Nginx 1.24.0 部署脚本
安装包存储目录:/opt/source
nginx部署目录:/opt/nginx
目录结构如下:
/opt/nginx
├── client_body_temp
├── conf
├── fastcgi_temp
├── html
├── logs
├── proxy_temp
├── sbin
├── scgi_temp
└── uwsgi_temp
安装脚本如下
#! /bin/bash
echo "安装相关依赖"
yum install gcc gcc-c++ make libtool zlib zlib-devel openssl openssl-devel pcre pcre-devel -y
if [ ! -d /opt/source ];then
mkdir -p /opt/source
fi
echo "下载最新稳定版nginx"
wget -P /opt/source https://nginx.org/download/nginx-1.24.0.tar.gz
echo "解压nginx压缩包"
tar -xzvf /opt/source/nginx-1.24.0.tar.gz -C /opt/source
if [ ! $? -eq 0 ];then
echo "解压出现异常"
exit 1
fi
echo "开始编译安装nginx"
cd /opt/source/nginx-1.24.0
./configure --prefix=/opt/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module && make && make install
if [ ! $? -eq 0 ];then
echo "nginx安装出现异常"
exit 1
fi
cat > /opt/nginx/conf/nginx.conf << EOF
worker_processes auto;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format my_log '\$remote_addr - \$remote_user [\$time_local] "\$request" '
'\$status \$body_bytes_sent "\$http_referer" '
'"\$http_user_agent" "\$http_x_forwarded_for"';
sendfile on;
keepalive_timeout 300;
client_body_buffer_size 10M;
client_max_body_size 10M;
# 开启gzip
gzip on;
gzip_buffers 32 4K;
gzip_comp_level 6;
gzip_min_length 100;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
gzip_vary on;
# 隐藏NGINX 版本
server_tokens off;
# 安全标头
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies value;
add_header X-Download-Options "noopen" always;
add_header 'Referrer-Policy' 'origin';
add_header X-Frame-Options SAMEORIGIN;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header X-XSS-Protection "1; mode=block";
# 开启websocket
map \$http_upgrade \$connection_upgrade {
default upgrade;
'' close;
}
include ./vhosts/*.conf;
}
EOF
mkdir -p /opt/nginx/conf/vhosts
cat > /opt/nginx/conf/vhosts/nginx.conf << EOF
server {
listen 80;
server_name localhost;
access_log /opt/nginx/logs/access.log my_log;
error_log /opt/nginx/logs/error.log;
location ~* \.(zip|rar|tar|jar)\$ {
deny all;
}
location / {
root html;
index index.html index.htm;
}
location ~* /(swagger|api-docs|actuator){
deny all;
return 404;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
EOF
/opt/nginx/sbin/nginx -t
if [ ! $? -eq 0 ];then
echo "请检查nginx配置文件"
exit 1
fi
echo "将nignx 配置成服务"
cat > /usr/lib/systemd/system/nginx.service << EOF
[Unit]
Description=nginx
After=network.target
[Service]
Type=forking
ExecStart=/opt/nginx/sbin/nginx -c /opt/nginx/conf/nginx.conf
ExecReload=/opt/nginx/sbin/nginx -s reload
ExecStop=/opt/nginx/sbin/nginx -s stop
PrivateTmp=true
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl start nginx
sleep 5
ss -ntaulp |grep 80
if [ ! $? -eq 0 ];then
echo "请检查nginx 服务配置"
exit 0
else
echo " nginx 部署已完成"
fi
systemctl enable nginx