文章目录
Linux安装Nginx
1.Nginx安装前准备
1.1 安装前确认系统中是否安装gcc、pcre-devel、zlib-devel、openssl-devel依赖
yum list installed | grep gcc
yum list installed | grep pcre-devel
yum list installed | grep zlib-devel
yum list installed | grep openssl-devel
1.2 若有上述依赖未安装
yum -y install gcc pcre-devel zlib-devel openssl-devel
2.下载Nginx
2.1 服务器下载(版本自选)
wget http://nginx.org/download/nginx-$version.tar.gz
例:wget http://nginx.org/download/nginx-1.16.1.tar.gz
2.2 本地下载之后上传
使用XShell、FinalShell等工具上传使用Linux指令上传sftp -oPort=[port] [user]@[ip]
3.安装Nginx
3.1 解压
tar -zxvf nginx-1.16.1.tar.gz
3.2 进入nginx目录
cd nginx-1.16.1
3.3 执行configure脚本,生成 C++ 版本源码
./configure --prefix=$nginx_install_path
例:./configure --prefix=/usr/local/nginx
3.3.1 若提示错误信息
checking for OS
+ Linux 2.6.32-431.el6.x86_64 x86_64
checking for C compiler ... not found
3.3.2 执行以下命令
yum -y install gcc gcc-c++ autoconf automake make
3.4 make编译、安装
make && make install
3.5 测试是否安装成功
cd /usr/local/nginx/
./sbin/nginx -t
正常情况信息输出nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful错误信息nginx: [alert] could not open error log file: open() "/usr/local/nginx/logs/error.log" failed (2: No such file or directory) 2016/09/13 19:08:56 [emerg] 6996#0: open() "/usr/local/nginx/logs/access.log" failed (2: No such file or directory)原因分析:nginx/ 目录下没有logs文件夹解决方法:mkdir logs && chmod 700 logs
3.6 启动Nginx
cd /usr/local/nginx/sbin && ./nginx
3.7 重启命令
cd /usr/local/nginx/sbin && ./nginx -s reload
4.Nginx安装后操作(非必须)
4.1 端口开放
4.1.1 查看80端口是否开启
firewall-cmd --query-port=80/tcp
4.1.2 增加开放80端口
firewall-cmd --add-port=80/tcp --permanent
4.1.3 重启防火墙
systemctl restart firewalld
4.2 配置Nginx开机自启动
4.2.1 在系统服务目录里创建nginx.service文件
vi /usr/lib/systemd/system/nginx.service
写入内容如下:
[Unit]
Description=nginx
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s quit
PrivateTmp=true
[Install]
WantedBy=multi-user.target
4.2.2 设置开机自启动
systemctl enable nginx.service
4.2.3 查看Nginx状态
systemctl status nginx.service
备注:若显示Active: inactive (dead),则需要执行以下操作
pkill -9 nginx
ps aux | grep nginx
systemctl start nginx
4.2.4 重启Linux服务器
reboot
备注:此时Nginx自启动成功
5.优化Nginx(来源:阿里云控制台建议)
5.1 Nginx后端服务指定的Header隐藏状态(隐藏Nginx后端服务X-Powered-By头)
隐藏Nginx后端服务指定Header的状态:
1、打开conf/nginx.conf配置文件;2、在http下配置proxy_hide_header项; 增加或修改为 proxy_hide_header X-Powered-By; proxy_hide_header Server;
5.2 隐藏Nginx服务的Banner(Nginx服务的Banner隐藏状态)
Nginx后端服务指定的Header隐藏状态隐藏Nginx服务Banner的状态:
1、打开conf/nginx.conf配置文件;2、在server栏目下,配置server_tokens项 server_tokens off;
5.3 Nginx的WEB访问日志记录状态(Nginx后端服务指定的Header隐藏状态)
开启Nginx的WEB访问日志记录:
1、打开conf/nginx.conf配置文件;2、在http下配置access_log项 access_log logs/host.access.log main;3、并删除off项 access_log off;
5.4 检查Nginx进程启动账号(Nginx进程启动账号状态,降低被攻击概率)
修改Nginx进程启动账号:
1、打开conf/nginx.conf配置文件;2、查看配置文件的user配置项,确认是非root启动的;3、如果是root启动,修改成nobody或者nginx账号;4、修改完配置文件之后需要重新启动Nginx
6.配置文件及释义
6.1 /config/nginx.conf
6.1.1 简单版本
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
6.2 复杂版本(KMS项目)
user www www;
worker_processes auto;
error_log /data/wwwlogs/error_nginx.log crit;
pid /var/run/nginx.pid;
worker_rlimit_nofile 51200;
events {
use epoll;
worker_connections 51200;
multi_accept on;
}
http {
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 1024m;
client_body_buffer_size 10m;
sendfile on;
tcp_nopush on;
keepalive_timeout 120;
server_tokens off;
tcp_nodelay on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
fastcgi_intercept_errors on;
#Gzip Compression
gzip on;
gzip_buffers 16 8k;
gzip_comp_level 6;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_proxied any;
gzip_vary on;
gzip_types
text/xml application/xml application/atom+xml application/rss+xml application/xhtml+xml image/svg+xml
text/javascript application/javascript application/x-javascript
text/x-json application/json application/x-web-app-manifest+json
text/css text/plain text/x-component
font/opentype application/x-font-ttf application/vnd.ms-fontobject
image/x-icon;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
##Brotli Compression
#brotli on;
#brotli_comp_level 6;
#brotli_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript image/svg+xml;
##If you have a lot of static files to serve through Nginx then caching of the files' metadata (not the actual files' contents) can save some latency.
#open_file_cache max=1000 inactive=20s;
##If you have a lot of static files to serve through Nginx then caching of the files' metadata (not the actual files' contents) can save some latency.
#open_file_cache max=1000 inactive=20s;
#open_file_cache_valid 30s;
#open_file_cache_min_uses 2;
#open_file_cache_errors on;
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Headers X-Requested-With;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
######################## default ############################
server {
listen 8923;
server_name _;
access_log /data/wwwlogs/access_nginx.log combined;
root /data/wwwroot/default;
index index.html index.htm index.php;
#error_page 404 /404.html;
#error_page 502 /502.html;
location /nginx_status {
#stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}
location ~ [^/]\.php(/|$) {
#fastcgi_pass remote_php_ip:9000;
fastcgi_pass unix:/dev/shm/php-cgi.sock;
fastcgi_index index.php;
include fastcgi.conf;
}
include fastcgi.conf;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
expires 30d;
access_log off;
}
location ~ .*\.(js|css)?$ {
expires 7d;
access_log off;
}
location ~ ^/(\.user.ini|\.ht|\.git|\.svn|\.project|LICENSE|README.md) {
deny all;
}
}
########################## vhost #############################
#这里需要在config目录下创建vhost目录,里面根据自己项目需要分类创建不同域名的.conf文件,必须以.conf结尾,被包含到nginx.conf里面
include vhost/*.conf;
}
释义
语法规则: location [=|~|~*|^~] /uri/ { … }
= 开头表示精确匹配
^~ 开头表示uri以某个常规字符串开头,理解为匹配 url路径即可。nginx不对url做编码,因此请求为/static/20%/aa,可以被规则^~ /static/ /aa匹配到(注意是空格)。
~ 开头表示区分大小写的正则匹配
~* 开头表示不区分大小写的正则匹配
!~和!~* 分别为区分大小写不匹配及不区分大小写不匹配 的正则
/ 通用匹配,任何请求都会匹配到。
扫一扫
532
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
