目标
在CentOS8上源码编译安装Nginx1.20
步骤
$ cat /etc/redhat-release
CentOS Linux release 8.4.2105
# 安装依赖
sudo dnf install gcc pcre pcre-devel zlib zlib-devel openssl openssl-devel wget make vim firewalld
# 下载源代码
wget https://nginx.org/download/nginx-1.20.1.tar.gz
# 解压
tar -zxvf nginx-1.20.1.tar.gz
cd nginx-1.20.1/
# 编译配置
./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_realip_module
# 编译
make
# 安装
sudo make install
cd /usr/local/nginx/sbin
# 验证nginx安装
$ ./nginx -V
nginx version: nginx/1.20.1
built by gcc 8.4.1 20200928 (Red Hat 8.4.1-1) (GCC)
built with OpenSSL 1.1.1g FIPS 21 Apr 2020
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --with-http_ssl_module --with-http_realip_module
# 测试nginx
$ sudo ./nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
配置 vim:
cd ~/nginx-1.20.1/
mkdir ~/.vim/
# 配置vim对nginx配置语法高亮支持
cp -r contrib/vim/* ~/.vim/
配置用户:
# 查看当前系统是否已经存在用户nginx
cat /etc/passwd | grep nginx
# 查看当前系统是否存在用户组nginx
cat /etc/group | grep nginx
# 如果nginx已经存在,则新一个
sudo useradd --system --home /usr/local/nginx --shell /sbin/nologin --comment "nginx user" --user-group nginx
# 授权文件夹拥有者为nginx用户
sudo chown -R nginx /usr/local/nginx
# 授权文件夹用户组为nginx
sudo chgrp -R nginx /usr/local/nginx
SysV 配置:
sudo vim /usr/lib/systemd/system/nginx.service
具体内容:
[Service]
User=nginx
Group=nginx
Type=forking
ExecStartPre=/usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf
ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s stop
ExecQuit=/usr/local/nginx/sbin/nginx -s quit
[Install]
WantedBy=multi-user.target
修改 nignx 配置:
sudo vim /usr/local/nginx/conf/nginx.conf
...
worker_processes auto;
...
...
server_tokens off;
...
端口修改为 9999。
配置防火墙:
sudo firewall-cmd --zone=public --add-port=9999/tcp --permanent
sudo firewall-cmd --reload
# 查看防火墙
sudo firewall-cmd --list-all
# 第二种方式查看防火墙
sudo firewall-cmd --list-all --zone=public
再次配置 SysV 服务:
# 配置Sysv
sudo systemctl enable nginx.service
sudo systemctl daemon-reload
sudo systemctl start nginx.service
非root用户1024以下端口
setcap cap_net_bind_service=+eip /var/nginx/sbin/nginx
setcap将1024以下的端口网络权限,给非root用户使用,只给网络权限。