Nginx 笔记

Summary: Author: 张亚飞 | 阅读时间: 3 minute read | Published: 2016-08-08
Filed under Categories: DevOpsTags: Linux, Server, Software, DevOps,

不错的Nginx开发者博客


  • 安装依赖包
yum -y install gcc
yum install pcre
yum install pcre-devel
yum install openssl openssl-devel
yum -y install zlib zlib-devel openssl openssl-devel pcre pcre-devel

通过 repo 源安装 Nginx 组件

  1. 添加官方源
#下载GPG秘钥
wget https://nginx.org/keys/nginx_signing.key

#导入GPG秘钥
sudo rpm --import nginx_signing.key
  1. CentOS 添加 Nginx Yum
touch /etc/yum.repos.d/nginx.repo

/etc/yum.repos.d/nginx.repo

* [nginx]
name=nginx repo
baseurl=http://nginx.org/packages/CentOS/7/$basearch/
gpgcheck=1
enabled=1

CentOS 使用 Nginx 官方源安装 Nginx

  1. CentOS.7 中添加Yum软件源后,安装 Nginx Http 服务器就非常简单啦:
sudo yum install nginx

CentOS 源码编译安装 Nginx

安装依赖

sudo yum -y install gcc gcc-c++ cmake ncurses ncurses-devel libxml2 libxml2-devel zlib zlib-devel openssl openssl-devel curl curl-devel libtool pcre pcre-devel
yum install lua-devel

创建用户 nginx

useradd nginx -s /sbin/nologin -r -M

注意参数 -r 和 -M 区别

  • -M 不创建家目录,用于非系统用户
useradd nginx -s /sbin/nologin -M

# /etc/passwd
nginx:x:1001:1002::/home/nginx:/sbin/nologin

六 6月 16 12:15:37 coam@v.cs.0:~$ id nginx
uid=1001(nginx) gid=1002(nginx) 组=1002(nginx)
  • -r: 创建系统用户 CentOS 6: ID<500,CentOS 7: ID<1000
useradd nginx -s /sbin/nologin -r -M

# /etc/passwd
nginx:x:993:991::/home/nginx:/sbin/nologin

六 6月 16 12:15:37 coam@v.cs.0:~$ id nginx
nginx:x:993:991::/home/nginx:/sbin/nologin
  • 通过以下命令判断用户 nginx 对指定目录是否有权限:
sudo -u nginx stat /data/home/coam/WebCoam/Web/public

注意检查用户组 /data/home/coam 权限

  • 如果仅设定用户子目录权限而没有提升上级父文件 /data/home/coam 权限,其它用户组 nginx 仍没有权限打开子级目录;

注意将 /data/home/coam 权限设置为 755;

参考列表

添加 pagespeed 模块

/opt/data/ngx-m

sudo wget https://github.com/pagespeed/ngx_pagespeed/archive/latest-stable.tar.gz
sudo tar -zxvf latest-stable.tar.gz

/opt/data/ngx-m/incubator-pagespeed-ngx-latest-stable

# [PageSpeed 最新 PSOL 下载方式、Redis支持和缓存清理教程](https://www.mf8.biz/pagespeed-1-12-43-2/)
sudo wget https://dl.google.com/dl/page-speed/psol/1.13.35.2-x64.tar.gz
sudo tar -xzvf 1.13.35.2-x64.tar.gz  # extracts to psol/
  • 添加 https://github.com/simpl/ngx_devel_kit.gitlua-nginx-moduleecho-nginx-module 模块

/opt/data/ngx-m

git clone https://github.com/simpl/ngx_devel_kit.git
git clone https://github.com/openresty/lua-nginx-module.git
git clone https://github.com/openresty/echo-nginx-module.git

在官网下载最新 Nginx 源码

/opt/data

wget http://nginx.org/download/nginx-1.14.0.tar.gz
tar -zxvf nginx-1.14.0.tar.gz
cd nginx-1.14.0
sudo ./configure \
--user=nginx --group=nginx \
--prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock \
--http-client-body-temp-path=/var/cache/nginx/client_body_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp \
--with-compat --with-file-aio --with-threads \
--with-mail --with-mail_ssl_module \
--with-http_stub_status_module --with-http_ssl_module --with-http_v2_module --with-http_secure_link_module --with-http_slice_module --with-http_realip_module --with-http_gunzip_module --with-http_gzip_static_module \
--with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module \
--add-module=/opt/data/ngx-m/ngx_devel_kit --add-module=/opt/data/ngx-m/lua-nginx-module --add-module=/opt/data/ngx-m/echo-nginx-module \
--add-module=/opt/data/ngx-m/incubator-pagespeed-ngx-latest-stable
make
make install
  • 暂时保留 –with-http_addition_module –with-http_auth_request_module –with-http_dav_module –with-http_flv_module –with-http_mp4_module –with-http_random_index_module –with-http_sub_module
    –with-cc-opt=‘-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC’ –with-ld-opt=‘-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -Wl,–as-needed -pie’

扩展模块说明

Nginx 服务管理部署

  • 添加 systemctl
* [Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network.target remote-fs.target nss-lookup.target

* [Service]
Type=forking
PIDFile=/var/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t
ExecStart=/usr/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true

* [Install]
WantedBy=multi-user.target

参考列表


Comments

Cor-Ethan, the beverage → www.iirii.com