準備作業
gcc
gcc是Linux的編譯器,可以編譯 C、C++、Ada、Object C和Java等語言,后面安裝nginx會用到,所以確定你的Linux服務器是否已經安裝,一般來說都是默認安裝的,
- 查看gcc版本
gcc -v
- gcc 安裝命令
yum -y install gcc
pcre和pcre-devel
nginx的http模塊使用pcre來決議正則運算式,
yum install -y pcre pcre-devel
zlib
nginx使用zlib對http包的內容進行gzip,
yum install -y zlib zlib-devel
openssl
openssl用于資料鏈路通信安全加密,
yum install -y openssl openssl-devel
安裝nginx
- 去官網獲取最新穩定版本下載鏈接,官網下載頁面地址:http://nginx.org/en/download.html
2. 在linux上,利用wget命令下載nginx
wget http://nginx.org/download/nginx-1.20.1.tar.gz
- 解壓到你要存放的目標,我這里是放在/application,解壓完畢,會看到對應的目錄里面多出一個nginx-1.20.1的檔案夾
tar -zxvf nginx-1.20.1.tar.gz -C /application
- 切換到對應的解壓目錄,對nginx進行編譯安裝,按以下步驟執行命令,
# 不需要https模塊的, 這里只輸入./configure即可
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
# 編譯
make
# 安裝
make install
- 啟動nginx,當make install命令執行完,我們會看到/usr/local會多出一個nginx檔案夾,我們切換到/usr/local/nginx/sbin,進行啟動nginx,如果需要修改埠等其他配置資訊,進入/usr/local/nginx/conf修改nginx.conf的里面的資訊,
# 啟動
./nginx -s start
# 重繪配置
./nginx -s reload
# 停止nginx
./nginx -s stop
# 查看nginx是否啟動成功
ps -ef | grep nginx
配置nginx開機自啟
- 在/etc/init.d下創建檔案nginx,具體可參考官網的(https://www.nginx.com/resources/wiki/start/topics/examples/redhatnginxinit/),
#!/bin/sh
#
# nginx - this script starts and stops the nginx daemon
#
# chkconfig: - 85 15
# description: NGINX is an HTTP(S) server, HTTP(S) reverse \
# proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /etc/nginx/nginx.conf
# config: /etc/sysconfig/nginx
# pidfile: /var/run/nginx.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
# 特別注意,這里要調整你存放Nginx的目錄
nginx="/usr/local/nginx/sbin/nginx"
prog=$(basename $nginx)
# 特別注意,這里要調整你存放Nginx的目錄
NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf"
[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx
lockfile=/var/lock/subsys/nginx
make_dirs() {
# make required directories
user=`$nginx -V 2>&1 | grep "configure arguments:.*--user=" | sed 's/[^*]*--user=\([^ ]*\).*/\1/g' -`
if [ -n "$user" ]; then
if [ -z "`grep $user /etc/passwd`" ]; then
useradd -M -s /bin/nologin $user
fi
options=`$nginx -V 2>&1 | grep 'configure arguments:'`
for opt in $options; do
if [ `echo $opt | grep '.*-temp-path'` ]; then
value=`echo $opt | cut -d "=" -f 2`
if [ ! -d "$value" ]; then
# echo "creating" $value
mkdir -p $value && chown -R $user $value
fi
fi
done
fi
}
start() {
[ -x $nginx ] || exit 5
[ -f $NGINX_CONF_FILE ] || exit 6
make_dirs
echo -n $"Starting $prog: "
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
killproc $prog -QUIT
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
configtest || return $?
stop
sleep 1
start
}
reload() {
configtest || return $?
echo -n $"Reloading $prog: "
killproc $prog -HUP
retval=$?
echo
}
force_reload() {
restart
}
configtest() {
$nginx -t -c $NGINX_CONF_FILE
}
rh_status() {
status $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart|configtest)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
exit 2
esac
- 賦值檔案執行權限
chmod a+x /etc/init.d/nginx
- 將nginx服務加入chkconfig管理串列
chkconfig --add /etc/init.d/nginx
- 設定開機自啟
chkconfig nginx on
- 其他操作命令
# 啟動nginx
service nginx start
# 停止nginx
service nginx stop
# 重啟nginx
service nginx restart
nginx常見配置
靜態網站
server {
listen 80;
server_name www.rocky.com;
return 301 https://$server_name$request_uri;
location / {
alias /web/rocky/;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
SSL配置
server {
listen 443 ssl;
server_name www.rocky.com;
ssl_certificate /web/cert/1_www.rocky.com_bundle.crt;
ssl_certificate_key /web/cert/2_www.rocky.com.cn.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
alias /web/rocky/;
}
}
代理轉發
server {
listen 443 ssl;
server_name api.rocky.com;
ssl_certificate 1_api.rocky.com_bundle.crt;
ssl_certificate_key 2_api.rocky.com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:8080/shop/;
# 轉發cookie
proxy_cookie_path /shop /;
# 域名轉發
proxy_set_header Host $host;
proxy_redirect off;
# IP轉發
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 60;
proxy_read_timeout 600;
proxy_send_timeout 600;
}
}
映射靜態資源
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://127.0.0.1:8080/rocky/;
proxy_cookie_path /crazyandrew /;
client_max_body_size 1000m;
}
# http://locahost/image/demo1.jpg映射到/upload/image/demo1.jpg
location /image/ {
root /upload/image/;
rewrite ^/image/(.*)$ \$1 break;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
http和https共存
server {
listen 80 default backlog=2048;
listen 443 ssl;
server_name www.rocky.com;
root /web/rocky;
ssl_certificate 1_api.rocky.com_bundle.crt;
ssl_certificate_key 2_api.rocky.com.key;
}
轉載請註明出處,本文鏈接:https://www.uj5u.com/ruanti/301718.html
標籤:其他
下一篇:WLAN加密技術詳解