Centos安装nginx1.20.2

有志者事竟成6688

已于 2025-02-17 10:49:37 修改

阅读量801

点赞数

文章标签： centos 运维 nginx

于 2023-04-26 10:48:34 首次发布

本文链接：https://blog.youkuaiyun.com/u010792184/article/details/130381284

版权

yum -y install gcc-c++ pcre pcre-devel zlib zlib-devel openssl openssl-devel
yum -y install gcc automake autoconf libtool make

Ubuntu上可以这样安装
sudo aptitude install libdmalloc-dev libcurl4-openssl-dev libpcre3-dev libjemalloc-dev make gcc openssl-dev

安装tengine
(下载的包都放在soft文件夹里面)
（--with-http_stub_status_module --with-http_concat_module 也可省去）
wget http://tengine.taobao.org/download/tengine-2.1.0.tar.gz
tar -xzvf tengine-2.1.0.tar.gz
cd tengine-2.1.0
./configure --prefix=/usr/local/tengine --with-http_stub_status_module --with-http_concat_module

nginx1.20
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --add-module=/root/nginx-sticky --with-http_realip_module --with-http_gzip_static_module --with-http_v2_module --add-module=/root/nginx_upstream_check_module-master

nginx1.26.1

./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_realip_module --with-http_gzip_static_module --with-http_v2_module

make
make install

创建用户组和用户

groupadd www
useradd -g www www
编辑主配置文件

vi /usr/local/nginx/conf/nginx.conf

user www www;   #指定运行的用户和用户组
worker_processes 4;    #指定要开启的进程数，一般为CPU的核心数或两倍
error_log logs/error.log crit;        #全局日志 debug|info|notice|warn|error|crit
pid        logs/nginx.pid;      #指定进程id的存储文件位置
worker_rlimit_nofile 65535;

events {
    use epoll; #对于Linux系统epoll工作模式是首选
    worker_connections 65536; #每个进程的最大连接数
    #在执行操作系统命令"ulimit -n 65536"后worker_connections的设置才能生效
}

http {
    include       mime.types;
    default_type application/octet-stream;
    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log logs/access.log main;
    charset utf-8;

    server_names_hash_bucket_size 256;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 128k; #最大缓存为4个128KB
    client_max_body_size 20m;   #允许客户端请求的最大的单个文件字节数

    sendfile on;        #开启高效文件传输模式
    tcp_nopush on;      #用于防止网络阻塞
    tcp_nodelay on;     #用于防止网络阻塞

    keepalive_timeout 60;      #超过这个时间之后服务器会关闭该连接
    client_header_timeout 10;   #客户端请求头读取超时时间，超过这个时间客户端还没发数据NGINX就返回408错误
    client_body_timeout 10;     #客户端请求主体读取超时时间，超过这个时间客户端还没发数据NGINX就返回408错误

    server_tokens on;   #不显示nginx版本信息

    include gzip.conf; #HttpGzip的配置文件
    include proxy.conf; #配置代理文件
    include vhost.conf; #虚拟主机的配置文件
    include backend.conf;       #配置后端的服务器列表文件

}

limit_req_zone $binary_remote_addr zone=req_one:10m rate=1r/s;
#10m是会话状态存储空间 rate=1r/s是每个地址每秒只能请求一次   （在vhost.conf还有配置）
limit_conn_zone $binary_remote_addr zone=req_one:10m;
#设置IP并发（在vhost.conf还有配置）
编辑HttpGzip的配置文件

vi /usr/local/nginx/conf/gzip.conf

gzip on;
gzip_min_length 1k;     #设置允许压缩的页面最小字节数。
gzip_buffers 4 16k;     #用来存储gzip的压缩结果
gzip_http_version 1.1; #识别HTTP协议版本
gzip_comp_level 2;      #设置gzip的压缩比 1-9 1压缩比最小但最快 9相反
gzip_types text/plain application/x-javascript text/css application/xml;        #指定压缩类型
gzip_proxied any;       #无论后端服务器的headers头返回什么信息，都无条件启用压缩
gzip_vary on;
gzip_disable "MSIE [1-6].";     #禁用IE6的gzip压缩
复制代码
编辑代理文件

vi /usr/local/nginx/conf/proxy.conf

proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_body_buffer_size 512k;
proxy_connect_timeout 30;
proxy_read_timeout 30;
proxy_send_timeout 30;
proxy_buffer_size 32k;
proxy_buffers 4 64k;
proxy_busy_buffers_size 128k;

编辑虚拟主机的配置文件

vi /usr/local/nginx/conf/vhost.conf

server {
    listen 80;
    server_name localhost;
    index index.jsp index.htm index.html;
    root /usr/local/tomcat7/webapps/ROOT;

    location / {
        proxy_pass http://backend;
        proxy_pass_header Set-Cookie;
    }

    location /NginxStatus {
        stub_status on;
        access_log off;
        auth_basic "NginxStatus";
    }
}

location ~ .*\.(zip|thumb)$ {
        root /usr/local/download;
　　 limit_conn req_one 1;    #IP下载并发为1 req_one在nginx.conf中配置的 limit_conn_zone $binary_remote_addr zone=req_one:10m;
        limit_rate 500k;        #限速500k
        expires 30d;
    }

limit_req zone=req_one burst=100; #req_one在nginx.conf中有配置,当超过rate时请求就会放到burst中burst也满了就503 req_one在nginx.conf中配置的 llimit_req_zone $binary_remote_addr zone=req_one:10m rate=100r/s;

limit_rate_after 3m;
limit_rate 512k;    这两句话的意思是先以最快的速度下载3MB，然后再以512KB的速度下载。

将扩展名为zip,thumb的静态文件都交给Nginx处理，root为静态文件的目录，而expires用为指定静态文件的过期时间30天。

location ~ ^/(upload|download)/ {
        root /usr/local;
        expires 30d;
}

将upload,download下的所有文件都交给Nginx处理，upload和download目录包含在/usr/local目录中

编辑后端的服务器列表文件

vi /usr/local/nginx/conf/backend.conf

upstream backend {
    ip_hash;
    server 127.0.0.1:8080 max_fails=1 fail_timeout=60s;
}

4、设置Tengine开机启动

vi /etc/rc.d/init.d/nginx

#!/bin/bash
# Tengine Startup script# processname: nginx
# chkconfig: - 85 15
# description: nginx is a World Wide Web server. It is used to serve
# pidfile: /var/run/nginx.pid
# config: /usr/local/nginx/conf/nginx.conf
nginxd=/usr/tengine/sbin/nginx
nginx_config=/usr/tengine/conf/nginx.conf
nginx_pid=/usr/tengine/logs/nginx.pid
RETVAL=0
prog="nginx"
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
[ -x $nginxd ] || exit 0
# Start nginx daemons functions.
start() {
if [ -e $nginx_pid ];then
rm -f /var/lock/subsys/nginx /usr/tengine/logs/nginx.pid
fi
echo -n $"Starting $prog: "
daemon $nginxd -c ${nginx_config}
RETVAL=$?
echo
[ $RETVAL = 0 ] && touch /var/lock/subsys/nginx
return $RETVAL
}
# Stop nginx daemons functions.
stop() {
echo -n $"Stopping $prog: "
killproc $nginxd
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f /var/lock/subsys/nginx /usr/tengine/logs/nginx.pid
}
reload() {
echo -n $"Reloading $prog: "
#kill -HUP `cat ${nginx_pid}`
killproc $nginxd -HUP
RETVAL=$?
echo
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
stop
start
;;

status)
status $prog
RETVAL=$?
;;
*)
echo $"Usage: $prog {start|stop|restart|reload|status|help}"
exit 1
esac
exit $RETVAL

chmod 775 /etc/rc.d/init.d/nginx   #赋予文件执行权限
chkconfig --level 012345 nginx on   #设置开机启动
service nginx start

tengine反向代理数据库过程：
安装：
下载tengine-2.3.2.tar.gz
./configure --prefix=/http/tengine --with-http_stub_status_module --with-stream

./configure --prefix=/usr/tengine --with-http_ssl_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_v2_module --add-module=modules/ngx_http_upstream_session_sticky_module --add-module=modules/ngx_http_concat_module

nginx1.20.2
http://nginx.org/en/download.html
./configure --prefix=/usr/nginx --with-http_stub_status_module --with-http_ssl_module --add-module=/root/nginx-sticky --with-http_realip_module --with-http_gzip_static_module --with-http_v2_module --add-module=/root/nginx_upstream_check_module-master

make
make install

配置文件：
1、Nginx配置Oracle代理
#user nobody;
worker_processes 1;

#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;

#pid        logs/nginx.pid;
events {
    worker_connections 1024;
}
stream {
    upstream oracle {
        server 172.16.10.222:1521 weight=1 max_fails=2 fail_timeout=30s;
    }
server {
        listen       3335;
        proxy_connect_timeout 1s;
        proxy_timeout 3s;
        proxy_pass oracle;
    }
}
2、Nginx配置MySql代理
Nginx 配置mysql代理 -- 基于nginx1.9以上 stream module，stream 模块用于一般的 TCP 代理和负载均衡。

#user nobody;
worker_processes 1;

#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;

#pid        logs/nginx.pid;

events {
    worker_connections 1024;
}

stream {
    upstream sql {
        server 172.16.10.229:3306 weight=1 max_fails=2 fail_timeout=30s;
    }
    server {
       listen     3333;
       proxy_connect_timeout 1s;
       proxy_timeout 3s;
       proxy_pass sql;
    }
}
3、Nginx配置SqlServer代理
#user nobody;
worker_processes 1;

#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;

#pid        logs/nginx.pid;

events {
    worker_connections 1024;
}

stream {

    upstream sqlserver {
        server 172.16.10.167:1433 weight=1 max_fails=2 fail_timeout=30s;
    }

    server {
       listen       3334;
       proxy_connect_timeout 1s;
       proxy_timeout 3s;
       proxy_pass sqlserver;
    }
}
4、最后是Nginx代理WebService的配置
#user nobody;
worker_processes 4;

#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;

#pid        logs/nginx.pid;

events {
    worker_connections 1024;
}

http {
    include       mime.types;
    default_type application/octet-stream;

    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log logs/access.log main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout 0;
    keepalive_timeout 65;

    upstream esbServer {
        server 127.0.0.1:8083 weight=1 max_fails=2 fail_timeout=30s;
    }

    #gzip on;

    server {
        listen       8081;
        server_name localhost;

        #charset koi8-r;

        #access_log logs/host.access.log main;

        location /ladder_web {
            proxy_set_header X-real-ip $remote_addr;
            proxy_pass http://esbServer;
        }
    }
}

ip白名单设置：

location /zcms {
proxy_pass http://xxx;
   include proxy.conf;
   proxy_set_header X-Real-IP $remote_addr;
   add_header X-XSS-Protection "1; mode=block";
allow 124.232.152.0/24;
   allow 220.168.57.0/24;
   allow 42.48.30.0/24;
   allow 218.104.147.0/24;
   allow 218.76.49.0/24;
   allow 192.168.0.0/16;
deny all;
   }

拦截带某路径的所有url:

location ~ ^(/[^/]*)?/druid(/.*)?$ {
deny all;
}
location ~ ^(/[^/]*)?/actuator(/.*)?$ {
deny all;
}

配置ip白名单：

proxy_set_header X-Real-IP $remote_addr;

add_header X-XSS-Protection "1; mode=block";

allow 124.232.152.224;

allow 218.76.49.0/24;

allow 222.247.149.226;

allow 222.247.189.14;

allow 101.80.76.185;

allow 222.244.194.157;

deny all;

nginx1.22.1安装：

896 ls
897 cd /root/
898 ls
899 ll
900 tar -xvzf nginx-1.22.1.tar.gz
901 ls
902 cd nginx-1.22.1
903 ls
904 cd nginx-1.22.1
905 ls
906 ll
907 top
908 openssl
909 openssl -v
910 openssl -version
911 openssl version
912 ls
913 ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --add-module=/root/nginx-sticky-module-ng
914 ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --add-module=/root/nginx-sticky
915 ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --add-module=/root/nginx-sticky --add-module=nginx_upstream_check_module-master
916 cd nginx-sticky/
917 ls
918 cd ..
919 ll
920 cd nginx_upstream_check_module-master/
921 ls
922 cd ..
923 ls
924 ll
925 wget https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/08a395c66e42.zip
926 ls
927 cd nginx_upstream_check_module-master/
928 ls
929 ll
930 cd ..
931 cd nginx-1.22.1
932 ls
933 ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --add-module=/root/nginx-sticky --add-module=/root/nginx_upstream_check_module-master
934 make -j 4 && make install