Basic use of nginx (startup, shutdown and domain name mapping access)

In the past few days, I have been working on the company website, using nginx+tomcat to work together. Some of the things in it are backed up for future use in work

1. Stop nginx: The stop operation is performed by sending a signal to the nginx process.
Step 1: Query the nginx main process number
ps -ef | grep nginx
Look for the master process in the process list, and its number is the main process number.
Step 2: Send signal
Stop Nginx gracefully:
kill -QUIT main process number
Quickly stop Nginx:
kill -TERM main process number
Force stop Nginx:
pkill -9 nginx
In addition, if configured in nginx.conf If the pid file storage path is used, the file stores the Nginx main process number. If not specified, it will be placed in the nginx logs directory. With the pid file, we don’t need to query the main process number of Nginx first, but directly send a signal to Nginx. The command is as follows:
kill -Signal type '/usr/nginx/logs/nginx.pid'
Smooth restart
If changed After completing the configuration, we need to restart Nginx. Do we need to close Nginx first and then open it? No, you can send a signal to Nginx to restart smoothly.
Smooth restart command:
kill -HUP into the name or process number file path
or use
/usr/sbin/nginx -s reload
Note, after modifying the configuration file, it is best to check whether the modified configuration file is correct. , to avoid Nginx errors after restarting and affecting the stable operation of the server. The command to determine whether the Nginx configuration is correct is as follows:
nginx -t -c /usr/nginx/nginx.conf
or
/usr/sbin/nginx -t

2. Start nginx

Startup command: /usr/sbin/nginx -c /usr/nginx/nginx.conf

-c specifies the path to the configuration file

3. Domain name access configuration of nginx

The configuration file of domain name A: www.a.com is as follows : (Sample)

server {
    listen       80;
    server_name  *.a.com;
    location / {
        proxy_pass http://localhost:8080/projectA/;
        proxy_set_header   Host    $host;
        proxy_set_header   X-Real-IP   $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

myself:

upstream tomcat_web{
      server localhost:8080 weight=10;
    }

    server {
        listen       80  default_server;
        listen       [::]:80  default_server;
        server_name  www.XXXXXX.net;
        #	index index.jsp
        # root         /home/microlink/app/site;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
            #jsp网站程序根目录，一般nginx与tomcat在同一个目录
            root  /home/xxx/xxx/site;
            index  index.html index.jsp index.html;
        }

        location ~ .*\.jsp$ {
             proxy_connect_timeout   3;  
             proxy_send_timeout      30;  
             proxy_read_timeout      30;  
             proxy_pass http://localhost:8080;
	     proxy_set_header   Host    $host;
	     proxy_set_header   X-Real-IP   $remote_addr;
	     proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;  
        }

4. Firewall opening, closing and status query

• View firewall status.
  systemctl status firewalld
• View the firewall status
  chkconfig iptables --list
  
• Temporarily close the firewall command. After restarting the computer, the firewall automatically comes up.
  systemctl stop firewalld
• Permanently close the firewall command. After restarting, the firewall will not start automatically.
  systemctl disable firewalld
• Open the firewall command.
  systemctl enable firewalld
• (1) It will take effect permanently after restarting:
• Turn on: chkconfig iptables on
  Turn off: chkconfig iptables off
  (2) It will take effect immediately and become invalid after restarting:
  Turn on: service iptables start
  Turn off: service iptables stop
  It should be noted that the above commands can be used to open and close other services under Linux.
  When the firewall is turned on, make the following settings and open the relevant ports.
  Modify the /etc/sysconfig/iptables file and add the following content:
  -A RH-Firewall-1-INPUT -m state ——state NEW -m tcp - p tcp ——dport 80 -j ACCEPT
  -A RH-Firewall-1-INPUT -m state ——state NEW -m tcp -p tcp ——dport 22 -j ACCEPT
  or:
  /etc/init.d/ iptables status will get a series of information indicating that the firewall is on.
  /etc/rc.d/init.d/iptables stop Turn off the firewall
  Finally:
  Enter setup under the root user, enter a graphical interface, select Firewall configuration, enter the next interface, select Security Level as Disabled, and save. Just restart.
  ==================================================== =====
  under fedora
  /etc/init.d/iptables stop
  ================================ ========================
  Under ubuntu:
  Since UBUNTU has no related direct command
  Please use the following command
  iptables -P INPUT ACCEPT
  iptables - P OUTPUT ACCEPT
  Temporarily open all ports
  There is no command to turn off iptables on Ubuntu
  ================================== ======================
  iptables is the next powerful firewall for Linux. It is powerful enough to replace most hardware without considering efficiency. Firewall, but if a powerful firewall is not used properly, it may block not only those potential attacks, but also yourself. The harm caused by this may not matter to ordinary personal PCs, but imagine if this is a server. Once such a situation occurs, not only the normal service of the theater will be restored, but also the on-site recovery will be required. This will cause How much loss did you bring?
  So what I want to say is, be extremely careful when you type every iptables related command.
  1. When applying each rule to the DROP target, carefully check the rule and consider its impact on you before applying it.
  2. In redhat we can use service iptables stop to turn off the firewall, but in some versions such as ubuntu this command does not work. You may find many articles on the Internet telling you to use the iptables -F command to turn off the firewall. , but before using this command, remember to use iptables -L to check the default targets of all chains in your system. The iptables -F command only clears all the rules, but does not actually close iptables. Imagine if your chain The default target is DROP. Originally, you had rules to allow some specific ports, but once you apply iptables -L and clear all the rules, the default target will block any access, including of course your remote ssh management server.
  So my suggested command to turn off the firewall is
  iptables -P INPUT ACCEPT
  iptables -P FORWARD ACCEPT
  iptables -P OUTPUT ACCEPT
  iptables -F
  In summary, when you are going to make any changes on your server, it is better to have A test environment is fully tested before being applied to your server. In addition, to use iptables well, you must understand the operating principle of iptables and know how iptables processes each data packet. Only in this way can the rules be written accurately and avoid unnecessary trouble.
  

Reference link:

<1>http://bbs.51cto.com/thread-1095321-1-1.html

<2>http://blog.csdn.net/kobejayandy/article/ details/20867351

<3>http://www.cnblogs.com/freespider/p/4684586.html

<4>http://blog.csdn.net/ tongzidane/article/details/42291857 (nginx installation, configuration, etc.)

The above introduces the basic use of nginx (startup, shutdown and domain name mapping access), including aspects of the content. I hope it will be helpful to friends who are interested in PHP tutorials.