Yum 安装

• 1,安装Nginx 软件所需依赖包

[root@web ~]# yum install -y gcc gcc-c++ autoconf pcre pcre-devel make automake httpd-tools openssl openssl-devel

• 2,配置官方 yum 源

[root@web ~]# cat /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1

• 3,安装Nginx 服务，启动并加入开机自启动

[root@web ~]# yum install nginx -y

[root@web ~]# systemctl enable nginx
[root@web ~]# systemctl start nginx

• 4.通过浏览器访问该服务器ip或url地址

二进制安装1.26.2

 cd /usr/local/src/
 wget http://download.yfklife.cn/blog/ops/nginx/nginx-1.26.2-bin.tar
 tar xf nginx-1.26.2-bin.tar
 cd nginx-1.26.2
 bash 1-config-install-nginx.sh
 systemctl enable nginx --now

源码安装1.14.0

nginx官方下载地址 (opens new window)

• 1,通过shell脚本快速安装

#!/bin/sh

auther: yangfk
Path=$(cd $(dirname $0); pwd)

#安装基础依赖
yum install -y gcc gcc-c++ make automake autoconf libtool pcre pcre-devel zlib openssl openssl-devel httpd-tools


#下载源码包
cd ${Path}
if [ -f ${Path}/nginx-1.14.0.tar.gz ];then
echo "IS EXIST"
else
wget http://nginx.org/download/nginx-1.14.0.tar.gz -P ${Path}
fi

if [ -d ${Path}/nginx-1.14.0/ ];then
echo "exist nginx-1.14.0"
else
tar xf ${Path}/nginx-1.14.0.tar.gz
fi
cd ${Path}/nginx-1.14.0/

./configure --user=nginx --group=nginx --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-stream_ssl_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-mail --with-mail_ssl_module --with-file-aio --with-stream --with-stream_ssl_module --with-cc-opt='-O2 -g -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic'
if [ $? != 0 ]
then
echo "nginx 编译失败，请再次执行，或检查问题"
exit 1
fi

echo $? sleep 15

#执行编译
make && make install && echo $? sleep 15
if [ $? != 0 ]
then
echo "nginx 编译失败，请再次执行，或检查问题"
exit 2
fi

#创建nginx 启用用户
groupadd nginx
useradd -s /sbin/nologin -g nginx -M nginx

mkdir -p /var/cache/nginx/client_temp


#添加systemctl 文件
cat >>/usr/lib/systemd/system/nginx.service<<'OPOO'
[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/var/run/nginx.pid
ExecStartPre=/usr/bin/rm -f /var/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t
ExecStart=/usr/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
KillMode=process
KillSignal=SIGQUIT
TimeoutStopSec=5
PrivateTmp=true

[Install]
WantedBy=multi-user.target
OPOO


#编辑配置文件
mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
cat >/etc/nginx/nginx.conf<<'OPO'
user  nginx;
worker_processes auto;

pid /var/run/nginx.pid;
error_log /opt/logs/nginx/error.log error;
worker_rlimit_nofile 65535;
events {
    use epoll;
    worker_connections  102400;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format nxlog '$server_name ' 'host-01 ' '$remote_addr ' '$remote_port ' '[$time_local] ' '$request_time ' '$upstream_response_time ' '$status $body_bytes_sent ' '$request $request_body $http_referer ' '"$http_user_agent" ';
    log_format nxlog-cdn '$server_name ' 'host-01 ' '$http_x_forwarded_for ' '$remote_port ' '[$time_local] ' '$request_time ' '$upstream_response_time ' '$status $body_bytes_sent ' '$request $request_body $http_referer ' '"$http_user_agent" ';
    log_format  apilog  '$http_x_forwarded_for $remote_addr $remote_user $server_name $time_local $request $status $request_body $http_referer $body_bytes_sent $http_user_agent $upstream_response_time ';

    access_log /opt/logs/nginx/access.log nxlog;

    sendfile        on;
    tcp_nopush      on;
    tcp_nodelay     on;
    server_tokens off;

    keepalive_timeout  60;
    server_names_hash_bucket_size 128;
    client_header_buffer_size 32k;
    large_client_header_buffers 1 128k;# 4 32k
    client_max_body_size 60m;

    fastcgi_connect_timeout 600;
    fastcgi_send_timeout 600;
    fastcgi_read_timeout 600;
    fastcgi_buffer_size 256k;
    fastcgi_buffers 4 512k;#8 128
    fastcgi_busy_buffers_size 512k;
    fastcgi_temp_file_write_size 512k;
    fastcgi_intercept_errors on;
    include fastcgi_params;

    gzip on;
    gzip_min_length 1k;
    gzip_buffers     1 64k; #4 16
    gzip_http_version 1.0;
    gzip_comp_level 2;
    gzip_types        text/plain application/x-javascript text/css application/xml application/json;
    gzip_vary on;

    #limit_req_zone $binary_remote_addr zone=one:50m rate=15r/s;
    include /etc/nginx/sites-enabled/*.conf;
    include /etc/nginx/conf.d/*.conf;
}
OPO

cat >/etc/nginx/fcgi.conf<<'OPO'
set $path_info "/";
set $real_script_name $fastcgi_script_name;
if ($fastcgi_script_name ~ "^(.+?.php)(/.+)?") {
        set $real_script_name $1;
        set $path_info $2;
}
set $php_self $document_uri;

fastcgi_param  PATH_INFO          $path_info;
fastcgi_param  PHP_SELF           $php_self;

fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;
#fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;

fastcgi_param  SCRIPT_FILENAME    $document_root$real_script_name;
#fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  SCRIPT_NAME        $real_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;
fastcgi_param  KIS_ENV            ONLINE;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;
OPO

systemctl reload nginx

mkdir -p /etc/nginx/sites-enabled/ /opt/logs/nginx && cd /etc/nginx/sites-enabled/
nginx -t

配置测试页

#创建目录
mkdir -p /etc/nginx/conf.d/
mkdir -p /data/test

#配置nginx
cat > /etc/nginx/conf.d/test.conf<<OPO
server {
    listen 80;
    listen 443 ssl;
    server_name www.yfklife.cn;
    index index.html index.htm;
    root /data/test;
	
    client_max_body_size 0;
    proxy_max_temp_file_size 0;
    ssl_certificate ssl/yfklife.crt;
    ssl_certificate_key ssl/yfklife.key;
    ssl_session_timeout 10m;
    ssl_protocols TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_ciphers '!aNULL:!MD5:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-WITH-AES128-GCM-SHA256';
}
OPO
echo 'yfk test' > /data/test/index.html

nginx -t && nginx -s reload

设置防火墙centos7

• 配置selinux规则

1.临时添加

cat /var/log/audit/audit.log |grep nginx|grep denied |audit2allow -M mynginx
semodule -i mynginx.pp

2. 添加开机自启动

• 配置firewalld防火墙

firewall-cmd --add-port={80/tcp,8282/tcp}  #临时添加
firewall-cmd --add-port={80/tcp,8282/tcp} --permanent #永久添加

浏览器访问

从浏览器访问我们配置的站点ip：

Nginx 其他命令

nginx -s reload             # 重新载入配置文件
nginx -s restart            # 重启 Nginx ,生产环境执行 reload 
nginx                       #启动
nginx -s stop               # 停止 Nginx

PID普通用户启动

安全性问题，需要用普通用户去启动nginx，根据你的需求去创建普通用户，是否需要登录（useradd www ,默认没有密码，无法ssh登录，安全）

• 创建普通用户

groupadd -g 1900 www
useradd -s /sbin/nologin -g www -u 1900 -M www
chown -R www.www /etc/nginx/ /opt/logs/nginx/ /var/cache/nginx/

• systemd 添加启动用户

vi /usr/lib/systemd/system/nginx.service

[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target

[Service]
User=www
Group=www
Type=forking
PIDFile=/var/run/nginx.pid
ExecStartPre=/usr/bin/rm -f /var/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t
ExecStart=/usr/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
KillMode=process
KillSignal=SIGQUIT
TimeoutStopSec=5
PrivateTmp=true

[Install]
WantedBy=multi-user.target

• 启动

systemctl daemon-reload
systemctl restart nginx

nginx日志切割

• 添加日志切割文件

vi /etc/logrotate-nginx.conf

daily
rotate 30
create
dateext
missingok
notifempty
compress
delaycompress

/var/log/nginx/*.log /opt/logs/nginx/*.log {
        su root nginx
        create 640 daemon root
        sharedscripts
        postrotate
            [ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid`
        endscript
}

• 添加定时任务

    crontab -l
    
    5 0 * * * /usr/sbin/logrotate -f /etc/logrotate-nginx.conf >/var/log/cutnginx.log
  

个人存储下载地址。。。

 mkdir soft && cd soft
 wget http://download.yfklife.cn/blog/ops/nginx/nginx-1.8.0.tar.gz
 wget http://download.yfklife.cn/blog/ops/nginx/nginx-1.14.0.tar.gz
 wget http://download.yfklife.cn/blog/ops/nginx/nginx-1.20.2.tar.gz
 
 wget http://download.yfklife.cn/blog/ops/nginx/nginx_status.sh
 
 wget http://download.yfklife.cn/blog/ops/nginx/nginx-1.20.2-1.x86_64.rpm
 
 
 wget http://download.yfklife.cn/blog/ops/nginx/nginx-1.26.2-bin.tar