nginx作为目前使用最为广泛的web应用程序,其强大的并发及灵活的配置让其成为每家公司必不可少的web应用,下面主要介绍nginx的编译安装及常用配置。
1、下载nginx;
访问http://nginx.org/,根据实际需要下载所需版本,一般情况下载最新的稳定版本,本次安装下载的为nginx-1.21.0版本;
2、安装nginx必须包,后面三个包是用于IP地址定位使用,根据需要安装,若找不到则不用安装;
yum install -y autoconf automake zlib zlib-devel openssl openssl-devel pcre pcre-devel gcc GeoIP GeoIP-devel GeoIP-data
3、解压安装包进行编译,常用就如下包,其他包根据需要进行添加,/app/nginx-1.21.0 为nginx安装目录;
./configure --prefix=/app/nginx-1.21.0 --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_secure_link_module --with-http_degradation_module --with-http_stub_status_module --with-mail --with-file-aio --with-mail_ssl_module --with-stream
make && make install
4、正常编译完成可以在/app/nginx-1.21.0 看到nginx相关目录;
[root@iZj6c50uqocpfbk7hykfqaZ themes]# ll /app/nginx-1.21.0/
total 36
drwx------ 2 app root 4096 Jun 8 09:57 client_body_temp
drwxr-xr-x 3 root root 4096 Jun 7 18:56 conf
drwx------ 2 app root 4096 Jun 7 18:58 fastcgi_temp
drwxr-xr-x 2 root root 4096 Jun 7 18:56 html
drwxr-xr-x 2 root root 4096 Jun 7 19:55 logs
drwx------ 2 app root 4096 Jun 7 18:58 proxy_temp
drwxr-xr-x 2 root root 4096 Jun 7 18:56 sbin
drwx------ 2 app root 4096 Jun 7 18:58 scgi_temp
drwx------ 2 app root 4096 Jun 7 18:58 uwsgi_temp
执行以下命令进行nginx启动,如无报错则表示nginx安装完毕,打开网页会出现nginx界面
[root@iZj6c50uqocpfbk7hykfqaZ themes]# /app/nginx-1.21.0/sbin/nginx
5、注册nginx为服务;
[root@iZj6c50uqocpfbk7hykfqaZ themes]# vim /lib/systemd/system/nginx.service
[Unit]
Description=nginx - high performance web server
Documentation=http://nginx.org/en/docs/
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/app/nginx-1.21.0/logs/nginx.pid
ExecStartPre=/app/nginx-1.21.0/sbin/nginx -t -c /app/nginx-1.21.0/conf/nginx.conf
ExecStart=/app/nginx-1.21.0/sbin/nginx -c /app/nginx-1.21.0/conf/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
保存以上文件即可,执行systemctl daemon-relaod重新加载服务,systemctl enable nginx设置开机自启动。
6、nginx常规配置,配置网站http、https、http强跳https等常规,其他配置方法参考其他文章;
A:网站http配置方法
## THE IP ADDRESS OF "dzesapi.test.tianxiazhida.com" ##
upstream dzesapi.t.tianxiazhida.com {
server 10.193.40.104:80;
}
## THE SERVER INFOMATION OF "dzesapi.test.tianxiazhida.com" ##
server {
listen 80;
server_name dzesapi.t.tianxiazhida.com;
access_log /app/nginx-1.16.1/logs/dzesapi.t.tianxiazhida.com.log main;
location / {
proxy_set_header SSL_CERT $ssl_client_cert;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://dzesapi.t.tianxiazhida.com;
client_max_body_size 100m;
proxy_connect_timeout 75s;
proxy_read_timeout 300s;
}
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
return 501;
}
}
B:网站https配置方法
## THE IP ADDRESS OF "h2h-test.tianxiazhida.com" ##
upstream h2h-test.tianxiazhida.com {
server 10.1.40.101:10285;
}
## THE SERVER INFOMATION OF "h2h-test.tianxiazhida.com" ##
server {
listen 80;
server_name h2h-test.tianxiazhida.com;
rewrite ^(.*)$ https://$host$1 permanent;
}
server {
listen 443 ssl;
server_name h2h-test.tianxiazhida.com;
ssl_certificate service2019.pem;
ssl_certificate_key service2019.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES';
ssl_prefer_server_ciphers on;
access_log /app/nginx-1.16.1/logs/h2h-test.tianxiazhida.com.log main;
location / {
proxy_set_header SSL_CERT $ssl_client_cert;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://h2h-test.tianxiazhida.com;
client_max_body_size 100m;
proxy_connect_timeout 75s;
proxy_read_timeout 300s;
#deny all;
}
if ($request_method !~ ^(GET|HEAD|POST|OPTIONS)$ ) {
return 501;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
log_not_found off;
access_log off;
}
}
文章评论