nginx限制访问速度

location / {
    limit_rate_after 5m;  #下载5m以后开始限速
    limit_rate 100k;      #每个链接限速100k
}

如何给在用的nginx添加新模块?

有一个在用的nginx,以yum方法安装的,怎样在不改动配置的情况下,为它添加模块.
以添加spdy模块为例.

编译新模块

预编译
./configure  --prefix=/etc/nginx \
   --sbin-path=/usr/sbin \
   --conf-path=/etc/nginx/nginx.conf \
   --pid-path=/run/nginx.pid  \
   --error-log-path=/var/log/nginx/error.log \
   --with-http_spdy_module \
   --with-http_ssl_module \
   --with-ipv6 
--sbin-path, --pid—path, --conf—path,--erro—path三个参数是设定默认配置路径.
如果旧的nginx不是以/usr/local/nginx为安装路径,则需要指定上面参数,可以在旧nginx的nginx.conf文件中取到.
 
编译
make之后复制

验证新nginx是否可用

验证编译后的nginx是否可以使用已有的配置
./obj/nginx -t

使用新nginx

备份 cp /usr/sbin/nginx /usr/sbin/nginx-bak
替换 cp ./obj/nginx /usr/sbin/nginx
ok了
 

nginx启用spdy支持

安装nginx

预编译时加入spdy模块,spdy强制使用ssl,需要同时编入ssl模块
./configure --with-http_ssl_module --with-http_spdy_module
 
make 编译之后输出下面信息,nginx默认安装到/usr/local/nginx目录
[wyq@localhost nginx-1.6.2]$ make
make -f objs/Makefile
make[1]: 进入目录“/home/wyq/nginx-1.6.2”
cc -c -pipe  -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror -g  -I src/core -I src/event -I src/event/modules -I src/os/unix -I objs \
....
make[1]: 离开目录“/home/wyq/nginx-1.6.2” make -f objs/Makefile manpage make[1]: 进入目录“/home/wyq/nginx-1.6.2” sed -e "s|%%PREFIX%%|/usr/local/nginx|" \ -e "s|%%PID_PATH%%|/usr/local/nginx/logs/nginx.pid|" \ -e "s|%%CONF_PATH%%|/usr/local/nginx/conf/nginx.conf|" \ -e "s|%%ERROR_LOG_PATH%%|/usr/local/nginx/logs/error.log|" \ < man/nginx.8 > objs/nginx.8 make[1]: 离开目录“/home/wyq/nginx-1.6.2”

make install 安装

准备数字证书

使用下面命令,生成自己的证书
openssl genrsa -des3 -out openssl.key 1024  
openssl req -new -x509 -key openssl.key -out openssl.crt -days 3650  
openssl rsa -in openssl.key -out openssl_nopass.key  
详细参考
http://yongqing.is-programmer.com/posts/68856.html
或者用我的证书,证书密码:word
http://pan.baidu.com/s/1eQf91Eq

添加配置

server{
    ...
    listen 443 ssl spdy;
    ssl_certificate /home/wyq/ssl/openssl.crt;
    ssl_certificate_key /home/wyq/ssl/openssl_nopass.key;
    ...
}

启动nginx

./sbin/nginx

查看spdy启动情况

使用chrome浏览器访问https://localhost,并打开 chrome://net-internals/#spdy 看到下面内容,表示spdy已经开启
Host Proxy ID Protocol Negotiated Active streams Unclaimed pushed Max Initiated Pushed Pushed and claimed Abandoned Received frames Secure Sent settings Received settings Send window Receive window Unacked received data Error
localhost:443 direct:// 65438 spdy/3.1 0 0 100 1 0 0 0 2 true true true 2147483647 10485760 612 0
 

SSL数字证书生成方法

安装openssl

yum install openssl

生成密钥

openssl genrsa -des3 -out openssl.key 1024  
[wyq@localhost ssl]$ openssl genrsa -des3 -out openssl.key 1024
Generating RSA private key, 1024 bit long modulus
..............++++++
...............++++++
e is 65537 (0x10001)
Enter pass phrase for openssl.key:  (输入密码)
Verifying - Enter pass phrase for openssl.key: (确认输入输入密码)

生成证书

openssl req -new -x509 -key openssl.key -out openssl.crt -days 3650  
[wyq@localhost ssl]$ openssl req -new -x509 -key openssl.key -out openssl.crt -days 3650
Enter pass phrase for openssl.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn (国家)
State or Province Name (full name) []:hubei (省份)
Locality Name (eg, city) [Default City]:wuhan (城市)
Organization Name (eg, company) [Default Company Ltd]:aa (公司)
Organizational Unit Name (eg, section) []:it (部门)
Common Name (eg, your name or your server's hostname) []:wyq (名字)
Email Address []:562798392@qq.com (邮件地址)

不用密码的密钥

openssl rsa -in openssl.key -out openssl_nopass.key  
[wyq@localhost ssl]$ openssl rsa -in openssl.key -out openssl_nopass.key 
Enter pass phrase for openssl.key: (输入上面设定的密码)
writing RSA key

开启nginx的ssl

server{
    ....
    listen 443 ssl;
    ssl_certificate /home/wyq/ssl/openssl.crt;
    ssl_certificate_key /home/wyq/ssl/openssl_nopass.key;
    ....
}
访问https://localhost 出现"Welcome to nginx ...",好了,配置成功.
 
 

debian安装nginx 1.6方法

安装

  • apt-get upgrade更新系统。由于nginx 1.6会用到最新包,最好先更新系统。
  • 添加dotdeb源
打开/etc/apt/sources.list在头部添加下面两行
deb http://packages.dotdeb.org stable all
deb-src http://packages.dotdeb.org stable all
  • 运行apt-get install nginx升级nginx
     默认不会覆盖已有的nginx配置
  • nginx -s reload重启gninx

可能出现缺少公钥错误

  • 运行apt-get update出现提示
Reading package lists... Done
W: GPG error: http://packages.dotdeb.org stable Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E9C74FEEA2098A6E
  • 解决办法:
运行下面两个命令
gpg --keyserver keys.gnupg.net --recv-key A2098A6E
gpg -a --export A2098A6E | apt-key add -
命令中的"A2098A6E",是错误提示"E9C74FEEA2098A6E"的后8位