centos7部署nginx
下载:https://nginx.org/en/download.html
获取tar包上传/apps/xwsoft
安装:
1、解压
[root@localhost xwsoft]# tar -zxvf nginx-1.22.1.tar.gz
2、安装openssl 、zlib 、 gcc 依赖
yum -y install make zlib zlib-devel gcc-c++ libtool openssl openssl-devel
3、更名,进入源码目录,进行配置
[root@localhost xwsoft]# mv nginx-1.22.1 nginx
[root@localhost xwsoft]# cd nginx
4、编译、安装
./configure --with-stream
make && make install
普通用户用以下指令编译
./configure --prefix=/app/nginx --with-http_ssl_module --with-stream
make && make install
5、启动
在/usr/local/nginx/sbin
cd /usr/local/nginx/sbin
[root@localhost sbin]# ./nginx
查看进程
[root@localhost sbin]# ps -ef |grep nginx
6、验证:或者浏览器访问
[root@localhost sbin]# curl http://localhost:80
7、Nginx 控制命令
cd /usr/local/nginx/sbin
./sbin/nginx # 启动nginx
./sbin/nginx -s reload # 重新加载 nginx
./sbin/nginx -s stop # 关闭(强制)
./sbin/nginx -s quit # 优雅关闭(等请求处理完后关闭)
./nginx -v #查看 nginx 版本号
问题:
新增stream失败
解决步骤:
1)如果初始化未带上,需要带上重新初始化:./configure --with-stream,,再执行make,,再拷贝新的nginx启动命令到sbin下,原来的改名
[root@localhost sbin]# cp /apps/xwsoft/nginx/objs/nginx /usr/local/nginx/sbin
2)stream流模块不能在http里面,配置在http上面
问题2:
nginx -s reload报错
nginx: [error] open() “/usr/local/nginx/logs/nginx.pid” failed (2: No such file or directory)
执行以下指令即可
/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
nginx.conf配置文件
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 65535;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 8888 default;
#server_name localhost;
#location /XXXX/ {
# proxy_pass http://api;
# proxy_set_header Host $host:$server_port;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#}
#
#
#后端包位置
###外网包
location /cameraPlat/ {
proxy_pass http://192.168.1.2:18081/cameraPlat/;
proxy_buffer_size 40960k;
proxy_buffers 16 40960k;
proxy_busy_buffers_size 40960k;
proxy_temp_file_write_size 40960k;
}
###内网
location /cameraPlatLan/ {
proxy_pass http://10.77.0.8:18082/cameraplatLan/;
proxy_buffer_size 40960k;
proxy_buffers 16 40960k;
proxy_busy_buffers_size 40960k;
proxy_temp_file_write_size 40960k;
}
#前端包、静态文件位置:/home/app_code
location / {
root /home/app_code;
index index.html index.htm ;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
add_header X-Content-Type-Options nosniff;
add_header X-Xss-Protection: 1;
add_header X-Xss-Protection: mod=block;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header Referrer-Policy "origin-when-crossorigin";
add_header 'Referrer-Policy' 'origin';
add_header 'Referrer-Policy' 'unsafe-url';
add_header X-Permitted-Cross-Domain-Policies value;
add_header X-Download-Options "noopen" always;
#add_header Content-Security-Policy "upgrade-insecure-requests;content *;img-src '*'";
############ CSP安全机制 前端访问拒绝,可以注销 #############
add_header Content-Security-Policy "default-src 'self'; style-src * 'unsafe-inline'; img-src * data:; object-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; font-src * data:; worker-src * blob:;";
#add_header X-Frame-Options SAMEORIGIN;
add_header X-Frame-Options ALLOWALL;
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}