安装:
cd /usr/local/src
wget http://tengine.taobao.org/download/tengine-2.3.3.tar.gz
tar -xzf tengine-2.3.3.tar.gz
cd tengine-2.3.3.tar.gz
./configure
make
make install
ln -s /usr/local/nginx/sbin/nginx /usr/bin/nginx
nginx -V #查看版本和编译时参数
nginx -m #查看已安装的模块
nginx -t #检查配置文件
systemctl enable nginx
systemctl start nginx
tengine 的配置语法与nginx完全兼容,可直接使用
开启 ngx_http_upstream_check_module 模块
Tengine-1.4.0 版本之前,编译时以指定依赖库的方式开启:./configure --with-http_upstream_check_module
Tengine-1.4.0 到 2.3.0 版本默认开启
Tengine-2.3.1 版本之后,编译时以增加第三方模块的方式添加:./configure --add-module=./modules/ngx_http_upstream_check_module/
增加第三方模块的方法:
比如增加 modules/ngx_http_upstream_check_module 和 ngx_http_upstream_consistent_hash_module 模块
./configure \
--add-module=./modules/ngx_http_upstream_check_module/ \
--add-module=./modules/ngx_http_upstream_consistent_hash_module
所有可增加的模块都在源码包的 modules 目录,可视自己需要加载
增加ssl模块,防止使用certbot时报错:The error was: PluginError('Nginx build is missing SSL module (--with-http_ssl_module).')
./configure \
--add-module=./modules/ngx_http_upstream_check_module/ \
--add-module=./modules/ngx_http_upstream_consistent_hash_module \
--with-http_ssl_module
修改Nginx的运行用户,统一为www
添加用户和用户组
useradd www -s /sbin/nologin -M
修改/etc/nginx/nginx.conf
user www;
Nginx+PHP配置示例
nginx.conf 必要参数,注意最好不要修改pid文件位置,否则可能导致启动出现各种问题
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 60;
types_hash_max_size 4096;
sendfile_max_chunk 512k;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 50m;
client_body_buffer_size 20m;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 256k;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/javascript
application/x-javascript text/javascript text/css application/xml
application/xml+rss;
gzip_vary on;
gzip_proxied expired no-cache no-store private auth;
gzip_disable "MSIE [1-6]\.";
站点配置
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name _;
root /usr/share/nginx/html;
index index.html index.htm index.php default.html default.htm default.php;
ssl_certificate "/etc/pki/nginx/server.crt";
ssl_certificate_key "/etc/pki/nginx/private/server.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
if (!-e $request_filename) {
rewrite ^/(.*)$ /index.php/$1 last;
break;
}
location ~ /uploads/.*\.php$ { deny all; }
location ~ [^/]\.php(/|$)
{
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
fastcgi_param PHP_ADMIN_VALUE "open_basedir=/usr/share/nginx/html:/tmp/:/proc/";
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /.well-known {
allow all;
}
location ~ /\.
{
deny all;
}
access_log /usr/share/nginx/html/access.log main;
}
