#安装准备
yum -y update
yum -y install gcc gcc-c++ make pcre pcre-devel zlib zlib-devel openssl openssl-devel zlib-devel libxml2 libxslt-devel gd-devel
移动成隐藏目录
wget http://nginx.org/download/nginx-1.18.0.tar.gz
tar -xvf nginx-1.18.0.tar.gz
mv nginx-1.18.0 .nginx
cd .nginx/
useradd -s /sbin/nongin nginx
配置模块
模块配置功能介绍
./configure --user=nginx --group=nginx --prefix=/etc/nginx --conf-path=/etc/nginx/nginx.conf \
--http-log-path=/var/log/nginx/access.log \
--error-log-path=/var/log/nginx/error.log \
--lock-path=/var/lock/nginx.lock \
--pid-path=/run/nginx.pid \
--modules-path=/etc/nginx/modules \
--http-client-body-temp-path=/etc/nginx/body \
--http-fastcgi-temp-path=/etc/nginx/fastcgi \
--http-proxy-temp-path=/etc/nginx/proxy \
--http-scgi-temp-path=/etc/nginx/scgi \
--http-uwsgi-temp-path=/etc/nginx/uwsgi \
--with-debug \
--with-pcre-jit \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_realip_module \
--with-http_auth_request_module \
--with-http_v2_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_slice_module \
--with-threads \
--with-compat \
--with-file-aio \
--with-http_addition_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_image_filter_module=dynamic \
--with-http_sub_module \
--with-http_xslt_module=dynamic \
--with-stream=dynamic \
--with-stream_ssl_module \
--with-stream_realip_module
编译安装
make -j4 && make install
ln -sf /etc/nginx/sbin/nginx /usr/sbin/nginx
mkdir /etc/nginx/conf.d/
复制配置文件
vim /etc/nginx/nginx.conf
user nginx;
worker_processes auto;
worker_cpu_affinity auto;
worker_priority -5; #设置worker进程的优先级别
worker_rlimit_nofile 655350;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
use epoll; #epoll是多路复用IO
worker_connections 65535;
accept_mutex on;
multi_accept on;
#Http服务器时,设置max_client=worker_processes*worker_connections/2
#反向代理时,设置max_client=worker_processes*worker_connections/4
#==最大可用客户端数
#max_client
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#日志改成 JSON 格式
log_format access_json '{"@timestamp":"$time_iso8601",'
'"host":"$server_addr",'
'"clientip":"$remote_addr",'
'"size":$body_bytes_sent,'
'"responsetime":$request_time,'
'"upstreamtime":"$upstream_response_time",'
'"upstreamhost":"$upstream_addr",'
'"http_host":"$host",'
'"uri":"$uri",'
'"domain":"$host",'
'"xff":"$http_x_forwarded_for",'
'"referer":"$http_referer",'
'"tcp_xff":"$proxy_protocol_addr",'
'"http_user_agent":"$http_user_agent",'
'"status":"$status"}';
#关闭错误页面中的nginx版本号等信息
server_tokens off;
#sendfile指令指定nginx是否调用sendfile函数(zero copy方式)来输出文件
#一般设为on,如果用来进行下载等应用磁盘IO重负载应用,可设置为 off,降低系统的uptime
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65; #连接超时时间
types_hash_max_size 2048;
ssl_prefer_server_ciphers on;
#指定日志格式
access_log /var/log/nginx/access.log access_json;
error_log /var/log/nginx/error.log;
#开启gzip压缩
gzip on;
gzip_vary on;
#允许或禁止压缩基于请求和相应的响应流,any代表压缩所有请求
gzip_proxied any;
#==启用压缩的最少字节数,如果请求小于1024字节则不压缩,压缩过程会消耗系统资源
gzip_min_length 1024;
#==数据压缩等级,1-9之间,9最慢压缩比最大,压缩比越大对系统性能要求越高
gzip_comp_level 2;
#需要压缩的数据格式
gzip_types text/plain text/css text/xml text/javascript application/json application/x-javascript application/xml application/xml+rss;
#限制每个 ip 的连接数
limit_conn_zone $binary_remote_addr zone=req_limit_per_ip:10;
#限制每个 ip 每秒的请求数
limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=10r/s;
#静态文件缓存
#==开启缓存的同时也指定了缓存文件的最大数量,20s如果文件没有被请求则删除缓存
open_file_cache max=100000 inactive=20s;
#==多长时间检查一次缓存的有效期
open_file_cache_valid 30s;
#==有效期内缓存文件最小的访问次数,只有访问超过2次的才会被缓存
open_file_cache_min_uses 2;
#当搜索一个文件时是否缓存错误信息
open_file_cache_errors on;
#==允许客户端请求的最大单文件字节数
client_max_body_size 10m;
#==客户端请求头缓冲区大小
client_header_buffer_size 4k;
#是否启用对发送给客户端的URL进行修改
proxy_redirect off;
#后端的Web服务器可以通过X-Forwarded-For获取用户真实IP
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#==nginx跟后端服务器连接超时时间(代理连接超时)
proxy_connect_timeout 60;
#==连接成功后,后端服务器响应时间(代理接收超时)
proxy_read_timeout 120;
#==后端服务器数据回传时间(代理发送超时)
proxy_send_timeout 20;
#==设置代理服务器(nginx)保存用户头信息的缓冲区大小
proxy_buffer_size 32k;
#==proxy_buffers缓冲区
proxy_buffers 32 256k;
#==高负荷下缓冲大小(proxy_buffers*2)
proxy_busy_buffers_size 512k;
#==设定缓存文件夹大小,大于这个值,将从upstream服务器传
proxy_temp_file_write_size 512k;
#==1G内存缓冲空间,3天不用删除,最大磁盘缓冲空间2G
proxy_cache_path /home/cache levels=1:2 keys_zone=cache_one:1024m inactive=3d max_size=2g;
include /etc/nginx/conf.d/*.conf;
}
编写模本文件
vim /etc/nginx/conf.d/default.conf
#upstream admin {
# #ip_hash; #使用ip_hash和url_hash算法时weight不生效
# server 127.0.0.1:8080 weight=3 max_fails=3 fail_timeout=10s;
# check interval=1000 fall=2 rise=1 timeout=10000 default_down=true type=tcp;
# keepalive 1000;
#}
server {
keepalive_requests 120; #单连接请求上限次数
listen 80;
#listen 443 ssl;
server_name 127.0.0.1;
#ssl_certificate /etc/letsencrypt/live/bcd.246937.me/fullchain.pem;
#ssl_certificate_key /etc/letsencrypt/live/bcd.246937.me/privkey.pem;
# rewrite ^(.*)$ http://$host$1 permanent;
# 根据 cloudflare 网站请求头判断是IP
# if ($HTTP_CF_CONNECTING_IP !~ ^(59.110.45.92|18.176.69.109|182.239.82.103|18.163.189.255)) {
# #rewrite ^.*$ /maintence.php last
# return 404;
# }
location / {
root html;
index index.html;
}
# nginx监控
# location /ngxstatus {
# stub_status on;
# }
# location /app { #优化apk下载速度
# alias /etc/nginx/app/;
# default_type application/octet-stream;
# }
# 配置反向代理
# location ^~ /api/ {
# proxy_pass http://127.0.0.1:8089;
# }
}
制作system
vim /usr/lib/systemd/system/nginx.service
[Unit]
Description=nginx
After=network.target
[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStart=/etc/nginx/sbin/nginx -c /etc/nginx/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s TERM $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
授权
chmod +x /usr/lib/systemd/system/nginx.service
重新加载
systemctl daemon-reload
开机启动
systemctl enable nginx
开机不自启
systemctl disable nginx