yum update
groupadd www && useradd -g www www -s /bin/false # 创建用户组www,创建用户www 所属组 www 设置不能登录
yum -y install zlib zlib-devel openssl* pcre pcre-devel gd-devel
因为上面的依赖包是二进制安装 所以--with-pcre --with-zlib --with-openssl 不需要加到参数里,如果非二进制包则要指定路径 --with-pcre=/usr/local/pcre/
wget http://nginx.org/download/nginx-1.12.0.tar.gz && tar xf nginx-1.12.0.tar.gz
./configure --prefix=/usr/local/nginx/ --user=www --group=www --with-http_stub_status_module --with-http_ssl_module --with-http_sub_module --with-http_realip_module --with-http_image_filter_module
make && make install
修改nginx.conf
cd /usr/local/nginx/conf/
cp nginx.conf nginx.conf.bak
vim nginx.conf
#设置nginx开机自启动
vi /etc/rc.d/init.d/nginx
#! /bin/bash
# chkconfig: 35 85 15
# description: Nginx is an HTTP(S) server, HTTP(S) reverse
set -e
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DESC="nginx daemon"
NAME=nginx
DAEMON=/usr/local/nginx/sbin/$NAME
SCRIPTNAME=/etc/init.d/$NAME
test -x $DAEMON || exit 0
d_start(){
$DAEMON || echo -n " already running"
}
d_stop() {
$DAEMON -s quit || echo -n " not running"
}
d_reload() {
$DAEMON -s reload || echo -n " counld not reload"
}
case "$1" in
start)
echo -n "Starting $DESC:$NAME"
d_start
echo "."
;;
stop)
echo -n "Stopping $DESC:$NAME"
d_stop
echo "."
;;
reload)
echo -n "Reloading $DESC configuration..."
d_reload
echo "reloaded."
;;
restart)
echo -n "Restarting $DESC: $NAME"
d_stop
sleep 2
d_start
echo "."
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|restart|reload}" >&2
exit 3
;;
esac
exit 0#加入系统服务并开机自启动
chmod 775 /etc/rc.d/init.d/nginx # 设置可执行权限
chkconfig nginx on # 添加系统服务
/etc/rc.d/init.d/nginx start # 开机自启动
#升级nginx
/root/oneinstack/src/nginx-*
rm -rf /usr/local/nginx/sbin/nginx
cp objs/nginx /usr/local/nginx/sbin/
service nginx restart
#把nginx加入系统变量
echo 'export PATH=$PATH:/usr/local/nginx/sbin'>>/etc/profile && source /etc/profile
以后可以直接使用命令 service nginx (start|stop|restart)
cd /data/soft/src
cd pcre-8.42 && ./configure && make && make install
cd ../openssl-1.0.2o;./configure;make;make install
cd ../zlib-1.2.11;./configure;make;make install
cd nginx-1.14.0
./configure --prefix=/usr/local/nginx/ --user=www --group=www --conf-path=/usr/local/nginx/nginx.conf --pid-path=/usr/local/nginx/nginx.pid --with-http_ssl_module --with-pcre=/data/soft/src/pcre-8.42 --with-zlib=/data/soft/src/zlib-1.2.11 --with-openssl=/data/soft/src/openssl-1.0.2o
make;make install
# 升级编译nginx
查看ngixn版本极其编译参数
/usr/local/nginx/sbin/nginx -V
进入nginx源码目录
cd nginx-1.3.2
以下是重新编译的代码和模块
./configure --prefix=/usr/local/nginx--with-http_stub_status_module --with-http_ssl_module --with-file-aio --with-http_realip_module
make 千万别make install,否则就覆盖安装了
make完之后在objs目录下就多了个nginx,这个就是新版本的程序了
备份旧的nginx程序
cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak
把新的nginx程序覆盖旧的
cp objs/nginx /usr/local/nginx/sbin/nginx
测试新的nginx程序是否正确
/usr/local/nginx/sbin/nginx -t
nginx: theconfiguration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx:configuration file /usr/local/nginx/conf/nginx.conf test issuccessful
平滑重启nginx
/usr/local/nginx/sbin/nginx -s reload
查看ngixn版本极其编译参数
/usr/local/nginx/sbin/nginx -V
这是我重新编译的代码:
./configure --prefix=/usr/local/nginx --with-google_perftools_module --user=www --group=www --with-http_stub_status_module --with-http_gzip_static_module --with-openssl=/usr/ --with-pcre=/mydata/soft/pcre-8.31
# 常用命令
./nginx -v # 查看版本
./nginx # 启动
./nginx -s quit # 关闭, 推荐使用
./nginx -s stop # 关闭
./nginx -s reload # 重新加载nginx配置, 重启
# https-配置,端口转发
server {
listen 443;
server_name mp.juyy.com;
ssl on;
root html;
index index.html index.htm;
ssl_certificate ../cert/2856863_mp.juyy.com.pem;
ssl_certificate_key ../cert/2856863_mp.juyy.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location /.well-known {
alias /usr/local/nginx/conf/opt/;
allow all;
}
location / {
proxy_pass http://127.0.0.1:5555;
}
}
# nginx 配置跨域
add_header Access-Control-Allow-Origin '*';
#add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, DELETE, PUT, PATCH';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-XSRF-TOKEN';
Access-Control-Allow-Origin:允许的域名,只能填 *(通配符)或者单域名。
Access-Control-Allow-Methods: 允许的方法,多个方法以逗号分隔。
Access-Control-Allow-Headers: 允许的头部,多个方法以逗号分隔。
Access-Control-Allow-Credentials: 是否允许发送 Cookie。
# 开启目录浏览功能
location / {
root /www/wwwroot;
autoindex on; #开启目录浏览功能;
autoindex_exact_size off; #关闭详细文件大小统计,让文件大小显示MB,GB单位,默认为b;
autoindex_localtime on; #开启以服务器本地时区显示文件修改日期!
......
# 日志切割脚本
#!/bin/bash
#设置你的日志存放的目录
log_files_path="/mnt/usr/logs/"
#日志以年/月的目录形式存放
log_files_dir=${log_files_path}"backup/"
#设置需要进行日志分割的日志文件名称,多个以空格隔开
log_files_name=(access.log error.log)
#设置nginx的安装路径
nginx_sbin="/mnt/usr/sbin/nginx -c /mnt/usr/conf/nginx.conf"
#Set how long you want to save
save_days=10
############################################
#Please do not modify the following script #
############################################
mkdir -p $log_files_dir
log_files_num=${#log_files_name[@]}
#cut nginx log files
for((i=0;i<$log_files_num;i++));do
mv ${log_files_path}${log_files_name[i]} ${log_files_dir}${log_files_name[i]}_$(date -d "yesterday" +"%Y%m%d")
done
$nginx_sbin -s reload
# 图片防盗链
https://abc.htmltoo.com/thread-46496.htm
#301跳转
#301-START
if ($host ~ '^htmltoo.com'){
return 301 https://www.htmltoo.com$request_uri;
}
#301-END
#配置https
listen 443 ssl http2;
......
#SSL
ssl_certificate /etc/nginx/conf.d/cert/tongji.htmltoo.com/fullchain.pem;
ssl_certificate_key /etc/nginx/conf.d/cert/tongji.htmltoo.com/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
error_page 497 https://$host$request_uri;
#SSL-END
#自动跳转https
#HTTP_TO_HTTPS_START
if ($server_port !~ 443){
rewrite ^(/.*)$ https://$host$1 permanent;
}
#HTTP_TO_HTTPS_END
# nginx修改并隐藏版本号
---默认值是on,表示显示版本信息,设置server_tokens值是off,就可以在所有地方隐藏nginx的版本信息。
http{
...
server_tokens off;
...
}
# 关闭apache/nginx, error.log,access.log日志,防止输出
vi http.conf # apache
在前面加“#”号应该就可以了。
#ErrorLog logs/error.log;
#CustomLog logs/access.log common;
vi nginx.conf # nginx
access_log /dev/null;
error_log /dev/null crit;
nginx的error_log类型如下(从左到右:debug最详细 crit最少):
[ debug | info | notice | warn | error | crit ]
例如:error_log logs/nginx_error.log crit;
解释:日志文件存储在nginx安装目录下的 logs/nginx_error.log ,错误类型为 crit ,也就是记录最少错误信息;
注意error_log off并不能关闭日志记录功能,它将日志文件写入一个文件名为off的文件中,如果你想关闭错误日志记录功能,应使用以下配置:
error_log /dev/null crit;
把存储位置设置到Linux的黑洞中去
#禁止访问目录
location ^~ /docs/ {
deny all;
}
location ^~ /view/ {
deny all;
}
#图片加载了100k以后进行限速,最高100k
location ~ .*\.(gif|jpg|jpeg|png|bmp) {
expires 30d;
limit_rate_after 100k;
limit_rate 100k;
}
#关闭favicon.ico日志
location = /favicon.ico {
log_not_found off;
access_log off;
}
#禁止访问的文件或目录
location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md) {
return 404;
}
#一键申请SSL证书验证目录相关设置
location ~ \.well-known{
allow all;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ {
expires 30d;
error_log off;
access_log /dev/null;
}
location ~ .*\.(js|css)?$ {
expires 12h;
error_log off;
access_log /dev/null;
}
access_log /dev/null;
error_log /dev/null crit;
# nginx - location 路径映射/反向代理/负载均衡/伪静态
https://abc.htmltoo.com/thread-46494.htm
---expires缓存调优
location ~* \.(jpg|jpeg|gif|png|ico|swf)$ {
expires 3y;
access_log off;
# gzip off;
}
location ~* \.(css|js)$ {
access_log off;
expires 3y;
}
location ~ ^/files/.*\.(php|php5)$ {
deny all;
}
location ~ ^/attachment/.*\.(php|php5)$ {
deny all;
}
---限制并发连接数和每秒请求数 limit_conn_zone&limit_req_zone
https://abc.htmltoo.com/thread-46493.htm
---auth_basic 密码 & webdav & autoindex 目录
https://abc.htmltoo.com/thread-46495.htm
---页面加密码
http://stool.chinaz.com/htpasswd
vi /etc/nginx/conf.d/htpasswd.user
ihunter:$apr1$pzy4DA9s$wKErJ9FXM.pvspkQsoYoe/
-nginx:
#AUTH_START
auth_basic “Authorization”; # nginx 认证用户和密码
auth_basic_user_file /etc/nginx/conf.d/htpasswd.user; # nginx认证文件目录 能够随意指定
#AUTH_END
-静态文件目录中文乱码
charset utf-8,gbk;
---负载均衡
https://abc.htmltoo.com/thread-44826.htm
---按照日期生成日志
# 日志时间
map $time_iso8601 $logdate {
'~^(?<ymd>\d{4}-\d{2}-\d{2})' $ymd;
default 'date-not-found';
}
access_log /data/file/logs/nginx/access-$logdate.log main;
error_log /data/file/logs/nginx/error.log warn;
open_log_file_cache max=10 inactive=20s min_uses=2 valid=1m;
-日志模块
open_log_file_cache max=10 inactive=20s min_uses=2 valid=1m;
max:设置缓存中的最大文件描述符数量。
inactive:设置一个时间,如果在设置的时间内没有使用此文件描述符,则自动删除次文件描述符。默认时间为10秒。是可选参数。
min_uses:在参数inactive指定的使用时间范围内,如果日志文件超过被使用的次数,则将该日志文件的描述符记入缓存。默认次数为1.
valid: 设置多长时间检查一次,看一看变量指定的日志文件路径与文件名是否仍然存在。默 认时间为 60秒。
---页面缓存
expires 24h; #缓存保存时间,24小时
expires 0; #不缓存
---nginx if 指令
https://abc.htmltoo.com/thread-46817.htm
---nginx - 流控
https://abc.htmltoo.com/thread-46818.htm
---添加了websocket支持
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
