阿汤博客-承接中小企业服务器维护和网站维护,有意者可以联系博主!

Centos7.x+Nginx1.15.x编译安装配置

运维文档 350℃ 0评论

1、解决依赖关系

编译安装nginx需要事先需要安装开发包组"Development Tools"和 "Development Libraries"。同时,还需要专门安装pcre-devel包:

# yum -y install pcre-devel


2、编译安装

首先添加用户nginx,实现以之运行nginx服务进程:

# groupadd -r nginx

# useradd -r -g nginx -s /sbin/nologin nginx

接着开始编译和安装:

#wget http://nginx.org/download/nginx-1.15.2.tar.gz

#tar zxf nginx-1.15.2.tar.gz

#cd nginx-1.15.2

#./configure   –prefix=/usr   –sbin-path=/usr/sbin/nginx   –conf-path=/etc/nginx/nginx.conf   –error-log-path=/var/log/nginx/error.log   –http-log-path=/var/log/nginx/access.log   –pid-path=/var/run/nginx/nginx.pid    –lock-path=/var/lock/nginx.lock   –user=nginx   –group=nginx  –with-http_ssl_module    –with-http_flv_module   –with-http_stub_status_module   –with-http_gzip_static_module   –http-client-body-temp-path=/var/tmp/nginx/client/   –http-proxy-temp-path=/var/tmp/nginx/proxy/   –http-fastcgi-temp-path=/var/tmp/nginx/fcgi/   –http-uwsgi-temp-path=/var/tmp/nginx/uwsgi   –http-scgi-temp-path=/var/tmp/nginx/scgi   –with-pcre

# make && make install

说明:如果想使用nginx的perl模块,可以通过为configure脚本添加–with-http_perl_module选项来实现,但目前此模块仍处于实验性使用阶段,可能会在运行中出现意外,因此,其实现方式这里不再介绍。如果想使用基于nginx的cgi功能,也可以基于FCGI来实现,具体实现方法请参照网上的文档。


3、为nginx提供SysV init脚本:

新建文件/etc/rc.d/init.d/nginx,内容如下:

#!/bin/sh

#

# nginx – this script starts and stops the nginx daemon

#

# chkconfig:   2345 85 15 

# description:  Nginx is an HTTP(S) server, HTTP(S) reverse \

#               proxy and IMAP/POP3 proxy server

# processname: nginx

# config:      /etc/nginx/nginx.conf

# config:      /etc/sysconfig/nginx

# pidfile:     /var/run/nginx.pid

 

# Source function library.

. /etc/rc.d/init.d/functions

 

# Source networking configuration.

. /etc/sysconfig/network

 

# Check that networking is up.

[ "$NETWORKING" = "no" ] && exit 0

nginx="/usr/sbin/nginx"

prog=$(basename $nginx)

 

NGINX_CONF_FILE="/etc/nginx/nginx.conf"

 

[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx

 

lockfile=/var/lock/subsys/nginx

 

make_dirs() {

   # make required directories

   user=`nginx -V 2>&1 | grep "configure arguments:" | sed 's/[^*]*–user=\([^ ]*\).*/\1/g' -`

   options=`$nginx -V 2>&1 | grep 'configure arguments:'`

   for opt in $options; do

       if [ `echo $opt | grep '.*-temp-path'` ]; then

           value=`echo $opt | cut -d "=" -f 2`

           if [ ! -d "$value" ]; then

               # echo "creating" $value

               mkdir -p $value && chown -R $user $value

           fi

       fi

   done

}

 

start() {

    [ -x $nginx ] || exit 5

    [ -f $NGINX_CONF_FILE ] || exit 6

    make_dirs

     [ -d /var/run/nginx ] || mkdir /var/run/nginx

    echo -n $"Starting $prog: "

    daemon $nginx -c $NGINX_CONF_FILE

    retval=$?

    echo

    [ $retval -eq 0 ] && touch $lockfile

    return $retval

}

 

stop() {

    echo -n $"Stopping $prog: "

    killproc $prog -QUIT

    retval=$?

    echo

    [ $retval -eq 0 ] && rm -f $lockfile

    return $retval

}

 

restart() {

    configtest || return $?

    stop

    sleep 1

    start

}

 

reload() {

    configtest || return $?

    echo -n $"Reloading $prog: "

    killproc $nginx -HUP

    RETVAL=$?

    echo

}

 

force_reload() {

    restart

}

 

configtest() {

  $nginx -t -c $NGINX_CONF_FILE

}

 

rh_status() {

    status $prog

}

 

rh_status_q() {

    rh_status >/dev/null 2>&1

}

 

case "$1" in

    start)

        rh_status_q && exit 0

        $1

        ;;

    stop)

        rh_status_q || exit 0

        $1

        ;;

    restart|configtest)

        $1

        ;;

    reload)

        rh_status_q || exit 7

        $1

        ;;

    force-reload)

        force_reload

        ;;

    status)

        rh_status

        ;;

    condrestart|try-restart)

        rh_status_q || exit 0

            ;;

    *)

        echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"

        exit 2

esac

而后为此脚本赋予执行权限:

# chmod +x /etc/rc.d/init.d/nginx

添加至服务管理列表,并让其开机自动启动:

# chkconfig –add nginx

# chkconfig nginx on

#chown -R nginx.nginx /etc/nginx/

#chown -R nginx.nginx /var/run/nginx/

#mkdir -p /var/tmp/nginx/{client,proxy,fastcgi,uwsgi,scgi}

#rm -rf /run/systemd/generator.late/nginx.service

而后就可以启动服务并测试了:

# service nginx start


4、配置反向代理

upstream test {

server localhost:8080 weight=1;

}

server {

listen      80;

server_name test.amd5.cn;

access_log /var/log/nginx/test_access.log;

error_log  /var/log/nginx/test_error.log debug;

location / {

    proxy_pass http://test;

    proxy_redirect off;

    proxy_set_header Host $host;

    proxy_set_header X-Real-IP $remote_addr;

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    client_max_body_size 2m;    #允许客户端请求的最大单文件字节数

    client_body_buffer_size 128k; #缓冲区代理缓冲用户端请求的最大字节数

    proxy_connect_timeout 90;   #nginx跟后端服务器连接超时时间(代理连接超时)

    proxy_read_timeout 90;      #连接成功后,后端服务器响应时间(代理接收超时)

    proxy_buffer_size 4k;       #设置代理服务器(nginx)保存用户头信息的缓冲区大小

    proxy_buffers 6 32k;        #proxy_buffers缓冲区,网页平均在32k以下的话>,这样设置

    proxy_busy_buffers_size 64k; #高负荷下缓冲大小(proxy_buffers*2)

    proxy_temp_file_write_size 64k; #设定缓存文件夹大小,大于这个值,将从upstream服务器传

}

}


5、配置http

server {

    listen      80;

    listen 443 ssl;

    auth_basic  off;

    root        /data/wwwroot;

    index       index.html index.htm;

    server_name www.amd5.cn;

#https配置

    ssl_certificate   /etc/nginx/ssl/www.amd5.cn.pem; # 证书文件

    ssl_certificate_key  /etc/nginx/ssl/www.amd5.cn.key; # 密钥对文件(包含公钥和私钥, 私钥不会发给客户端)

    ssl_session_timeout 5m;

    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # SSL(包括 v3)都有漏洞,应该用 TLS(TLS1.0 = SSL 3.1)

    ssl_prefer_server_ciphers on;

if ($scheme != https) { # 强制 HTTP 跳转至 HTTPS

    # host 与 server_name 等价, redirect/permanent 分别为临时跳转/永久跳转

    rewrite ^(.*)$  https://$host$1 permanent;

}

    access_log /var/log/nginx/www.amd5.cn_access.log;

    error_log   /var/log/nginx/www.amd5.cn_error.log debug;

#图片防盗链

location ~* \.(gif|jpg|png|bmp|jpeg|swf|flv|avi|mp4)$ {

valid_referers  www.amd5.cn server_names ~\.baidu\. ~\.sogou\. ~\360\.;

    if ($invalid_referer) {

    #rewrite ^/ www.amd5.cn;

    return 403;

    }

    }

}


本地私有证书签发参考:Centos Apache基于openssl的https服务配置

Nginx反向代理详细配置参考:Nginx反向代理安装配置

转载请注明:阿汤博客 » Centos7.x+Nginx1.15.x编译安装配置

喜欢 (0)or分享 (0)