nginx安装部署(rpm方式)
环境:
OS:Centos 7
nginx:1.26
1.下载安装介质
cd /soft
wget --no-check-certificate https://nginx.org/packages/centos/7/x86_64/RPMS/nginx-1.26.1-2.el7.ngx.x86_64.rpm
2.安装
cd /soft
rpm -ivh nginx-1.26.1-2.el7.ngx.x86_64.rpm
3.启动
systemctl start nginx
systemctl enable nginx
systemctl status nginx
4.创建普通用户
useradd -m hxl -s /bin/bash
passwd hxl
5.修改配置文件以普通用户启动同时调整其他参数
vi /etc/nginx/nginx.conf
user hxl;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 65535;
multi_accept on;
use epoll;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
log_format main '{"@timestamp":"$time_iso8601","server":"$hostname","clientip":"$remote_addr","xff":"$http_x_forwarded_for","domain":"$host","url":"$uri","referer":"$http_referer","args":"$args","upstreamtime":"$upstream_response_time","resptime":"$request_time","method":"$request_method","status":"$status","size":"$body_bytes_sent","req_len":"$request_length","protocol":"$server_protocol","upstreamhost":"$upstream_addr","useragent":"$http_user_agent","conns":"$connection","from":"nginx-dc"}';
access_log /var/log/nginx/access.log;
sendfile on;
tcp_nopush on;
types_hash_max_size 2048;
keepalive_timeout 300;
large_client_header_buffers 4 32k;
client_max_body_size 300m;
client_body_buffer_size 512k;
client_header_buffer_size 4k;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
gzip on;
include /etc/nginx/conf.d/*.conf;
}
6.修改项目目录权限
# 归属改为 hxl 用户组
chown -R yeemiao:yeemiao /usr/share/nginx/html
日志目录
chown -R yeemiao:yeemiao /var/log/nginx
chmod -R 755 /var/log/nginx
虚拟主机配置目录
chown -R yeemiao:yeemiao /etc/nginx/conf.d
7.重启
查看配置文件是否正确
[root@localhost conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@localhost conf.d]#systemctl restart nginx
[root@localhost conf.d]#systemctl status nginx
8.验证
http://192.168.1.14:80/
或是
curl 192.168.1.14:80
返回页面的配置文件如下:
[root@localhost soft]# more /etc/nginx/conf.d/default.conf
server {
listen 80;
server_name localhost;
#access_log /var/log/nginx/host.access.log main;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
说明:在这个目录下可以定义多个文件,常规做法是每个域名定义一个文件
比如在该目录下创建文件 dc-api.hxl.com.conf
内容如下:
server{
listen 80;
server_name dc-api.hxl.com;
return 301 https://$server_name/$request_uri;
}
server{
listen 443 ssl;
server_name dc-api.hxl.com;
ssl_certificate sslkey/_.hxl.com_bundle.crt;
ssl_certificate_key sslkey/_.hxl.com_RSA.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
ssl_prefer_server_ciphers on;
client_max_body_size 300M;
client_body_timeout 600s;
client_header_timeout 600s;
client_body_buffer_size 300M;
access_log /var/log/nginx/dc-api.hxl.com.log main;
#if ($scheme = http) {
# return 301 https://$host$request_uri;
#}
location / {
proxy_pass http://192.168.1.2:55576/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
}
location /bridge/ {
proxy_pass http://192.168.1.3:18200/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
}
location ~* \s(\.(svn|git|sql|bak|old|tar|gz|tgz|zip|7z|rar|DS_store)$){
deny all;
}
location ~* (\.(csv|inc|config|conf|sh|sw[op]|bash_rc|tmp|ht|log|db|entries)$) {
deny all;
}
}
浙公网安备 33010602011771号