nginx安装部署(rpm方式)

环境:
OS:Centos 7
nginx:1.26

1.下载安装介质
cd /soft
wget --no-check-certificate https://nginx.org/packages/centos/7/x86_64/RPMS/nginx-1.26.1-2.el7.ngx.x86_64.rpm

 

2.安装
cd /soft
rpm -ivh nginx-1.26.1-2.el7.ngx.x86_64.rpm

 

3.启动
systemctl start nginx
systemctl enable nginx
systemctl status nginx

 

4.创建普通用户
useradd -m hxl -s /bin/bash
passwd hxl


5.修改配置文件以普通用户启动同时调整其他参数
vi /etc/nginx/nginx.conf

user  hxl;
worker_processes  auto;

error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;


events {
    worker_connections  65535;
    multi_accept on;
    use epoll;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;


    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;

    log_format main '{"@timestamp":"$time_iso8601","server":"$hostname","clientip":"$remote_addr","xff":"$http_x_forwarded_for","domain":"$host","url":"$uri","referer":"$http_referer","args":"$args","upstreamtime":"$upstream_response_time","resptime":"$request_time","method":"$request_method","status":"$status","size":"$body_bytes_sent","req_len":"$request_length","protocol":"$server_protocol","upstreamhost":"$upstream_addr","useragent":"$http_user_agent","conns":"$connection","from":"nginx-dc"}';

    access_log  /var/log/nginx/access.log;
    sendfile        on;
    tcp_nopush     on;
    types_hash_max_size 2048;
    keepalive_timeout  300;

    large_client_header_buffers 4 32k;
    client_max_body_size 300m;
    client_body_buffer_size  512k;
    client_header_buffer_size 4k;

    map $http_upgrade $connection_upgrade {
           default upgrade;
           ''      close;
    }

    gzip  on;

    include /etc/nginx/conf.d/*.conf;
}

 

 

6.修改项目目录权限
# 归属改为 hxl 用户组
chown -R yeemiao:yeemiao /usr/share/nginx/html

日志目录
chown -R yeemiao:yeemiao /var/log/nginx
chmod -R 755 /var/log/nginx

虚拟主机配置目录
chown -R yeemiao:yeemiao /etc/nginx/conf.d


7.重启
查看配置文件是否正确
[root@localhost conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

[root@localhost conf.d]#systemctl restart nginx
[root@localhost conf.d]#systemctl status nginx


8.验证
http://192.168.1.14:80/
或是
curl 192.168.1.14:80

 

返回页面的配置文件如下:

[root@localhost soft]# more /etc/nginx/conf.d/default.conf 
server {
    listen       80;
    server_name  localhost;

    #access_log  /var/log/nginx/host.access.log  main;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #location ~ \.php$ {
    #    root           html;
    #    fastcgi_pass   127.0.0.1:9000;
    #    fastcgi_index  index.php;
    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    #    include        fastcgi_params;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}
}

 

说明:在这个目录下可以定义多个文件,常规做法是每个域名定义一个文件

 

 

比如在该目录下创建文件 dc-api.hxl.com.conf

内容如下:

 

server{
         listen       80;
         server_name  dc-api.hxl.com;
         return       301 https://$server_name/$request_uri;
}
server{
        listen 443 ssl;
        server_name  dc-api.hxl.com;

    ssl_certificate sslkey/_.hxl.com_bundle.crt;
        ssl_certificate_key sslkey/_.hxl.com_RSA.key;

        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
        ssl_prefer_server_ciphers on;
        client_max_body_size 300M;
        client_body_timeout 600s;
        client_header_timeout  600s;
        client_body_buffer_size  300M;

        access_log /var/log/nginx/dc-api.hxl.com.log main;

        #if ($scheme = http) {
        #       return 301 https://$host$request_uri;
        #}

        location / {
            proxy_pass http://192.168.1.2:55576/;
            proxy_redirect off;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_buffering off;
        }

        location /bridge/ {
            proxy_pass http://192.168.1.3:18200/;
            proxy_redirect off;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_buffering off;
        }


        location ~* \s(\.(svn|git|sql|bak|old|tar|gz|tgz|zip|7z|rar|DS_store)$){            
                    deny all;
        } 
        location ~* (\.(csv|inc|config|conf|sh|sw[op]|bash_rc|tmp|ht|log|db|entries)$) {
                    deny all;
        } 
}

 

posted @ 2026-07-03 10:39  slnngk  阅读(1)  评论(0)    收藏  举报