Centos7.x+Nginx1.15.x編譯安裝配置

2019年1月9日15:04:23 發(fā)表評(píng)論 4,480 ℃

1、解決依賴關(guān)系

編譯安裝nginx需要事先需要安裝開(kāi)發(fā)包組"Development Tools"和 "Development Libraries"。同時(shí),還需要專門安裝pcre-devel包:

# yum -y install pcre-devel


2、編譯安裝

首先添加用戶nginx,實(shí)現(xiàn)以之運(yùn)行nginx服務(wù)進(jìn)程:

# groupadd -r nginx

# useradd -r -g nginx -s /sbin/nologin nginx

接著開(kāi)始編譯和安裝:

#wget http://nginx.org/download/nginx-1.15.2.tar.gz

#tar zxf nginx-1.15.2.tar.gz

#cd nginx-1.15.2

#./configure   --prefix=/usr   --sbin-path=/usr/sbin/nginx   --conf-path=/etc/nginx/nginx.conf   --error-log-path=/var/log/nginx/error.log   --http-log-path=/var/log/nginx/access.log   --pid-path=/var/run/nginx/nginx.pid    --lock-path=/var/lock/nginx.lock   --user=nginx   --group=nginx  --with-http_ssl_module    --with-http_flv_module   --with-http_stub_status_module   --with-http_gzip_static_module   --http-client-body-temp-path=/var/tmp/nginx/client/   --http-proxy-temp-path=/var/tmp/nginx/proxy/   --http-fastcgi-temp-path=/var/tmp/nginx/fcgi/   --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi   --http-scgi-temp-path=/var/tmp/nginx/scgi   --with-pcre

# make && make install

說(shuō)明:如果想使用nginx的perl模塊,可以通過(guò)為configure腳本添加–with-http_perl_module選項(xiàng)來(lái)實(shí)現(xiàn),但目前此模塊仍處于實(shí)驗(yàn)性使用階段,可能會(huì)在運(yùn)行中出現(xiàn)意外,因此,其實(shí)現(xiàn)方式這里不再介紹。如果想使用基于nginx的cgi功能,也可以基于FCGI來(lái)實(shí)現(xiàn),具體實(shí)現(xiàn)方法請(qǐng)參照網(wǎng)上的文檔。


3、為nginx提供SysV init腳本:

新建文件/etc/rc.d/init.d/nginx,內(nèi)容如下:

#!/bin/sh

#

# nginx – this script starts and stops the nginx daemon

#

# chkconfig:   2345 85 15 

# description:  Nginx is an HTTP(S) server, HTTP(S) reverse \

#               proxy and IMAP/POP3 proxy server

# processname: nginx

# config:      /etc/nginx/nginx.conf

# config:      /etc/sysconfig/nginx

# pidfile:     /var/run/nginx.pid

 

# Source function library.

. /etc/rc.d/init.d/functions

 

# Source networking configuration.

. /etc/sysconfig/network

 

# Check that networking is up.

[ "$NETWORKING" = "no" ] && exit 0

nginx="/usr/sbin/nginx"

prog=$(basename $nginx)

 

NGINX_CONF_FILE="/etc/nginx/nginx.conf"

 

[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx

 

lockfile=/var/lock/subsys/nginx

 

make_dirs() {

   # make required directories

   user=`nginx -V 2>&1 | grep "configure arguments:" | sed 's/[^*]*–user=\([^ ]*\).*/\1/g' -`

   options=`$nginx -V 2>&1 | grep 'configure arguments:'`

   for opt in $options; do

       if [ `echo $opt | grep '.*-temp-path'` ]; then

           value=`echo $opt | cut -d "=" -f 2`

           if [ ! -d "$value" ]; then

               # echo "creating" $value

               mkdir -p $value && chown -R $user $value

           fi

       fi

   done

}

 

start() {

    [ -x $nginx ] || exit 5

    [ -f $NGINX_CONF_FILE ] || exit 6

    make_dirs

     [ -d /var/run/nginx ] || mkdir /var/run/nginx

    echo -n $"Starting $prog: "

    daemon $nginx -c $NGINX_CONF_FILE

    retval=$?

    echo

    [ $retval -eq 0 ] && touch $lockfile

    return $retval

}

 

stop() {

    echo -n $"Stopping $prog: "

    killproc $prog -QUIT

    retval=$?

    echo

    [ $retval -eq 0 ] && rm -f $lockfile

    return $retval

}

 

restart() {

    configtest || return $?

    stop

    sleep 1

    start

}

 

reload() {

    configtest || return $?

    echo -n $"Reloading $prog: "

    killproc $nginx -HUP

    RETVAL=$?

    echo

}

 

force_reload() {

    restart

}

 

configtest() {

  $nginx -t -c $NGINX_CONF_FILE

}

 

rh_status() {

    status $prog

}

 

rh_status_q() {

    rh_status >/dev/null 2>&1

}

 

case "$1" in

    start)

        rh_status_q && exit 0

        $1

        ;;

    stop)

        rh_status_q || exit 0

        $1

        ;;

    restart|configtest)

        $1

        ;;

    reload)

        rh_status_q || exit 7

        $1

        ;;

    force-reload)

        force_reload

        ;;

    status)

        rh_status

        ;;

    condrestart|try-restart)

        rh_status_q || exit 0

            ;;

    *)

        echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"

        exit 2

esac

而后為此腳本賦予執(zhí)行權(quán)限:

# chmod +x /etc/rc.d/init.d/nginx

添加至服務(wù)管理列表,并讓其開(kāi)機(jī)自動(dòng)啟動(dòng):

# chkconfig --add nginx

# chkconfig nginx on

#chown -R nginx.nginx /etc/nginx/

#chown -R nginx.nginx /var/run/nginx/

#mkdir -p /var/tmp/nginx/{client,proxy,fastcgi,uwsgi,scgi}

#rm -rf /run/systemd/generator.late/nginx.service

而后就可以啟動(dòng)服務(wù)并測(cè)試了:

# service nginx start


4、配置反向代理

upstream test {

server localhost:8080 weight=1;

}

server {

listen      80;

server_name test.amd5.cn;

access_log /var/log/nginx/test_access.log;

error_log  /var/log/nginx/test_error.log debug;

location / {

    proxy_pass http://test;

    proxy_redirect off;

    proxy_set_header Host $host;

    proxy_set_header X-Real-IP $remote_addr;

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    client_max_body_size 2m;    #允許客戶端請(qǐng)求的最大單文件字節(jié)數(shù)

    client_body_buffer_size 128k; #緩沖區(qū)代理緩沖用戶端請(qǐng)求的最大字節(jié)數(shù)

    proxy_connect_timeout 90;   #nginx跟后端服務(wù)器連接超時(shí)時(shí)間(代理連接超時(shí))

    proxy_read_timeout 90;      #連接成功后,后端服務(wù)器響應(yīng)時(shí)間(代理接收超時(shí))

    proxy_buffer_size 4k;       #設(shè)置代理服務(wù)器(nginx)保存用戶頭信息的緩沖區(qū)大小

    proxy_buffers 6 32k;        #proxy_buffers緩沖區(qū),網(wǎng)頁(yè)平均在32k以下的話>,這樣設(shè)置

    proxy_busy_buffers_size 64k; #高負(fù)荷下緩沖大?。╬roxy_buffers*2)

    proxy_temp_file_write_size 64k; #設(shè)定緩存文件夾大小,大于這個(gè)值,將從upstream服務(wù)器傳

}

}


5、配置http

server {

    listen      80;

    listen 443 ssl;

    auth_basic  off;

    root        /data/wwwroot;

    index       index.html index.htm;

    server_name www.zhongjima.net;

#https配置

    ssl_certificate   /etc/nginx/ssl/www.zhongjima.net.pem; # 證書(shū)文件

    ssl_certificate_key  /etc/nginx/ssl/www.zhongjima.net.key; # 密鑰對(duì)文件(包含公鑰和私鑰, 私鑰不會(huì)發(fā)給客戶端)

    ssl_session_timeout 5m;

    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # SSL(包括 v3)都有漏洞,應(yīng)該用 TLS(TLS1.0 = SSL 3.1)

    ssl_prefer_server_ciphers on;

if ($scheme != https) { # 強(qiáng)制 HTTP 跳轉(zhuǎn)至 HTTPS

    # host 與 server_name 等價(jià), redirect/permanent 分別為臨時(shí)跳轉(zhuǎn)/永久跳轉(zhuǎn)

    rewrite ^(.*)$  https://$host$1 permanent;

}

    access_log /var/log/nginx/www.zhongjima.net_access.log;

    error_log   /var/log/nginx/www.zhongjima.net_error.log debug;

#圖片防盜鏈

location ~* \.(gif|jpg|png|bmp|jpeg|swf|flv|avi|mp4)$ {

valid_referers  www.zhongjima.net server_names ~\.baidu\. ~\.sogou\. ~\360\.;

    if ($invalid_referer) {

    #rewrite ^/ www.zhongjima.net;

    return 403;

    }

    }

}


本地私有證書(shū)簽發(fā)參考:Centos Apache基于openssl的https服務(wù)配置

Nginx反向代理詳細(xì)配置參考:Nginx反向代理安裝配置

【騰訊云】云服務(wù)器、云數(shù)據(jù)庫(kù)、COS、CDN、短信等云產(chǎn)品特惠熱賣中

發(fā)表評(píng)論

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: