nginx一键安装脚本

最新推荐文章于 2025-08-08 10:31:49 发布
最新推荐文章于 2025-08-08 10:31:49 发布
阅读量170 收藏
点赞数
CC 4.0 BY-SA版权
文章标签: 数据库 运维 lua
原文链接:http://www.cnblogs.com/jcici/p/9990565.html

nginx一键安装脚本

[root@cc nginx]# cat nginx_install.sh
#!/bin/bash
#	> File Name: nginx_install.sh
# 	> Author: cc
# 	> mail: 547253687@qq.com
# 	> Created Time: Fri 16 Nov 2018 11:02:58 AM CST

INSTALL_DIR=/usr/local
SRC_DIR=/root
NGINX_LUA="nginx-tengine+lua"
GEOIP="GeoIP-1.4.8"
SOCK="sock"
CONF="/root/nginx-tengine+lua/conf"
NGINX_DIR="/usr/local/tengine"
system_version=`grep -o "[0-9].*[0-9]" /etc/redhat-release | awk '{print int($0)}'`


[ ! -d ${INSTALL_DIR} ] && mkdir -p ${INSTALL_DIR}
[ ! -d ${SRC_DIR} ] && mkdir -p ${SRC_DIR}
[ ! -d ${SRC_DIR}$SOCK ] && mkdir -p ${INSTALL_DIR}/$SOCK

if [ $(id -u) != "0" ]; then
	echo "Error: you must be root to run this script!"
	exit 1
fi

##颜色输出函数
red_echo(){
	local what=$*
	echo -e "\e[1;31m ********************* \e[0m"
	echo -e "\e[1;31m ${what} \e[0m"
	echo -e "\e[1;31m ********************* \e[0m"
}
blue_echo()
{
	local what=$*
	echo -e "\e[1;32m --------------------- \e[0m"
	echo -e "\e[1;32m ${what} \e[0m"
	echo -e "\e[1;32m --------------------- \e[0m"
}

##yum安装相关变量包
Install_Package()
{
for Package in lrzsz openssl-devel zlib zlib-devel pcre pcre-devel geoip-devel patch iptables iptables-services c++ gcc-c++ telnet curl curl-devel vim make wget lua lua-devel tcl ipset patch ntpdate
do
	yum -y install $Package
done
}

If_Success()
{
if [ $? -eq 0 ]
        then
	echo -e "\033[32m ------------------- \033[0m"
        echo -e "\033[32m $1 $2 Success!!! \033[0m"
	echo -e "\033[32m ------------------- \033[0m"
else 
	echo -e "\033[31m ******************* \033[0m"
        echo -e "\033[31m $1 $2 Failure!!! \033[0m"
	echo -e "\033[31m ******************* \033[0m"
fi
sleep 5
}

##centos7以下手动编译Geoip库,在下面函数将此函数调用即可
If_GeoIp()
{
cd ${SRC_DIR}/${NGINX_LUA}/${GEOIP}
./configure
If_Success "Configure" "GeoIp"
make
If_Success "Make" "GeoIp"
make install
If_Success "Install" "GeoIp"
}

Install_Nginx()
{
NGINX="tengine-2.2.2"
PCRE="pcre-8.40"
ZLIB="zlib-1.2.11"
OPENSSL="openssl-1.0.2p"
ACCESSKEY="nginx-accesskey-2.0.3"


##解压准备好的包
cd ${SRC_DIR}
echo "Extracting ${NGINX_LUA}"
tar -xzf ${NGINX_LUA}.tar.gz
cd ${SRC_DIR}/${NGINX_LUA}
echo "Done..."

##下载安装包
:<<!
cd ${SRC_DIR}/${NGINX_LUA}
echo 'Downloading NGINX'
if [ ! -f ${NGINX}.tar.gz ]
then
  wget -c http://nginx.org/download/${NGINX}.tar.gz
else
  echo 'Skipping: NGINX already downloaded'
fi

echo 'Downloading PCRE'
if [ ! -f ${PCRE}.tar.gz ]
then
  wget -c https://sourceforge.net/projects/pcre/files/pcre/8.35/${PCRE}.tar.gz
else
  echo 'Skipping: PCRE already downloaded'
fi

echo 'Downloading ZLIB'
if [ ! -f ${ZLIB}.tar.gz ]
then
  wget -c http://zlib.net/${ZLIB}.tar.gz
else
  echo 'Skipping: ZLIB already downloaded'
fi

echo 'Downloading OPENSSL'
if [ ! -f ${OPENSSL}.tar.gz ]
then
  wget -c http://www.openssl.org/source/${OPENSSL}.tar.gz
else
  echo 'Skipping: OPENSSL already downloaded'
fi

echo '----------Unpacking downloaded archives. This process may take serveral minutes---------'

echo "Extracting ${NGINX}..."
tar xzf ${NGINX}.tar.gz
echo 'Done.'

echo "Extracting ${PCRE}..."
tar xzf ${PCRE}.tar.gz
echo 'Done.'

echo "Extracting ${ZLIB}..."
tar xzf ${ZLIB}.tar.gz
echo 'Done.'

echo "Extracting ${OPENSSL}..."
tar xzf ${OPENSSL}.tar.gz
echo 'Done.'
!

##创建用户
groupadd nginx
useradd -g nginx nginx

##系统为7以下时打开
if [ $system_version -ne 7 ]
then
	If_GeoIp
else
        echo "pass..."
fi

##编译
echo '###################'
echo 'Compile NGINX'
echo '###################'
cd ${SRC_DIR}/${NGINX_LUA}/${NGINX}
./configure --prefix=${INSTALL_DIR}/tengine \
--user=nginx --group=nginx \
--lock-path=/var/run/nginx.lock \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/var/run/nginx.pid \
--with-http_secure_link_module \
--with-http_random_index_module \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_gzip_static_module \
--with-http_stub_status_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_auth_request_module \
--with-http_v2_module \
--with-http_addition_module \
--with-http_sub_module \
--with-file-aio \
--with-http_geoip_module \
--with-pcre=../${PCRE} \
--with-openssl=../${OPENSSL} \
--with-zlib=../${ZLIB} \
--add-module=../ngx_cache_purge-master \
--add-module=../echo-nginx-module \
--add-module=../file-md5-master \
--add-module=../${ACCESSKEY} \
--add-module=../lua-nginx-module-master \
--add-module=../nginx_tcp_proxy_module-master \
--with-cc-opt='-O2 -g -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' \
--with-ld-opt=-Wl,-rpath,/usr/local/lib
If_Success "Configure"

make
If_Success "Make" "NGINX"

make install
If_Success "Install" "NGINX"
}

##创建sock
Create_Sock()
{
SOCKPACK="sockproc-master"
SHELL="shell"


cd ${SRC_DIR}/${NGINX_LUA}/${SOCKPACK}
chmod u+x sockproc
./sockproc /tmp/$SHELL.sock
chmod 0666 /tmp/$SHELL.sock
}

##安装redis
Install_Redis()
{
REDIS="redis-5.0.0"
WORK_REDIS="/etc/redis"

[ ! -d ${WORK_REDIS} ] && mkdir -p ${WORK_REDIS}

cd ${SRC_DIR}/${NGINX_LUA}
echo 'Downloading Redis...'
if [ ! -f ${REDIS}.tar.gz ]
then
	wget -c http://download.redis.io/releases/${REDIS}.tar.gz
else
	echo "Skipping: REDIS already downloaded..."
fi
echo "Extracting ${REDIS}..."
tar xzf ${REDIS}.tar.gz -C ${INSTALL_DIR}
echo "Done..."

cd ${INSTALL_DIR}/${REDIS}
make
If_Success "Make" "REDIS"
make install
If_Success "Install" "REDIS"

cd ${INSTALL_DIR}/${REDIS}/src
cp -a redis-server redis-benchmark redis-cli ${WORK_REDIS}
cp -a ${CONF}/redis.conf ${WORK_REDIS}
cd ${WORK_REDIS}
./redis-server redis.conf > /dev/null 2>&1 &
sleep 3
netstat -tunlp | grep redis > /dev/null 2>&1
if [ $? -eq 0 ] 
then
        blue_echo "Redis in started..."
else
        red_echo "Error:Redis started failed..."
fi
}

##安装ipset以及创建ipset表
Install_Ipset()
{
IPSET="ipset-6.38"
IPTABLES_CONF="/etc/sysconfig"
IPSET_CONF="/usr/local/ipset"

##安装
cd ${SRC_DIR}/${NGINX_LUA}
ipset version > /dev/null 2>&1
if [ $? -ne 0 ]
then
	wget http://ipset.netfilter.org/${IPSET}.tar.bz2
	echo "Extracting ${IPSET}..."
	tar xf ${SRC_DIR}/${NGINX_LUA}/${IPSET}.tar.bz2
	echo "Done..."
	cd ${SRC_DIR}/${NGINX_LUA}/${IPSET}
	./configure > /dev/null 2>&1
	if [ $? -eq 0 ]
	then
		If_Success "Configure" "IPSET"
		make
		If_Success "Make" "IPSET"
		make install
		If_Success "Install" "IPSET"
	else
		wget http://www.rpmfind.net/linux/centos/6.10/updates/x86_64/Packages/kernel-devel-2.6.32-754.3.5.el6.x86_64.rpm
		rpm -ivh kernel-devel-2.6.32-754.3.5.el6.x86_64.rpm
		./configure
		If_Success "Configure" "IPSET"
                make
                If_Success "Make" "IPSET"
                make install
                If_Success "Install" "IPSET"
	fi
else
	echo "Skipping: IPSET already install..."
fi

##创建
ipset create timeout hash:ip maxelem 100000 timeout 300	##参数说明,timeout是表(集合)名,以 hash 方式存储,存储内容是 IP 地址,ipset默认可以存储65536个element,使用maxelem指定数量,只存放300秒,即300秒后解除限制
ipset create bmd hash:ip maxelem 100000	##白名单列表,永久生效
ipset create black hash:ip maxelem 100000	##黑名单,永久限制
ipset create ssh hash:ip maxelem 100000		##办公出口ip表

##添加ssh白名单
ipset add ssh 192.168.2.200


##添加防火墙规则
/usr/bin/systemctl stop firewalld.service > /dev/null 2>&1
/usr/bin/systemctl disable firewalld.service > /dev/null 2>&1
\cp -a ${CONF}/iptables* ${IPTABLES_CONF}
if [ $system_version -eq 7 ]
then
	/usr/bin/systemctl restart iptables > /dev/null 2>&1
	if [ $? -eq 0 ]
	then
	        iptables -I INPUT -m set --match-set timeout src -j DROP        #添加定时黑名单
	        iptables -I INPUT -m set --match-set black src -j DROP          #添加黑名单
	        iptables -I INPUT -m set --match-set bmd src -j ACCEPT        #添加白名单
			iptables -I INPUT -m set --match-set ssh src -p tcp --destination-port 22 -j ACCEPT #创建防火墙规则,与此同时,允许ssh这个ipset里的ip访问22端口
	        iptables -I INPUT -p tcp --dport 80 -j ACCEPT                   #允许80访问
	        iptables -I INPUT -p tcp --dport 443 -j ACCEPT                  #允许443访问
	        service iptables save
	        /usr/bin/systemctl restart iptables > /dev/null 2>&1
	        if [ $? -eq 0 ]
	        then
	                blue_echo "Iptables is started..."
	        else
	                red_echo "Error:Iptables started failed..."
	        fi
	else
	       red_echo "Error:Iptables started failed..."
	fi
else
	service iptables restart > /dev/null 2>&1
	if [ $? -eq 0 ]
	then
	        iptables -I INPUT -m set --match-set timeout src -j DROP        #添加定时黑名单
	        iptables -I INPUT -m set --match-set black src -j DROP          #添加黑名单
	        iptables -I INPUT -m set --match-set bmd src -j ACCEPT        #添加白名单
		iptables -I INPUT -m set --match-set ssh src -p tcp --destination-port 22 -j ACCEPT #创建防火墙规则,与此同时,允许ssh这个ipset里的ip访问22端口
	        iptables -I INPUT -p tcp --dport 80 -j ACCEPT                   #允许80访问
	        iptables -I INPUT -p tcp --dport 443 -j ACCEPT                  #允许443访问
	        service iptables save
	        service iptables restart > /dev/null 2>&1
	        if [ $? -eq 0 ]
	        then
	                blue_echo "IPTALBES is started..."
	        else
	                red_echo "Error:Iptables started failed..."
	        fi
	else
	        red_echo "Error:Iptables started failed..."
	fi
fi

##配置文件持久化
[ ! -d ${IPSET_CONF} ] && mkdir -p ${IPSET_CONF}

echo '''0 */8 * * *  /usr/sbin/ntpdate ntp1.aliyun.com;/sbin/hwclock -w
*/1 * * * * /usr/sbin/ipset save black > /usr/local/ipset/black.txt
*/1 * * * * /usr/sbin/ipset save timeout > /usr/local/ipset/timeout.txt
*/1 * * * * /usr/sbin/ipset save bmd > /usr/local/ipset/bmd.txt
*/1 * * * * /usr/sbin/ipset save ssh > /usr/local/ipset/ssh.txt''' >> /var/spool/cron/root
}

##系统优化
System_Optimization()
{
echo ulimit -n 65535 >> /etc/profile
source /etc/profile
echo '''fs.nr_open = 1048576
fs.nr_open = 1048576
fs.file-max = 51200
net.ipv4.tcp_congestion_control = hybla
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_synack_retries = 3
net.ipv4.tcp_syn_retries = 3
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 30
kernel.pid_max = 32768
#net.ipv4.ip_conntrack_max = 10240
net.ipv4.ip_local_port_range = 1024  65535
vm.overcommit_memory=1''' >> /etc/sysctl.conf
sysctl -p

cp -a /etc/security/limits.conf /etc/security/limits.conf.bak
echo '''* soft nofile 65535
* hard nofile 65535
* soft nproc 65535
* hard nproc 65535''' >> /etc/security/limits.conf

cp -a /etc/security/limits.d/20-nproc.conf /etc/security/limits.d/20-nproc.conf.bak
echo '''*          soft    nproc     65535
root       soft    nproc     unlimited''' > /etc/security/limits.d/20-nproc.conf
}

##拷贝文件
Copy_File()
{
NGINX_FILE="/root/nginx-tengine+lua"

mkdir -p /home/nginx/logs
mkdir -p /data/proxy_cache_path
mkdir -p /data/proxy_temp_path
chown nginx:nginx /data -R

cd ${NGINX_FILE}
\cp -a geoip lua lualib ${NGINX_DIR}/conf
\cp -a ${CONF}/nginx.conf ${NGINX_DIR}/conf
mkdir ${NGINX_DIR}/conf/vhosts

chown nginx:nginx ${NGINX_DIR} -R
}

##启动nginx
NGINX_START()
{
${NGINX_DIR}/sbin/nginx
if [ $? -eq 0 ]
then 
	blue_echo "Nginx is started..."
else
	red_echo "Error:Nginx started faild..."
fi
}

Install_Package
Install_Nginx
Create_Sock
Install_Redis
Install_Ipset
System_Optimization
Copy_File
NGINX_START

 

开机脚本

[root@cc nginx]# cat inotify.sh 
#!/bin/bash
#	> File Name: inotify.sh
# 	> Author: cc
# 	> mail: 547253687@qq.com
# 	> Created Time: Fri 16 Nov 2018 11:02:58 AM CST

system_version=`grep -o "[0-9].*[0-9]" /etc/redhat-release | awk '{print int($0)}'`

rm -rf /usr/local/ipset/shell.sock && /root/nginx-tengine+lua/sockproc-master/sockproc /tmp/shell.sock && chmod 0666 /tmp/shell.sock
/etc/redis/redis-server /etc/redis/redis.conf >/dev/null 2>&1 &
/usr/sbin/ipset restore </usr/local/ipset/black.txt
/usr/sbin/ipset restore </usr/local/ipset/timeout.txt
/usr/sbin/ipset restore </usr/local/ipset/bmd.txt
/usr/sbin/ipset restore </usr/local/ipset/ssh.txt

if [ $system_version -eq 7 ]
then
        /usr/bin/systemctl restart iptables
else
	/sbin/service iptables restart
fi

 

转载于:https://www.cnblogs.com/jcici/p/9990565.html

centos7 Nginx一键安装自动化脚本
weixin_42115825的博客
04-21 749
离线环境下 centos7 环境下Nginx一键安装自动化脚本
nginx一键安装包含自动安装脚本
03-15
linux系统nginx一键自动离线安装包,含安装脚本。内含zlib、pcre、openssl、nginx安装
一键安装nginx的shell脚本
最新发布
2301_77985135的博客
08-08 129
本文介绍了一个自动化安装Nginx的Shell脚本,适用于Ubuntu/CentOS等主流Linux系统。脚本功能包括:修改主机名(需运行时传入参数)、关闭防火墙和SELinux、下载并编译安装Nginx 1.28.0版本(含SSL、HTTP/2/3等模块)、配置环境变量及开机自启。使用时需注意:1)执行脚本需带主机名参数;2)已包含必要的依赖安装;3)编译参数可根据需求调整。该脚本实现了从环境准备到服务部署的一键式自动化流程。
Nginx脚本一键安装
weixin_34365635的博客
09-21 253
#!/bin/bash #判断是否是roo用户 if[$(id-u)!="0"];then echo"Error:Youmustberoottorunthisscript" fi #每次使用只需修改自定义内容即可 #自定义用户名和组 User="nginx" Group="nginx" #自定义nginx变量 Install_Pa...
nginx 一键安装脚本
weixin_30498807的博客
08-22 139
#/bin/bash#install nginx#envPATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bininstall_path=/usr/local/src#check rootNowUser=`id -u -n`if [[ $NowUser != 'root' ]]then echo ...
Nginx一键安装脚本
热门推荐
平庸
07-21 2万+
傻瓜式安装Nginx
Nginx 一键安装脚本(源码、YUM)
abel_dwh的博客
05-13 867
#!bin/bash #Date 20190313 #Auth Abel #时间设置 Time=`date "+%Y-%m-%d_%H:%M:%S"` #查看系统版本 #OS=`cat /etc/redhat-release |awk -F' ' '{print $4}'|awk -F'.' '{print $1}'` OS=`cat /etc/redhat-release|sed -r 's...
一键安装nginx脚本
2403_89838185的博客
05-05 152
【代码】一键安装nginx脚本
Nginx一键部署安装脚本
jobsxyz的博客
02-15 881
Nginx一键安装部署脚本,是一个高性能的HTTP和反向代理web服务器, 在企业生产环境中常常使用yum或编译安装Nginx
nginx一键安装部署脚本
qq_47905850的博客
06-30 756
前言: 本脚本纯属个人的想法,若有提议请在下部留言。 创建脚本 #!/bin/bash rpm -qa | grep -q wget if [ $? -ne 0 ];then read -ep '未发现wget工具,是否尝试自动安装(y/n):' install_wget if [ $install_wget = y -o $install_wget = Y ];then echo '开始安装wget....' yum -y install wget
Nginx 一键安装脚本(几分钟搞定)
凉城凉心凉忆悲
11-25 2308
简单写一个 Nginx 一键脚本方便自己使用,欢迎大家进行改进分享。适应操作系统:CentOS 7。启动 Nginx 、访问测试。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值