努力挣扎的生活 努力挣扎的生活
  • 前端文章

    • JavaScript
  • 学习笔记

    • 《JavaScript教程》
    • 《JavaScript高级程序设计》
    • 《ES6 教程》
    • 《Vue》
    • 《React》
    • 《TypeScript 从零实现 axios》
    • 《Git》
    • TypeScript
    • JS设计模式总结
  • 运维基础
  • 监控
  • 日志系统
  • gitlab安装
  • jenkins安装和管理
  • Jenkins工具集成
  • pipeline流水线
  • Dcoker
  • Kubernetes
  • Nexus
  • Rancher
  • Prometheus
  • ELK(EFK)
  • 虚拟化
  • Mysql
  • PostgreSQL
  • Redis
  • MongoDB
  • clickhouse
关于
  • 分类
  • 标签
  • 归档
  • 收藏
  • 更多
GitHub (opens new window)

yangfk

瑟瑟发抖的小运维
  • 前端文章

    • JavaScript
  • 学习笔记

    • 《JavaScript教程》
    • 《JavaScript高级程序设计》
    • 《ES6 教程》
    • 《Vue》
    • 《React》
    • 《TypeScript 从零实现 axios》
    • 《Git》
    • TypeScript
    • JS设计模式总结
  • 运维基础
  • 监控
  • 日志系统
  • gitlab安装
  • jenkins安装和管理
  • Jenkins工具集成
  • pipeline流水线
  • Dcoker
  • Kubernetes
  • Nexus
  • Rancher
  • Prometheus
  • ELK(EFK)
  • 虚拟化
  • Mysql
  • PostgreSQL
  • Redis
  • MongoDB
  • clickhouse
关于
  • 分类
  • 标签
  • 归档
  • 收藏
  • 更多
GitHub (opens new window)
  • 运维基础

    • nginx 安装
      • Yum 安装
      • 源码安装1.14.0
        • 配置测试页
        • 设置防火墙centos7
        • 浏览器访问
        • Nginx 其他命令
      • PID普通用户启动
      • nginx日志切割
      • 所需安装包下载地址。。。
    • nginx-conf常用示例
    • rsync 服务pull与push
    • linux时间同步
    • 系统参数优化
    • ruby版本升级
    • fpm定制rpm
    • php7_X安装
    • iptables规则
    • tcpdump抓包
    • 公司部署Pritunl-VPN
    • 需求shell脚本记录
    • openldap安装配置
    • Ldap集成常用开源服务示例图
    • ansible基础
    • ansible进阶playbook与Roles
    • centos安装python3
    • Firewalld防火墙
    • Linux配置jdk
    • ubuntu安装ftp
    • minio分布式文件存储
  • 监控

  • 日志系统

  • 安全记录

//
  • 运维
  • 运维基础
yangfk
2019-08-21

nginx 安装

//

# Yum 安装

  • 1,安装Nginx 软件所需依赖包
[root@web ~]# yum install -y gcc gcc-c++ autoconf pcre pcre-devel make automake httpd-tools openssl openssl-devel
1
  • 2,配置官方 yum 源
[root@web ~]# cat /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
1
2
3
4
5
6
  • 3,安装Nginx 服务,启动并加入开机自启动
[root@web ~]# yum install nginx -y

[root@web ~]# systemctl enable nginx
[root@web ~]# systemctl start nginx

1
2
3
4
5
  • 4.通过浏览器访问该服务器ip或url地址

# 源码安装1.14.0

nginx官方下载地址 (opens new window)

  • 1,通过shell脚本快速安装
#!/bin/sh

auther: yangfk
Path=$(cd $(dirname $0); pwd)

#安装基础依赖
yum install -y gcc gcc-c++ make automake autoconf libtool pcre pcre-devel zlib openssl openssl-devel httpd-tools


#下载源码包
cd ${Path}
if [ -f ${Path}/nginx-1.14.0.tar.gz ];then
echo "IS EXIST"
else
wget http://nginx.org/download/nginx-1.14.0.tar.gz -P ${Path}
fi

if [ -d ${Path}/nginx-1.14.0/ ];then
echo "exist nginx-1.14.0"
else
tar xf ${Path}/nginx-1.14.0.tar.gz
fi
cd ${Path}/nginx-1.14.0/

./configure --user=nginx --group=nginx --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-stream_ssl_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-mail --with-mail_ssl_module --with-file-aio --with-stream --with-stream_ssl_module --with-cc-opt='-O2 -g -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic'
if [ $? != 0 ]
then
echo "nginx 编译失败,请再次执行,或检查问题"
exit 1
fi

echo $? sleep 15

#执行编译
make && make install && echo $? sleep 15
if [ $? != 0 ]
then
echo "nginx 编译失败,请再次执行,或检查问题"
exit 2
fi

#创建nginx 启用用户
groupadd nginx
useradd -s /sbin/nologin -g nginx -M nginx

mkdir -p /var/cache/nginx/client_temp


#添加systemctl 文件
cat >>/usr/lib/systemd/system/nginx.service<<'OPOO'
[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/var/run/nginx.pid
ExecStartPre=/usr/bin/rm -f /var/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t
ExecStart=/usr/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
KillMode=process
KillSignal=SIGQUIT
TimeoutStopSec=5
PrivateTmp=true

[Install]
WantedBy=multi-user.target
OPOO


#编辑配置文件
mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
cat >/etc/nginx/nginx.conf<<'OPO'
user  nginx;
worker_processes auto;

pid /var/run/nginx.pid;
error_log /opt/logs/nginx/error.log error;
worker_rlimit_nofile 65535;
events {
    use epoll;
    worker_connections  102400;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format nxlog '$server_name ' 'host-01 ' '$remote_addr ' '$remote_port ' '[$time_local] ' '$request_time ' '$upstream_response_time ' '$status $body_bytes_sent ' '$request $request_body $http_referer ' '"$http_user_agent" ';
    log_format nxlog-cdn '$server_name ' 'host-01 ' '$http_x_forwarded_for ' '$remote_port ' '[$time_local] ' '$request_time ' '$upstream_response_time ' '$status $body_bytes_sent ' '$request $request_body $http_referer ' '"$http_user_agent" ';
    log_format  apilog  '$http_x_forwarded_for $remote_addr $remote_user $server_name $time_local $request $status $request_body $http_referer $body_bytes_sent $http_user_agent $upstream_response_time ';

    access_log /opt/logs/nginx/access.log nxlog;

    sendfile        on;
    tcp_nopush      on;
    tcp_nodelay     on;
    server_tokens off;

    keepalive_timeout  60;
    server_names_hash_bucket_size 128;
    client_header_buffer_size 32k;
    large_client_header_buffers 1 128k;# 4 32k
    client_max_body_size 60m;

    fastcgi_connect_timeout 600;
    fastcgi_send_timeout 600;
    fastcgi_read_timeout 600;
    fastcgi_buffer_size 256k;
    fastcgi_buffers 4 512k;#8 128
    fastcgi_busy_buffers_size 512k;
    fastcgi_temp_file_write_size 512k;
    fastcgi_intercept_errors on;
    include fastcgi_params;

    gzip on;
    gzip_min_length 1k;
    gzip_buffers     1 64k; #4 16
    gzip_http_version 1.0;
    gzip_comp_level 2;
    gzip_types        text/plain application/x-javascript text/css application/xml application/json;
    gzip_vary on;

    #limit_req_zone $binary_remote_addr zone=one:50m rate=15r/s;
    include /etc/nginx/sites-enabled/*.conf;
    include /etc/nginx/conf.d/*.conf;
}
OPO

cat >/etc/nginx/fcgi.conf<<'OPO'
set $path_info "/";
set $real_script_name $fastcgi_script_name;
if ($fastcgi_script_name ~ "^(.+?.php)(/.+)?") {
        set $real_script_name $1;
        set $path_info $2;
}
set $php_self $document_uri;

fastcgi_param  PATH_INFO          $path_info;
fastcgi_param  PHP_SELF           $php_self;

fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;
#fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;

fastcgi_param  SCRIPT_FILENAME    $document_root$real_script_name;
#fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  SCRIPT_NAME        $real_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;
fastcgi_param  KIS_ENV            ONLINE;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;
OPO

systemctl reload nginx

mkdir -p /etc/nginx/sites-enabled/ /opt/logs/nginx && cd /etc/nginx/sites-enabled/
nginx -t

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174

# 配置测试页

#创建目录
mkdir -p /etc/nginx/conf.d/
mkdir -p /data/test

#配置nginx
cat > /etc/nginx/conf.d/test.conf<<OPO
server {
    listen 80;
    listen 443 ssl;
    server_name www.yfklife.cn;
    index index.html index.htm;
    root /data/test;
	
    client_max_body_size 0;
    proxy_max_temp_file_size 0;
    ssl_certificate ssl/yfklife.crt;
    ssl_certificate_key ssl/yfklife.key;
    ssl_session_timeout 10m;
    ssl_protocols TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_ciphers '!aNULL:!MD5:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-WITH-AES128-GCM-SHA256';
}
OPO
echo 'yfk test' > /data/test/index.html

nginx -t && nginx -s reload
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

# 设置防火墙centos7

  • 配置selinux规则

1.临时添加

cat /var/log/audit/audit.log |grep nginx|grep denied |audit2allow -M mynginx
semodule -i mynginx.pp
1
2
  1. 添加开机自启动

openmynginx.png

  • 配置firewalld防火墙
firewall-cmd --add-port={80/tcp,8282/tcp}  #临时添加
firewall-cmd --add-port={80/tcp,8282/tcp} --permanent #永久添加
1
2

# 浏览器访问

从浏览器访问我们配置的站点ip:

nginx_test.png

# Nginx 其他命令

nginx -s reload             # 重新载入配置文件
nginx -s restart            # 重启 Nginx ,生产环境执行 reload 
nginx                       #启动
nginx -s stop               # 停止 Nginx
1
2
3
4

# PID普通用户启动

安全性问题,需要用普通用户去启动nginx,根据你的需求去创建普通用户,是否需要登录(useradd www ,默认没有密码,无法ssh登录,安全)

  • 创建普通用户
groupadd -g 1900 www
useradd -s /sbin/nologin -g www -u 1900 -M www
chown -R www.www /etc/nginx/ /opt/logs/nginx/ /var/cache/nginx/
1
2
3
  • systemd 添加启动用户

vi /usr/lib/systemd/system/nginx.service

[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target

[Service]
User=www
Group=www
Type=forking
PIDFile=/var/run/nginx.pid
ExecStartPre=/usr/bin/rm -f /var/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t
ExecStart=/usr/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
KillMode=process
KillSignal=SIGQUIT
TimeoutStopSec=5
PrivateTmp=true

[Install]
WantedBy=multi-user.target
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
  • 启动
systemctl daemon-reload
systemctl restart nginx
1
2

openmynginx.png

# nginx日志切割

  • 添加日志切割文件

vi /etc/logrotate-nginx.conf


daily
rotate 30
create
dateext
missingok
notifempty
compress
delaycompress

/var/log/nginx/*.log /opt/logs/nginx/*.log {
        su root nginx
        create 640 daemon root
        sharedscripts
        postrotate
            [ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid`
        endscript
}

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
  • 添加定时任务

      crontab -l
      
      5 0 * * * /usr/sbin/logrotate -f /etc/logrotate-nginx.conf >/var/log/cutnginx.log
    

# 所需安装包下载地址。。。

 mkdir soft && cd soft
 wget http://download.yfklife.cn/blog/ops/nginx/nginx-1.8.0.tar.gz
 wget http://download.yfklife.cn/blog/ops/nginx/nginx-1.14.0.tar.gz
 wget http://download.yfklife.cn/blog/ops/nginx/nginx-1.20.2.tar.gz
 
 wget http://download.yfklife.cn/blog/ops/nginx/nginx_status.sh
 
 wget http://download.yfklife.cn/blog/ops/nginx/nginx-1.20.2-1.x86_64.rpm
1
2
3
4
5
6
7
8
//
点击 -->> 给博主买咖啡 (opens new window)
上次更新: 2022/08/25, 08:56:19
nginx-conf常用示例

nginx-conf常用示例→

最近更新
01
Pod探针
12-20
02
kubeadm证书替换
12-20
03
kubeadm安装k8s(版本1.26.0)
12-16
更多文章>
Theme by Vdoing | Copyright © 2019-2023 yangfk | 湘ICP备2021014415号-1
  • 跟随系统
  • 浅色模式
  • 深色模式
  • 阅读模式
×
//