#安装nginx依赖、初始化服务
yum install -y gcc gdb strace gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs patch e2fsprogs-devel krb5-devel libidn libidn-devel openldap-devel nss_ldap openldap-clients openldap-servers libevent-devel libevent uuid-devel uuid mysql-devel libxslt-devel gd* perl perl-devel gzip openssl openssl-devel vim
#下载编译安装
wget http://nginx.org/download/nginx-1.9.3.tar.gz
tar -xf nginx-1.9.3.tar.gz
#下载扩展模块
yum install git -y
#下载 substitutions 的源码
git clone https://github.com/yaoweibin/ngx_http_substitutions_filter_module
#下载google代理模块ngx_http_google_filter_module
git clone https://github.com/cuber/ngx_http_google_filter_module
#安装nginx
cd ./nginx-1.9.3
#预编译模式一
./configure \
–prefix=/usr/local/nginx –http-client-body-temp-path=/var/lib/nginx/body –http-fastcgi-temp-path=/var/lib/nginx/fastcgi –http-proxy-temp-path=/var/lib/nginx/proxy –http-scgi-temp-path=/var/lib/nginx/scgi –http-uwsgi-temp-path=/var/lib/nginx/uwsgi –with-debug –with-pcre-jit –with-ipv6 –with-http_ssl_module –with-http_stub_status_module –with-http_realip_module –with-http_auth_request_module –with-http_addition_module –with-http_dav_module –with-http_gzip_static_module –with-http_spdy_module –with-http_sub_module –with-mail –with-mail_ssl_module \
–add-module=../ngx_http_substitutions_filter_module \
–add-module=../ngx_http_google_filter_module
#注意预编译报错问题的修复
#预编译模式二:该模式下模块较多,依赖也较多:gd库、zlib依赖、image依赖等等
–prefix=/usr/share/nginx –conf-path=/etc/nginx/nginx.conf –http-log-path=/var/log/nginx/access.log –error-log-path=/var/log/nginx/error.log –lock-path=/var/lock/nginx.lock –pid-path=/run/nginx.pid –http-client-body-temp-path=/var/lib/nginx/body –http-fastcgi-temp-path=/var/lib/nginx/fastcgi –http-proxy-temp-path=/var/lib/nginx/proxy –http-scgi-temp-path=/var/lib/nginx/scgi –http-uwsgi-temp-path=/var/lib/nginx/uwsgi –with-debug –with-pcre-jit –with-ipv6 –with-http_ssl_module –with-http_stub_status_module –with-http_realip_module –with-http_auth_request_module –with-http_addition_module –with-http_dav_module –with-http_geoip_module –with-http_gzip_static_module –with-http_image_filter_module –with-http_spdy_module –with-http_sub_module –with-http_xslt_module –with-mail –with-mail_ssl_module \
<span style=”color: rgb(4, 51, 255);”–<add-module=../ngx_http_substitutions_filter_module \
<span style=”color: rgb(4, 51, 255);”–<add-module=../ngx_http_google_filter_module
#编译、安装
make && make install
mkdir -pv /var/lib/nginx/body
mkdir -pv /var/log/nginx/
mkdir -pv /usr/local/nginx/conf/vhost/
vim /usr/local/nginx/conf/nginx.conf
#user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main ‘$remote_addr – $remote_user [$time_local] “$request” ‘ # ‘$status $body_bytes_sent “$http_referer” ‘ # ‘”$http_user_agent” “$http_x_forwarded_for”‘; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; include /usr/local/nginx/conf/vhost/*; } |
vim /usr/local/nginx/conf/vhost/google.conf #下面的网址都是直接替换成自己的,这里使用了aws的美国EC2
# upstream配置google的ip,ip可以通过 nslookup www.google.com 命令获取, # 多运行几次nslookup会获取到多个IP,有助于避免触发google的防机器人检测。 upstream www.google.com { server 172.217.0.4:443 weight=1; server 172.217.1.36:443 weight=1; server 216.58.193.196:443 weight=1; server 216.58.216.4:443 weight=1; server 216.58.216.36:443 weight=1; server 216.58.219.36:443 weight=1; server 74.125.25.99:443 weight=1; server 74.125.25.103:443 weight=1; server 74.125.25.104:443 weight=1; server 74.125.25.105:443 weight=1; server 74.125.25.106:443 weight=1; server 74.125.25.147:443 weight=1; } # 这里将http的访问强制跳转到https,ec2-34-208-131-86.us-west-2.compute.amazonaws.com改为自己的域名。 server { listen 80; server_name ec2-34-208-131-86.us-west-2.compute.amazonaws.com; # http to https location / { rewrite ^/(.*)$ https://ec2-34-208-131-86.us-west-2.compute.amazonaws.com$1 permanent; } } # https的设置 server { listen 443 ssl; server_name ec2-34-208-131-86.us-west-2.compute.amazonaws.com; resolver 8.8.8.8; # SSL证书的设置,<path to ssl.xxx>改为自己的证书路径 ssl on; ssl_certificate /usr/local/nginx/ssl.crt; ssl_certificate_key /usr/local/nginx/ssl.key; # 防止网络爬虫 #forbid spider if ($http_user_agent ~* “qihoobot|Baiduspider|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners -Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider |Sogou web spider|MSNBot|ia_archiver|Tomato Bot”) { return 403; } # 禁止用其他域名或直接用IP访问,只允许指定的域名 #forbid illegal domain if ( $host != “ec2-34-208-131-86.us-west-2.compute.amazonaws.com” ) { return 403; } access_log off; error_log on; error_log /var/log/nginx/google-proxy-error.log; # 编译时加了 ngx_http_google_filter_module 模块,location的设置就非常简单 location / { google on; } } |
cd /usr/local/nginx
openssl 根据自己的需要使用CA证书或者私有证书
openssl genrsa -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in ssl.csr -signkey server.key -out ssl.crt
/usr/local/nginx/sbin/nginx -t
/usr/local/nginx/sbin/ngin