1、解决依赖关系
编译安装nginx需要事先需要安装开发包组"Development Tools"和 "Development Libraries"。同时,还需要专门安装pcre-devel包:
# yum -y install pcre-devel
2、编译安装
首先添加用户nginx,实现以之运行nginx服务进程:
# groupadd -r nginx
# useradd -r -g nginx -s /sbin/nologin nginx
接着开始编译和安装:
#wget http://nginx.org/download/nginx-1.15.2.tar.gz
#tar zxf nginx-1.15.2.tar.gz
#cd nginx-1.15.2
#./configure --prefix=/usr --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx/nginx.pid --lock-path=/var/lock/nginx.lock --user=nginx --group=nginx --with-http_ssl_module --with-http_flv_module --with-http_stub_status_module --with-http_gzip_static_module --http-client-body-temp-path=/var/tmp/nginx/client/ --http-proxy-temp-path=/var/tmp/nginx/proxy/ --http-fastcgi-temp-path=/var/tmp/nginx/fcgi/ --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi --http-scgi-temp-path=/var/tmp/nginx/scgi --with-pcre
# make && make install
说明:如果想使用nginx的perl模块,可以通过为configure脚本添加–with-http_perl_module选项来实现,但目前此模块仍处于实验性使用阶段,可能会在运行中出现意外,因此,其实现方式这里不再介绍。如果想使用基于nginx的cgi功能,也可以基于FCGI来实现,具体实现方法请参照网上的文档。
3、为nginx提供SysV init脚本:
新建文件/etc/rc.d/init.d/nginx,内容如下:
#!/bin/sh
#
# nginx – this script starts and stops the nginx daemon
#
# chkconfig: 2345 85 15
# description: Nginx is an HTTP(S) server, HTTP(S) reverse \
# proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /etc/nginx/nginx.conf
# config: /etc/sysconfig/nginx
# pidfile: /var/run/nginx.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
nginx="/usr/sbin/nginx"
prog=$(basename $nginx)
NGINX_CONF_FILE="/etc/nginx/nginx.conf"
[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx
lockfile=/var/lock/subsys/nginx
make_dirs() {
# make required directories
user=`nginx -V 2>&1 | grep "configure arguments:" | sed 's/[^*]*–user=\([^ ]*\).*/\1/g' -`
options=`$nginx -V 2>&1 | grep 'configure arguments:'`
for opt in $options; do
if [ `echo $opt | grep '.*-temp-path'` ]; then
value=`echo $opt | cut -d "=" -f 2`
if [ ! -d "$value" ]; then
# echo "creating" $value
mkdir -p $value && chown -R $user $value
fi
fi
done
}
start() {
[ -x $nginx ] || exit 5
[ -f $NGINX_CONF_FILE ] || exit 6
make_dirs
[ -d /var/run/nginx ] || mkdir /var/run/nginx
echo -n $"Starting $prog: "
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
killproc $prog -QUIT
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
configtest || return $?
stop
sleep 1
start
}
reload() {
configtest || return $?
echo -n $"Reloading $prog: "
killproc $nginx -HUP
RETVAL=$?
echo
}
force_reload() {
restart
}
configtest() {
$nginx -t -c $NGINX_CONF_FILE
}
rh_status() {
status $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart|configtest)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
exit 2
esac
而后为此脚本赋予执行权限:
# chmod +x /etc/rc.d/init.d/nginx
添加至服务管理列表,并让其开机自动启动:
# chkconfig --add nginx
# chkconfig nginx on
#chown -R nginx.nginx /etc/nginx/
#chown -R nginx.nginx /var/run/nginx/
#mkdir -p /var/tmp/nginx/{client,proxy,fastcgi,uwsgi,scgi}
#rm -rf /run/systemd/generator.late/nginx.service
而后就可以启动服务并测试了:
# service nginx start
4、配置反向代理
upstream test {
server localhost:8080 weight=1;
}
server {
listen 80;
server_name test.amd5.cn;
access_log /var/log/nginx/test_access.log;
error_log /var/log/nginx/test_error.log debug;
location / {
proxy_pass http://test;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 2m; #允许客户端请求的最大单文件字节数
client_body_buffer_size 128k; #缓冲区代理缓冲用户端请求的最大字节数
proxy_connect_timeout 90; #nginx跟后端服务器连接超时时间(代理连接超时)
proxy_read_timeout 90; #连接成功后,后端服务器响应时间(代理接收超时)
proxy_buffer_size 4k; #设置代理服务器(nginx)保存用户头信息的缓冲区大小
proxy_buffers 6 32k; #proxy_buffers缓冲区,网页平均在32k以下的话>,这样设置
proxy_busy_buffers_size 64k; #高负荷下缓冲大小(proxy_buffers*2)
proxy_temp_file_write_size 64k; #设定缓存文件夹大小,大于这个值,将从upstream服务器传
}
}
5、配置http
server {
listen 80;
listen 443 ssl;
auth_basic off;
root /data/wwwroot;
index index.html index.htm;
server_name www.amd5.cn;
#https配置
ssl_certificate /etc/nginx/ssl/www.amd5.cn.pem; # 证书文件
ssl_certificate_key /etc/nginx/ssl/www.amd5.cn.key; # 密钥对文件(包含公钥和私钥, 私钥不会发给客户端)
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # SSL(包括 v3)都有漏洞,应该用 TLS(TLS1.0 = SSL 3.1)
ssl_prefer_server_ciphers on;
if ($scheme != https) { # 强制 HTTP 跳转至 HTTPS
# host 与 server_name 等价, redirect/permanent 分别为临时跳转/永久跳转
rewrite ^(.*)$ https://$host$1 permanent;
}
access_log /var/log/nginx/www.amd5.cn_access.log;
error_log /var/log/nginx/www.amd5.cn_error.log debug;
#图片防盗链
location ~* \.(gif|jpg|png|bmp|jpeg|swf|flv|avi|mp4)$ {
valid_referers www.amd5.cn server_names ~\.baidu\. ~\.sogou\. ~\360\.;
if ($invalid_referer) {
#rewrite ^/ www.amd5.cn;
return 403;
}
}
}
本地私有证书签发参考:Centos Apache基于openssl的https服务配置
Nginx反向代理详细配置参考:Nginx反向代理安装配置