linux 创建nginx用户,在Linux系统中搭建Nginx网站服务

关于Nginx

一款高性能、轻量级Web服务软件

稳定性高

系统资源消耗低

对HTTP并发连接的处理能力高

单台物理服务器可支持30000 ~ 50000个并发请求

Nginx编译安装

安装支持软件

[root@localhost opt] yum install gcc gcc-c++ make pcre-devel zlib-devel -y

创建运行用户、组

[root@localhost opt] useradd -M -s /sbin/nologin nginx

编译安装Nginx

[root@localhost ~] mount.cifs //192.168.100.10/lnmp /mnt/ //将本地nginx源码包挂载到mnt目录下

[root@localhost ~] cd /mnt/

[root@localhost mnt] tar zxvf nginx-1.12.2.tar.gz -C /opt/ //解压源码包到opt目录

[root@localhost mnt] cd /opt

[root@localhost opt] cd nginx-1.12.2/ //进入nginx安装包目录

[root@localhost nginx-1.12.2] ./configure \

--prefix=/usr/local/nginx \ //指定安装路径

--user=nginx \ //指定程序用户

--group=nginx \ //指定组

--with-http_stub_status_module //关联状态统计模块

[root@localhost nginx-1.12.2] make && make install //配置、安装

[root@localhost nginx-1.12.2] cd /usr/local/nginx/sbin //进入nginx安装后的命令目录

[root@localhost sbin] ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/ //建立软链接到sbin目录

[root@localhost sbin] nginx //执行开启服务

[root@localhost conf]# netstat -ntap | grep 80 //查看服务端口是否开启

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 31755/nginx: master

[root@localhost sbin] systemctl stop firewalld.service //关闭防火墙

[root@localhost sbin] setenforce 0 //关闭增强性安全功能

[root@localhost sbin] yum install elinks -y //安装检测网站工具

[root@localhost sbin] elinks http://localhost //检测网站是否开启

优化运行控制

[root@localhost sbin]# vim /etc/init.d/nginx //编辑运行控制脚本

#!/bin/bash

# chkconfig: - 99 20

# description: Nginx Service Control Script

PROG="/usr/local/nginx/sbin/nginx"

PIDF="/usr/local/nginx/logs/nginx.pid"

case "$1" in

start)

$PROG

;;

stop)

kill -s QUIT $(cat $PIDF)

;;

restart)

$0 stop

$0 start

;;

reload)

kill -s HUP $(cat $PIDF)

;;

*)

echo "Usage: $0 {start|stop|restart|reload}"

exit 1

esac

exit 0

:wq

[root@localhost sbin]# cd /etc/init.d

[root@localhost init.d]# chmod +x nginx //给脚本添加执行权限

[root@localhost init.d]# chkconfig --add nginx //将脚本添加到系统环境

[root@localhost init.d]# service nginx start //使用service控制服务开启

配置文件

全局配置

#user nobody;

worker processes 1;

#error_ log logs/error.log;

#pid logs/nginx.pid;

I/0事件配置

events {

use epoll;

worker_connections 4096;

}

HTTP配置

http {

......

access_log logs/access.log main;

sendfile on;

......

keepalive_timeout 65;

server {

listen 80;

server name www.bt.com;

charset utf-8;

location / {

root html;

index index.html index.php; }

error_page 500 502 503 504 /50x.html;

location = /50x.html {

root html;}}

}

Nginx的访问状态统计

启用HTTPSTUB STATUS状态统计模块

配置编译参数时添加--with-http_ stub_ status_ module

nginx -V查看已安装的Nginx是否包含HTTP_ STUB_ _STATUS模块

[root@localhost init.d]# cd /usr/local/nginx/conf/ //进入配置文件目录

[root@localhost conf]# vim nginx.conf //编辑配置文件

...//省略部分内容...

server {

listen 80;

server_name www.kgc.com; //编辑域名

charset utf-8; //编辑字符串格式为utf-8

#access_log logs/host.access.log; //注释access日志文件

location / {

root html;

index index.html index.htm;

}

location /status {

stub_status on; //开启功能统计模块

access_log off;

}

...//省略部分内容...

:wq //保存退出

[root@localhost conf]# yum install bind -y //安装DNS服务

[root@localhost conf]# vim /etc/named.conf //常规配置DNS功能

...//省略部分内容...

options {

listen-on port 53 { any; };

listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

recursing-file "/var/named/data/named.recursing";

secroots-file "/var/named/data/named.secroots";

allow-query { any; };

...//省略部分内容...

:wq

[root@localhost conf]# vim /etc/named.rfc1912.zones

...//省略部分内容...

zone "kgc.com" IN {

type master;

file "kgc.com.zone";

allow-update { none; };

};

...//省略部分内容...

:wq

[root@localhost conf]# cd /var/named/

[root@localhost named]# cp -p named.localhost kgc.com.zone

[root@localhost named]# vim kgc.com.zone

$TTL 1D

@ IN SOA @ rname.invalid. (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

NS @

A 127.0.0.1

www IN A 192.168.144.133

:wq

[root@localhost named]# systemctl start named

[root@localhost named]# service nginx stop

[root@localhost named]# service nginx start

在客户机中打开浏览器输入域名www.kgc.com/status访问网站统计记录

授权的访问控制

配置步骤与Apache基本一致

生成用户密码认证文件

修改主配置文件对相应目录，添加认证配置项

重启服务，访问测试

[root@localhost ~]# vim /usr/local/nginx/conf/nginx.conf

server {

listen 80;

server_name www.kgc.com;

charset utf-8;

#access_log logs/host.access.log;

location / {

auth_basic "secret"; //插入设置密码验证

auth_basic_user_file /usr/local/nginx/passwd.db; //添加条目设置密码验证文件存放目录

root html;

index index.html index.htm;

}

location /status {

stub_status on;

access_log off;

}

:wq

[root@localhost ~]# yum install httpd-tools -y //安装生成密码设置文件

已加载插件：fastestmirror, langpacks

base | 3.6 kB 00:00:00

extras | 2.9 kB 00:00:00

...//省略部分内容...

已安装:

httpd-tools.x86_64 0:2.4.6-90.el7.centos

作为依赖被安装:

apr.x86_64 0:1.4.8-5.el7 apr-util.x86_64 0:1.5.2-6.el7

完毕！

[root@localhost ~]# htpasswd -c /usr/local/nginx/passwd.db test01 //创建密码验证文件

New password: //输入密码

Re-type new password: //再次输入

Adding password for user test01 //创建用户成功

[root@localhost ~]# cat /usr/local/nginx/passwd.db //查看创建的密码文件

test01:$apr1$T22NmXdU$yE8iwUxpaHcR95ZNosCUK0 //用户密码信息

[root@localhost ~]# service nginx stop //停止nginx服务

[root@localhost ~]# service nginx start //启动nginx服务

[root@localhost ~]# netstat -ntap | grep 80 //查看端口是否开启

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 8624/nginx:

再客户机中测试授权访问控制