CentOS 7.6安装nginx
1、安装EPEL仓库
[root@ecs-lanxinmeichen nginx]# sudo yum install epel-release
Loaded plugins: fastestmirror, versionlock
Loading mirror speeds from cached hostfile
* epel: mirrors.aliyun.com
* remi: mirrors.tuna.tsinghua.edu.cn
* remi-safe: mirrors.tuna.tsinghua.edu.cn
mysql-connectors-community | 2.6 kB 00:00:00
mysql-tools-community | 2.6 kB 00:00:00
mysql57-community | 2.6 kB 00:00:00
remi-safe | 3.0 kB 00:00:00
updates | 2.9 kB 00:00:00
Resolving Dependencies
--> Running transaction check
---> Package epel-release.noarch 0:7-11 will be updated
---> Package epel-release.noarch 0:7-14 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
====================================================================================================================================
Package Arch Version Repository Size
====================================================================================================================================
Updating:
epel-release noarch 7-14 epel 15 k
Transaction Summary
====================================================================================================================================
Upgrade 1 Package
Total download size: 15 k
Is this ok [y/d/N]: y
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
epel-release-7-14.noarch.rpm | 15 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : epel-release-7-14.noarch 1/2
Cleanup : epel-release-7-11.noarch 2/2
Verifying : epel-release-7-14.noarch 1/2
Verifying : epel-release-7-11.noarch 2/2
Updated:
epel-release.noarch 0:7-14
Complete!
2、 安装nginx
[root@ecs-lanxinmeichen nginx]# sudo yum install nginx
Loaded plugins: fastestmirror, versionlock
Loading mirror speeds from cached hostfile
* epel: mirrors.aliyun.com
* remi: mirrors.tuna.tsinghua.edu.cn
* remi-safe: mirrors.tuna.tsinghua.edu.cn
Resolving Dependencies
--> Running transaction check
---> Package nginx.x86_64 1:1.20.1-10.el7 will be installed
--> Processing Dependency: nginx-filesystem = 1:1.20.1-10.el7 for package: 1:nginx-1.20.1-10.el7.x86_64
--> Processing Dependency: libcrypto.so.1.1(OPENSSL_1_1_0)(64bit) for package: 1:nginx-1.20.1-10.el7.x86_64
--> Processing Dependency: libssl.so.1.1(OPENSSL_1_1_0)(64bit) for package: 1:nginx-1.20.1-10.el7.x86_64
--> Processing Dependency: libssl.so.1.1(OPENSSL_1_1_1)(64bit) for package: 1:nginx-1.20.1-10.el7.x86_64
--> Processing Dependency: nginx-filesystem for package: 1:nginx-1.20.1-10.el7.x86_64
--> Processing Dependency: redhat-indexhtml for package: 1:nginx-1.20.1-10.el7.x86_64
--> Processing Dependency: libcrypto.so.1.1()(64bit) for package: 1:nginx-1.20.1-10.el7.x86_64
--> Processing Dependency: libssl.so.1.1()(64bit) for package: 1:nginx-1.20.1-10.el7.x86_64
--> Running transaction check
---> Package centos-indexhtml.noarch 0:7-9.el7.centos will be installed
---> Package nginx-filesystem.noarch 1:1.20.1-10.el7 will be installed
---> Package openssl11-libs.x86_64 1:1.1.1k-7.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
====================================================================================================================================
Package Arch Version Repository Size
====================================================================================================================================
Installing:
nginx x86_64 1:1.20.1-10.el7 epel 588 k
Installing for dependencies:
centos-indexhtml noarch 7-9.el7.centos base 92 k
nginx-filesystem noarch 1:1.20.1-10.el7 epel 24 k
openssl11-libs x86_64 1:1.1.1k-7.el7 epel 1.5 M
Transaction Summary
====================================================================================================================================
Install 1 Package (+3 Dependent packages)
Total download size: 2.1 M
Installed size: 5.3 M
Is this ok [y/d/N]: y
Downloading packages:
(1/4): centos-indexhtml-7-9.el7.centos.noarch.rpm | 92 kB 00:00:00
(2/4): nginx-1.20.1-10.el7.x86_64.rpm | 588 kB 00:00:00
(3/4): nginx-filesystem-1.20.1-10.el7.noarch.rpm | 24 kB 00:00:00
(4/4): openssl11-libs-1.1.1k-7.el7.x86_64.rpm | 1.5 MB 00:00:00
------------------------------------------------------------------------------------------------------------------------------------
Total 2.8 MB/s | 2.1 MB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : 1:openssl11-libs-1.1.1k-7.el7.x86_64 1/4
Installing : 1:nginx-filesystem-1.20.1-10.el7.noarch 2/4
Installing : centos-indexhtml-7-9.el7.centos.noarch 3/4
Installing : 1:nginx-1.20.1-10.el7.x86_64 4/4
Verifying : centos-indexhtml-7-9.el7.centos.noarch 1/4
Verifying : 1:nginx-filesystem-1.20.1-10.el7.noarch 2/4
Verifying : 1:nginx-1.20.1-10.el7.x86_64 3/4
Verifying : 1:openssl11-libs-1.1.1k-7.el7.x86_64 4/4
Installed:
nginx.x86_64 1:1.20.1-10.el7
Dependency Installed:
centos-indexhtml.noarch 0:7-9.el7.centos nginx-filesystem.noarch 1:1.20.1-10.el7 openssl11-libs.x86_64 1:1.1.1k-7.el7
Complete!
3、测试是否安装成功并设置开机启动
启动Nginx服务:sudo systemctl start nginx 设置Nginx开机自启:sudo systemctl enable nginx 检查Nginx服务状态:sudo systemctl status nginx
4、修改配置文件
user nginx;
# worker 进程数量,建议不要超过 CPU 核数的两倍
worker_processes 4;
# 最大文件描述符数量
worker_rlimit_nofile 65535;
events {
# worker 进程单个进程最大连接数
worker_connections 8192;
}
http {
# 定义黑名单,禁止以下 IP 访问
geo $forbidden_ips {
default 0;
36.158.191.58/32 1;
}
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr $remote_port - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
# 连接超时时间,防止有些请求一直占用连接池
keepalive_timeout 65;
# 开启 Gzip 压缩,可以使压缩后的响应体更快地传输到客户端
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
# 缓存设置,可以让客户端缓存静态资源,减少请求次数
client_body_buffer_size 10M;
client_header_buffer_size 1m;
client_body_timeout 15;
client_header_timeout 15;
client_max_body_size 100m;
large_client_header_buffers 2 1m;
sendfile on;
send_timeout 10m;
server_tokens off;
tcp_nodelay on;
tcp_nopush on;
# 打开文件缓存
open_file_cache max=65535 inactive=30s;
open_file_cache_valid 60s;
open_file_cache_min_uses 1;
open_file_cache_errors on;
# 打开请求域名和请求 URI 的缓存,可以提高请求匹配效率
server_names_hash_bucket_size 64;
server_names_hash_max_size 512;
server {
listen 80;
server_name jk.pg88.cn;
rewrite ^(.*)$ https://$host$1; #将所有HTTP请求通过rewrite指令重定向到HTTPS。
if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})"){
set $time $1$2$3;
}
# 只允许非黑名单中的 IP 访问
if ($forbidden_ips = 1) {
return 403;
}
access_log /data/nginx/log/jk.pg88.cn.http/access_${time}.log main;
location / {
proxy_set_header Host $host;
proxy_set_header User-Agent $http_user_agent;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
index index.html index.htm;
}
}
server {
listen 443 ssl;
server_name jk.pg88.cn;
root html;
index index.html index.htm;
ssl_certificate cert/9033745_jk.pg88.cn.pem;
ssl_certificate_key cert/9033745_jk.pg88.cn.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})"){
set $time $1$2$3;
}
# 只允许非黑名单中的 IP 访问
if ($forbidden_ips = 1) {
return 403;
}
access_log /data/nginx/log/jk.pg88.cn.https/access_${time}.log main;
proxy_connect_timeout 360s;#nginx跟后端服务器连接超时时间(代理连接超时)
proxy_send_timeout 360s;#后端服务器数据回传时间(代理发送超时)
proxy_read_timeout 360s;#连接成功后,后端服务器响应时间(代理接收超时)
fastcgi_connect_timeout 360s;#指定nginx与后端fastcgi server连接超时时间
fastcgi_send_timeout 360s;#指定nginx向后端传送请求超时时间(指已完成两次握手后向fastcgi传送请求超时时间)
fastcgi_read_timeout 360s;#指定nginx向后端传送响应超时时间(指已完成两次握手后向fastcgi传送响应超时时间)
location / {
proxy_set_header Host $host;
proxy_set_header User-Agent $http_user_agent;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8082;
}
}
}
你所拥抱的并不总是拥抱你
浙公网安备 33010602011771号