银河麒麟(Kylin)离线安装 Nginx 并部署多服务教程
本文介绍如何在 银河麒麟操作系统(Kylin V10)上进行 Nginx 的离线安装与配置,包括依赖包下载、HTTPS 配置、多端口站点部署等完整步骤。
1. 准备环境
由于是离线安装,需要提前下载 Nginx 及其依赖的 RPM 包。
银河麒麟官方镜像地址示例:https://update.cs2c.com.cn/NS/V10/V10SP3/os/adv/lic/updates/x86_64/Packages/
其中
V10
、V10SP3
、x86_64
根据你的系统版本和 CPU 架构调整。
需要下载以下 RPM 包(注意版本匹配):
gperftools-libs-.......rpm
nghttp2-.......rpm
nginx-.......rpm
nginx-all-modules-.......rpm
nginx-filesystem-.......rpm
openssl-.......rpm
openssl-libs-.......rpm
pcre2-.......rpm
zlib-.......rpm
2. 安装 Nginx 及依赖
将下载好的 RPM 包放到 /tmp/nginx_rpm/
目录:
cd /tmp/nginx_rpm/
rpm -ivh *.rpm --force --nodeps
3. 生成 SSL 证书
创建证书目录:
mkdir -p /etc/nginx/ssl
cd /etc/nginx/ssl
生成自签名证书(有效期 365 天):
openssl req -newkey rsa:2048 -nodes -keyout test.key \
-x509 -days 365 -out test.crt \
-subj "/C=CN/ST=Beijing/L=Beijing/O=Test/OU=IT/CN=localhost"
4. 创建测试站点目录
mkdir -p /var/www/test-web
mkdir -p /var/www/test-app
echo "Web Index" > /var/www/test-web/index.html
echo "App Index" > /var/www/test-app/index.html
5. 配置 Nginx
编辑 /etc/nginx/nginx.conf
(替换原内容):
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Gzip 压缩
gzip on;
gzip_min_length 1k;
gzip_comp_level 6;
gzip_types text/plain text/css application/json application/javascript application/xml;
gzip_vary on;
sendfile on;
keepalive_timeout 65;
include /etc/nginx/conf.d/*.conf;
}
6. 新建多站点配置文件
新建 /etc/nginx/conf.d/project.conf
:
# Web HTTP → HTTPS
server {
listen 80;
server_name localhost;
return 301 https://$server_name$request_uri;
}
# Web HTTPS
server {
listen 443 ssl http2;
server_name localhost;
client_max_body_size 1024m;
ssl_certificate /etc/nginx/ssl/test.crt;
ssl_certificate_key /etc/nginx/ssl/test.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
root /var/www/test-web;
index index.html;
try_files $uri $uri/ /index.html;
}
location /test/ {
proxy_pass http://192.168.2.67:9652;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
# App HTTP → HTTPS
server {
listen 3000;
server_name localhost;
return 301 https://$server_name:3001$request_uri;
}
# App HTTPS
server {
listen 3001 ssl http2;
server_name localhost;
client_max_body_size 1024m;
ssl_certificate /etc/nginx/ssl/test.crt;
ssl_certificate_key /etc/nginx/ssl/test.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
root /var/www/test-app;
index index.html;
try_files $uri $uri/ /index.html;
}
location /test/ {
proxy_pass http://192.168.2.67:9652;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
测试配置文件:nginx -t
7. 注册服务并启动 Nginx
创建服务文件:
vim /etc/systemd/system/nginx.service
写入以下内容:
[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/run/nginx.pid
# Nginx will fail to start if /run/nginx.pid already exists but has the wrong
# SELinux context. This might happen when running `nginx -t` from the cmdline.
ExecStartPre=/usr/bin/rm -f /run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t
ExecStart=/usr/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
KillSignal=SIGQUIT
TimeoutStopSec=5
KillMode=mixed
PrivateTmp=true
[Install]
WantedBy=multi-user.target
设置开机启动并启动 Nginx:
systemctl enable nginx
systemctl start nginx
systemctl status nginx
8. 开放防火墙端口
sudo firewall-cmd --add-port=80/tcp --permanent
sudo firewall-cmd --add-port=443/tcp --permanent
sudo firewall-cmd --add-port=3000/tcp --permanent
sudo firewall-cmd --add-port=3001/tcp --permanent
sudo firewall-cmd --reload
9. 访问测试
Web 站点:
http://localhost
会自动跳转到 https://localhost
https://localhost
显示 Web Index
App 站点:
http://localhost:3000
会跳转到 https://localhost:3001
https://localhost:3001
显示 App Index
- 总结
本文介绍了在银河麒麟 V10 系统中 离线安装 Nginx 的全过程,包括:
- 依赖包下载与安装
- 自签名 SSL 证书生成
- 多站点 HTTPS 配置
- 反向代理示例
- 防火墙端口开放
通过该流程,即使在无外网环境下,也能在 Kylin OS 上快速部署 Nginx 服务器。