准許GET,POST,HEAD,其 他訪問禁止訪問. ⭐⭐⭐⭐⭐

需求:為了安全.

• if用於進行判斷,透過ngx中變數.(f放在server , location)
• 可以比大小.
• 也可以進行等於,不等於.
• 也可以進行匹配(過濾).

if 判斷格式

if指令在ngx中的格式
if (條件) {
滿足條件執行的內容.
}

使用到的變數: $request_method 取出請求方法. 

配置檔案

檢視程式碼

 root@web01 /etc/nginx/conf.d]# vim rewrite_if.conf
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# nginx -t
nginx: [warn] conflicting server name "rewrite.web01.cn" on 0.0.0.0:80, ignored
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@web01 /etc/nginx/conf.d]# systemctl restart nginx
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# cat rewrite_if.conf 
server {
  listen 80;
  server_name rewrite.web01.cn;
  root /app/code/rewrite;
  if ( $request_method !~ "GET|POST|HEAD" ) {
  return 403; #這裡可以使用405狀態碼,405表示使用的請求方法不被網站准許或支援.
  } 
  location / {
   index index.html;
  }
}

測試

檢視程式碼

 [root@web01 /etc/nginx/conf.d]# vim /etc/hosts
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# cat /etc/hosts
172.16.1.75 lb01
172.16.1.76 lb02
172.16.1.69 web01
172.16.1.70 web02
172.16.1.72 web03
172.16.1.68 nfs01
172.16.1.67 backup
172.16.1.81 db01
172.16.1.71 m01
10.0.0.69 rewrite.web01_to_baidu.cn
172.16.1.69 rewrite.web01.cn
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# curl rewrite.web01.cn
rewrite 家頁面
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# curl -I rewrite.web01.cn
HTTP/1.1 200 OK
Server: Tengine/3.1.0
Date: Mon, 04 Nov 2024 01:53:29 GMT
Content-Type: text/html
Content-Length: 18
Last-Modified: Mon, 04 Nov 2024 00:46:22 GMT
Connection: keep-alive
ETag: "6728195e-12"
Accept-Ranges: bytes

[root@web01 /etc/nginx/conf.d]# curl -v rewrite.web01.cn
*   Trying 172.16.1.69:80...
* Connected to rewrite.web01.cn (172.16.1.69) port 80 (#0)
> GET / HTTP/1.1
> Host: rewrite.web01.cn
> User-Agent: curl/7.71.1
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: Tengine/3.1.0
< Date: Mon, 04 Nov 2024 01:54:03 GMT
< Content-Type: text/html
< Content-Length: 18
< Last-Modified: Mon, 04 Nov 2024 00:46:22 GMT
< Connection: keep-alive
< ETag: "6728195e-12"
< Accept-Ranges: bytes
< 
rewrite 家頁面
* Connection #0 to host rewrite.web01.cn left intact
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# curl -X POST rewrite.web01.cn
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head><title>405 Not Allowed</title></head>
<body>
<center><h1>405 Not Allowed</h1></center>
 Sorry for the inconvenience.<br/>
Please report this message and include the following information to us.<br/>
Thank you very much!</p>
<table>
<tr>
<td>URL:</td>
<td>http://rewrite.web01.cn/</td>
</tr>
<tr>
<td>Server:</td>
<td>web01</td>
</tr>
<tr>
<td>Date:</td>
<td>2024/11/04 09:54:21</td>
</tr>
</table>
<hr/>Powered by Tengine/3.1.0<hr><center>tengine</center>
</body>
</html>
[root@web01 /etc/nginx/conf.d]# 

if小結

• 一般與ngx內建變數或自定義變數一起使用.
• 與location使用的符號類似.
• ~ ~*
• !~ !~*
• =
• !=
• 常用, \*, ! ,!*
• ngx取反,排除,只能用if

客戶端ip地址 $remote_addr
請求方法: $request_method
請求uri: $request_uri
UA客戶端型別 $http_user_agent

2.2.3 set

用於自己建立或修改ngx變數

#shell寫法
name=666
echo $name
#ngx中寫法
set $變數名字 值;
set $name 996;

溫馨提示:

ngx變數,進行賦值與進行使用都需要加上$符號.

建立/app/code/blog/weihu.html ,檔案存在 則顯示503網站維護

透過if+-f判斷 不需要重啟ngx

配置

檢視程式碼

 [root@web01 /etc/nginx/conf.d]# cp rewrite.web01.cn.conf rewrite.web01.cn.conf.bak
[root@web01 /etc/nginx/conf.d]# vim rewrite.web01.cn.conf
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# cat rewrite.web01.cn.conf
server {
  listen 80;
  server_name rewrite.web01.cn;
  #error_log
  #acess_log
  if ( -f /app/code/blog/weihu.html ) {
   return 503;
  }
  if ( $request_method !~ "^(GET|POST|HEAD)$" ) {
    return 405;
  }
  return 302 http://www.baidu.com$request_uri;
}
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# nginx -t
nginx: [warn] conflicting server name "rewrite.web01.cn" on 0.0.0.0:80, ignored
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# systemctl restart nginx

測試

[root@web01 /etc/nginx/conf.d]# curl rewrite.web01.cn
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head><title>503 Service Temporarily Unavailable</title></head>
<body>
<center><h1>503 Service Temporarily Unavailable</h1></center>
 Sorry for the inconvenience.<br/>
Please report this message and include the following information to us.<br/>
Thank you very much!</p>

建立/app/code/blog/weihu.html ,檔案存在 則顯示503網站維護(放行內網)

if沒有多分支,雙分支.
if無法使用-a或&&表示並且.
條件1: 檔案/app/code/blog/weihu.html 是否存在
條件2: 客戶端ip是否為內網
處理: 檔案存在 並且 不是內網 則503.

配置

檢視程式碼

 [root@web01 /etc/nginx/conf.d]# cp rewrite.web01.cn.conf rewrite.web01.cn.conf_503
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# vim rewrite.web01.cn.conf
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# nginx -t
nginx: [warn] conflicting server name "rewrite.web01.cn" on 0.0.0.0:80, ignored
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# systemctl restart nginx
[root@web01 /etc/nginx/conf.d]# cat rewrite.web01.cn.conf
server {
  listen 80;
  server_name rewrite.web01.cn;
  root /app/code/rewrite;
  set $flag 0;
  set $file /app/code/rewrite/weihu.html;
  if ( $remote_addr !~* 172.16.1.* ) {
    set $flag 1;
  }

  if ( -f ${file} ) {
    set $flag ${flag}1;
  }

  if ( $flag = 11 ) {
    return 503;
  }

  if ( $request_method !~* "GET|POST|HEAD" ) {
    return 403;
  }

  location / {
    index index.html;
  }

  #location ~* (\.ini|\.pass)$ {
  location /admin/ {
    return 403;
  }
}

測試

檢視程式碼

 [root@web01 /etc/nginx/conf.d]# vim /etc/hosts
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# cat /etc/hosts
172.16.1.75 lb01
172.16.1.76 lb02
172.16.1.69 web01
172.16.1.70 web02
172.16.1.72 web03
172.16.1.68 nfs01
172.16.1.67 backup
172.16.1.81 db01
172.16.1.71 m01
10.0.0.69 rewrite.web01_to_baidu.cn
10.0.0.69 rewrite.web01.cn

[root@web01 /etc/nginx/conf.d]# touch /app/code/rewrite/weihu.html
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# ll /app/code/rewrite/
總用量 4
drwxr-xr-x 2 root root 24 11月  4 08:47 admin
-rw-r--r-- 1 root root 18 11月  4 08:46 index.html
-rw-r--r-- 1 root root  0 11月  4 11:19 weihu.html

[root@web01 /etc/nginx/conf.d]# curl rewrite.web01.cn
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head><title>503 Service Temporarily Unavailable</title></head>
<body>
<center><h1>503 Service Temporarily Unavailable</h1></center>
 Sorry for the inconvenience.<br/>
Please report this message and include the following information to us.<br/>
Thank you very much!</p>

# 修改hosts解析為172網段。可以正常訪問
[root@web01 /etc/nginx/conf.d]# curl rewrite.web01.cn
rewrite 家頁面

准許內網,指定ip,127.0.0.1,localhost .....

map(相當於shell中的case語句) 放在http區域

#如果$remote_addr變數的內容是 xxx,則修改$tmp變數的內容.
map $remote_addr $tmp {
  hostnames;
  default 0;
  172.16.1.* 1;
  127.0.0.1 1;
  web01
}

配置可以改為

檢視程式碼

 [root@web01 /etc/nginx/conf.d]# cat rewrite.web01.cn.conf
map $remote_addr $flag {
  hostnames;
  default 1;
  172.16.1.* 0;
  127.0.0.1 0;
  localhost 0;
  10.0.0.1 0;
}
server {
  listen 80;
  server_name rewrite.web01.cn;
  root /app/code/rewrite;
  set $flag 0;
  set $file /app/code/rewrite/weihu.html;
  
# map可替代下面的if語句  
#  if ( $remote_addr !~* 172.16.1.* ) {
#    set $flag 1;
#  }

  if ( -f ${file} ) {
    set $flag ${flag}1;
  }

  if ( $flag = 11 ) {
    return 503;
  }

  if ( $request_method !~* "GET|POST|HEAD" ) {
    return 403;
  }

  location / {
    index index.html;
  }

  #location ~* (\.ini|\.pass)$ {
  location /admin/ {
    return 403;
  }
}

2.2.4 rewrite

rewrite指令

跳轉指令	共同點	區別
return	實現跳轉	301/302跳轉,ngx變數,不支援正則. 一般用於新舊域名,http-->https
rewrite	實現跳轉	支援正則表示式,實現偽靜態. uri調整

rewrite格式:

rewrite正則用於匹配使用者請求的uri.

命令的格式與sed 's###g'反向引用類似,實現替換功能,rewrite替換url內容.(改寫)

rewrite 指令	說明
格式	rewrite 找什麼(具體內容/正則/保護分組) 替換成什麼(具體內容,後向引用) [標記]; 標記可以省略,預設使用redirect標記(302)
放在哪裡	server , location , if
⚠	rewrite匹配的內容,匹配uri.

rewrite的301,302標記

redirect或不寫   302
permanent        301

域名跳轉

[root@web01 /etc/nginx/conf.d]# cat rewrite.web01.cn.conf
server{
  listen 80;
  server_name rewrite.web01.cn;
  #return 301 http://baidu.com$request_uri;
  #http://rewrite.web01.cn
  #                       ^    $
  rewrite ^(.*)$ http://baidu.com$1 permanent;
}

除錯

頁面直接訪問rewrite.web01.cn會跳轉到百度

[root@web01 /etc/nginx/conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# systemctl reload nginx
[root@web01 /etc/nginx/conf.d]# curl -Lv rewrite.web01.cn/1.txt
*   Trying 10.0.0.69:80...
* Connected to rewrite.web01.cn (10.0.0.69) port 80 (#0)
> GET /1.txt HTTP/1.1
> Host: rewrite.web01.cn
> User-Agent: curl/7.71.1
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Server: Tengine/3.1.0
< Date: Tue, 05 Nov 2024 02:20:59 GMT
< Content-Type: text/html
< Content-Length: 245
< Connection: keep-alive
< Location: http://baidu.com/1.txt
< 
* Ignoring the response-body
* Connection #0 to host rewrite.web01.cn left intact
* Issue another request to this URL: 'http://baidu.com/1.txt'
*   Trying 110.242.68.66:80...
* Connected to baidu.com (110.242.68.66) port 80 (#1)
> GET /1.txt HTTP/1.1
> Host: baidu.com
> User-Agent: curl/7.71.1
> Accept: */*
> 

http-->https

cat rewrite.web01.cn.conf
server {
  listen 80;
  server_name rewrite.web01.cn;
  #return 302 https://rewrite.web01.cn$request_uri;
  rewrite ^(.*)$ https://rewrite.web01.cn$1 ; #302
  }
  server {
    listen 443 ssl;
    server_name rewrite.web01.cn;
    root /app/code/rewrite/;
    私鑰
    公鑰(證書)
  location / {
   index index.html;
  }
}

Rewrite各種標記

rewrite 正則 替換內容 標記;

標記	說明	補充
redirect預設	302 臨時 使用者訪問的時候,收到302提示及新的位置Location(響應頭),使用者根據Location新的位置進行訪問(讓使用者重新發出http請求)	新舊地址都可以用
permanent	301 永久 使用者訪問的時候,收到302提示及新的位置Location(響應頭),使用者根據Location新的位置進行訪問(讓使用者重新發出http請求)	舊的地址排名取消,舊的不用了,只用新的網站
break	使用者的請求匹配到包含break指令或rewrite規則後,及時後面還有location規則,不會繼續執行.終止執行.	類似於exit
last	使用者請求匹配到包含last標記的rewrite規則後,停止繼續執行,ngx會重新發出內部請求,請求與location規則進行匹配.	開啟ngx，rewrite_log才能看到 類似於continue

配置

配置檔案

[root@web01 /etc/nginx/conf.d]# cat flag.web01.cn.conf 
server {
  listen 80;
  server_name flag.web01.cn;
  root /app/code/flag;
  error_log /var/log/nginx/flag-error.log notice;
  rewrite_log on; #需要錯誤日誌debug ... notice
  
  location / {
    rewrite /1.html /2.html;
    rewrite /2.html /3.html;
  }
  
  location /2.html {
    rewrite /2.html /b.html;
  }

  location /3.html {
    rewrite /3.html /a.html;
  }
}

測試

檢視程式碼

# 準備資源目錄
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# mkdir -p /app/code/flag/
[root@web01 /etc/nginx/conf.d]# echo "1.html頁面" >/app/code/flag/1.html
[root@web01 /etc/nginx/conf.d]# echo "2.html頁面" >/app/code/flag/2.html
[root@web01 /etc/nginx/conf.d]# echo "3.html頁面" >/app/code/flag/3.html
[root@web01 /etc/nginx/conf.d]# echo "a.html頁面" >/app/code/flag/a.html
[root@web01 /etc/nginx/conf.d]# echo "b.html頁面" >/app/code/flag/b.html
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# vim /etc/hosts
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# cat /etc/hosts
10.0.0.69 rewrite.web01_to_baidu.cn
10.0.0.69 rewrite.web01.cn
10.0.0.69 flag.web01.cn

# 1.訪問/1.html顯示a.html內容
[root@web01 /etc/nginx/conf.d]# curl -H Host:flag.web01.cn http://10.0.0.69/1.html
a.html頁面 

#2.訪問/2.html顯示b.html內容
[root@web01 /etc/nginx/conf.d]# curl -H Host:flag.web01.cn http://10.0.0.69/2.html
b.html頁面

# 3. 在rewrite /1.html /2.html的時候加上標記break標記.
#rewrite /1.html /2.html break; 執行完成rewrite後直接結束.
server {
... 
  location / {
    rewrite /1.html /2.html break;
    rewrite /2.html /3.html ;
  }
...
}

[root@web01 /etc/nginx/conf.d]# vim flag.web01.cn.conf
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# systemctl reload nginx.service 
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# curl -H Host:flag.web01.cn http://10.0.0.69/1.html
2.html頁面

# 4. 在rewrite /1.html /2.html的時候加上標記last標記.
[root@web01 /etc/nginx/conf.d]# cat flag.web01.cn.conf
server {
...
  location / {
    rewrite /1.html /2.html last;
    rewrite /2.html /3.html ;
  }
...
}
[root@web01 /etc/nginx/conf.d]# vim flag.web01.cn.conf
[root@web01 /etc/nginx/conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# systemctl reload nginx.service 
[root@web01 /etc/nginx/conf.d]# 
[root@web01 /etc/nginx/conf.d]# curl -H Host:flag.web01.cn http://10.0.0.69/1.html
b.html頁面