Nginx安装和配置
Linux下安装配置Nginx
安装编译工具和库文件
yum -y install make zlib zlib-devel gcc-c++ libtool openssl openssl-devel
nginx下载地址:nginx: download
安装 PCRE
PCRE 作用是让 Nginx 支持 Rewrite 功能。
#先解压
tar -zxvf pcre-8.35.tar.gz
#进入解压后文件
cd pcre-8.35
#编译安装
./configure
make && make install
#查看安装版本
pcre-config --version
安装Nginx
#解压
tar -zxvf nginx-1.20.0.tar.gz
#进入解压的文件夹
cd nginx-1.20.0
#编译安装
./configure --prefix=/usr/local/webserver/nginx --with-http_stub_status_module --with-http_ssl_module --with-pcre=/usr/local/src/pcre-8.35
#--prefix=安装路径
#--with-http_stub_status_module ###客户端模块
#--with-http_ssl_module ###ssl模块
#--with-pcre=/usr/local/src/pcre-8.35 ###pcre的路径
make
make install
编译命令执行成功后,在指定的编译路径(/usr/local/webserver/nginx)下,会有makefile文件
安装成功后,会生成sbin等文件夹
nginx.conf配置说明
#user nobody;
worker_processes 1; #工作进程:数目。根据硬件调整,通常等于cpu数量或者2倍cpu数量。#错误日志存放路径
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;#pid logs/nginx.pid; # nginx进程pid存放路径events {worker_connections 1024; # 工作进程的最大连接数量
}http {include mime.types; #指定mime类型,由mime.type来定义default_type application/octet-stream;# 日志格式设置#log_format main '$remote_addr - $remote_user [$time_local] "$request" '# '$status $body_bytes_sent "$http_referer" '# '"$http_user_agent" "$http_x_forwarded_for"';#access_log logs/access.log main; #用log_format指令设置日志格式后,需要用access_log来指定日志文件存放路径sendfile on; #指定nginx是否调用sendfile函数来输出文件,对于普通应用,必须设置on。如果用来进行下载等应用磁盘io重负载应用,可设着off,以平衡磁盘与网络io处理速度,降低系统uptime。#tcp_nopush on; #此选项允许或禁止使用socket的TCP_CORK的选项,此选项仅在sendfile的时候使用#keepalive_timeout 0; #keepalive超时时间keepalive_timeout 65;#gzip on; #开启gzip压缩服务#虚拟主机
########################################################################server {listen 80; #配置监听端口号server_name localhost; #配置访问域名,域名可以有多个,用空格隔开#charset koi8-r; #字符集设置#access_log logs/host.access.log main;location / {root html;index index.html index.htm;}#错误跳转页#error_page 404 /404.html; # redirect server error pages to the static page /50x.html#error_page 500 502 503 504 /50x.html;location = /50x.html {root html;}}
#########################################################################
当确认nginx启用ssl模块后
创建cert文件夹后
修改server部分
# HTTPS server#启用了ssl模块后使用#server {# listen 443 ssl; #监听端口# server_name localhost; #域名# ssl_certificate cert/cert.cer; #证书位置# ssl_certificate_key cert/cert.key; #私钥位置# ssl_session_cache shared:SSL:1m;# ssl_session_timeout 5m; #缓存有效期# ssl_protocols TLSv1.2; #安全链接可选的加密协议# ssl_ciphers HIGH:!aNULL:!MD5; #密码加密方式# ssl_prefer_server_ciphers on; # ssl_prefer_server_ciphers on; #使用服务器端的首选算法
Nginx启停
启动服务:./nginx
退出服务:./nginx -s quit
强制关闭服务:./nginx -s stop
重载服务:./nginx -s reload
(重载服务配置文件,类似于重启,但服务不会中止)
验证配置文件:./nginx -t
指定配置文件:./nginx -c "配置文件路径"
查看nginx使用了哪些模块:./nginx -V
http自动跳转https
#自动跳转到 HTTPS
if ($server_port = 80) {
rewrite ^(.*)$ https://$host$1 permanent;
}
location / {
root /home/sslcity/;
index index.php;
}
一般nginx配置
# For more information on configuration, see:# * Official English Documentation: http://nginx.org/en/docs/# * Official Russian Documentation: http://nginx.org/ru/docs/user nginx;worker_processes auto;error_log /var/log/nginx/error.log;pid /run/nginx.pid;# Load dynamic modules. See /usr/share/nginx/README.dynamic.include /usr/share/nginx/modules/*.conf;events {worker_connections 1024;}http {log_format main '$remote_addr - $remote_user [$time_local] "$request" ''$status $body_bytes_sent "$http_referer" ''"$http_user_agent" "$http_x_forwarded_for"';access_log /var/log/nginx/access.log main;sendfile on;tcp_nopush on;tcp_nodelay on;keepalive_timeout 65;types_hash_max_size 2048;gzip on;gzip_static on;gzip_min_length 1024;gzip_buffers 4 16k;gzip_comp_level 2;gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php application/vnd.ms-fontobject font/ttf font/opentype font/x-woff image/svg+xml;gzip_vary off;gzip_disable "MSIE [1-6]\.";include /etc/nginx/mime.types;default_type application/octet-stream;# Load modular configuration files from the /etc/nginx/conf.d directory.# See http://nginx.org/en/docs/ngx_core_module.html#include# for more information.include /etc/nginx/conf.d/*.conf;#http设置###########################################################################server {listen 80 default_server;listen [::]:80 default_server;server_name _;root /usr/share/nginx/html;# Load configuration files for the default server block.include /etc/nginx/default.d/*.conf;location / {}error_page 404 /404.html;location = /40x.html {}error_page 500 502 503 504 /50x.html;location = /50x.html {}}
#########################################################################https设置########################################################################server {listen 443;server_name mp.hanxing.store;ssl on;index index.html index.htm;ssl_certificate cert/cert_mp.hanxing.store.crt;ssl_certificate_key cert/cert_mp.hanxing.store.key;ssl_session_timeout 5m;ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_prefer_server_ciphers on;location / {root /public/sell/app/dist;index index.php index.html index.htm;}location /sell {proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header Host $http_host;proxy_set_header X-NginX-Proxy true;proxy_pass http://127.0.0.1:8080;proxy_redirect off;}error_page 404 /404.html;location = /40x.html {}error_page 500 502 503 504 /50x.html;location = /50x.html {}}
########################################################################
}
升级nginx过程
tar -zxvf nginx-1.14.2.tar.gz -C /usr/local/ 解压安装包
cd /usr/local/nginx-1.14.2
pkill -9 nginx 杀死nginx进程
ps -ef|grep nginx
./configure --prefix=/usr/local/nginx 配置configure
make 编译
cd ../nginx/sbin/ 进入旧的nginx文件夹
mv nginx nginx-old 备份旧的nginx
cd ../../nginx-1.14.2/objs/
mv nginx /usr/local/nginx/sbin/ 拷贝新的nginx
cd nginx/sbin/
./nginx -v 查看nginx版本
./nginx -t 查看配置文件是否正确
rm -rf /usr/local/nginx-1.14.2/ 删除更新文件
./nginx 启动nginx