安装准备
yum -y update
yum -y install gcc gcc-c++ make pcre pcre-devel zlib zlib-devel openssl openssl-devel zlib-devel libxml2 libxslt-devel gd-devel
下载
wget http://nginx.org/download/nginx-1.18.0.tar.gz
#解包
tar -xvf nginx-1.18.0.tar.gz
#移动成隐藏目录
mv nginx-1.18.0 .nginx
cd .nginx/
useradd -s /sbin/nongin nginx
编译
参数了解:https://blog.csdn.net/weixin_45444133/article/details/103978416
./configure --user=nginx --group=nginx --prefix=/etc/nginx --conf-path=/etc/nginx/nginx.conf \
--http-log-path=/var/log/nginx/access.log \
--error-log-path=/var/log/nginx/error.log \
--lock-path=/var/lock/nginx.lock \
--pid-path=/run/nginx.pid \
--modules-path=/etc/nginx/modules \
--http-client-body-temp-path=/etc/nginx/body \
--http-fastcgi-temp-path=/etc/nginx/fastcgi \
--http-proxy-temp-path=/etc/nginx/proxy \
--http-scgi-temp-path=/etc/nginx/scgi \
--http-uwsgi-temp-path=/etc/nginx/uwsgi \
--with-debug \
--with-pcre-jit \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_realip_module \
--with-http_auth_request_module \
--with-http_v2_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_slice_module \
--with-threads \
--with-compat \
--with-file-aio \
--with-http_addition_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_image_filter_module=dynamic \
--with-http_sub_module \
--with-http_xslt_module=dynamic \
--with-stream=dynamic \
--with-stream_ssl_module \
--with-stream_realip_module
安装
make -j4 && make install
ln -sf /etc/nginx/sbin/nginx /usr/sbin/nginx
mkdir /etc/nginx/conf.d/
覆盖配置文件
cp /etc/nginx/nginx.conf /etc/nginx/nginx.bak
cat >/etc/nginx/nginx.conf <<EOF
#user www-data;
worker_processes auto;
worker_cpu_affinity auto;
worker_priority -5; #设置worker进程的优先级别
worker_rlimit_nofile 655350;
#pid logs/nginx.pid;
events {
use epoll; #epoll是多路复用IO
worker_connections 65535;
accept_mutex on;
multi_accept on;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '\$remote_addr - \$remote_user [\$time_local] "\$request" '
'\$status \$body_bytes_sent "\$http_referer" '
'"\$http_user_agent" "\$http_x_forwarded_for"';
#access_log logs/access.log main;
#关闭错误页面中的nginx版本号等信息
server_tokens off;
#sendfile指令指定nginx是否调用sendfile函数(zero copy方式)来输出文件
#一般设为on,如果用来进行下载等应用磁盘IO重负载应用,可设置为 off,降低系统的uptime
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65; #连接超时时间
client_header_timeout 15;
client_body_timeout 15;
types_hash_max_size 2048;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
#开启gzip压缩
gzip on;
gzip_vary on;
#允许或禁止压缩基于请求和相应的响应流,any代表压缩所有请求
gzip_proxied any;
#启用压缩的最少字节数,如果请求小于1024字节则不压缩,压缩过程会消耗系统资源
gzip_min_length 1k;
#压缩缓冲区大小,表示申请4个单位为32k的内存作为压缩结果的缓存
gzip_buffers 4 32k;
#压缩版本,用于设置识别HTTP协议版本
gzip_http_version 1.1;
#数据压缩等级,1-9之间,9最慢压缩比最大,压缩比越大对系统性能要求越高
gzip_comp_level 2;
#需要压缩的数据格式
gzip_types text/plain text/css text/xml text/javascript application/json application/x-javascript application/xml application/xml+rss;
#静态文件缓存
#开启缓存的同时也指定了缓存文件的最大数量,20s如果文件没有被请求则删除缓存
open_file_cache max=100000 inactive=20s;
#多长时间检查一次缓存的有效期
open_file_cache_valid 30s;
#有效期内缓存文件最小的访问次数,只有访问超过2次的才会被缓存
open_file_cache_min_uses 2;
#当搜索一个文件时是否缓存错误信息
open_file_cache_errors on;
#允许客户端请求的最大单文件字节数
client_max_body_size 10m;
#客户端请求头缓冲区大小
client_header_buffer_size 4k;
#域名太长
server_names_hash_bucket_size 64;
#是否启用对发送给客户端的URL进行修改
proxy_redirect off;
#服务器连接的超时时间
proxy_connect_timeout 10;
#连接成功后,等候后端服务器响应时间
proxy_read_timeout 120;
#后端服务器数据回传时间
proxy_send_timeout 25;
#缓冲区的大小
proxy_buffer_size 32k;
#每个连接设置缓冲区的数量为number,每块缓冲区的大小为size
proxy_buffers 32 256k;
#高负荷下缓冲大小(proxy_buffers*2)
proxy_busy_buffers_size 512k;
#设置nginx每次写数据到临时文件的size(大小)限制
proxy_temp_file_write_size 512k;
#1G内存缓冲空间,3天不用删除,最大磁盘缓冲空间2G
proxy_cache_path /home/cache levels=1:2 keys_zone=cache_one:1024m inactive=3d max_size=2g;
include /etc/nginx/conf.d/*.conf;
}
EOF
制作模板
方便后期直接拷贝 修改
cat >/etc/nginx/conf.d/default.conf<<EOF
upstream template{
server 127.0.0.1:80;
server 127.0.0.1:81;
server 127.0.0.1:82;
}
server {
keepalive_requests 120; #单连接请求上限次数
listen 80;
server_name localhost;
#跨域
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
#禁用不安全的HTTP方法
if (\$request_method !~ ^(GET|HEAD|POST)$ ) {
return 403;
}
location / {
proxy_pass http://template;
proxy_http_version 1.1;
proxy_set_header Connection ""; #清除“connection”头字段
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
}
}
EOF
systemd 管理
cat >>/usr/lib/systemd/system/nginx.service<<EOF
[Unit]
Description=nginx
After=network.target
[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStart=/etc/nginx/sbin/nginx -c /etc/nginx/nginx.conf
ExecReload=/bin/kill -s HUP \$MAINPID
ExecStop=/bin/kill -s TERM \$MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
EOF
#授权
chmod +x /usr/lib/systemd/system/nginx.service
#重新加载
systemctl daemon-reload
#开机启动
systemctl enable nginx
#开机不自启
systemctl disable nginx