1. 源码包准备
安装nginx所需工具源码包下载地址:
nginx: https://nginx.org/download/pcre: http://www.pcre.org/zlib: https://www.zlib.net/openssl: https://www.openssl.org/
安装nginx所需源码包:
- nginx-1.15.7.tar.gz
- pcre-8.42.tar.gz
- zlib-1.2.11.tar.gz
- openssl-1.1.1a.tar.gz
通过wget命令下载:
wget -c https://nginx.org/download/nginx-1.15.7.tar.gz
wget -c https://ftp.pcre.org/pub/pcre/pcre-8.42.tar.gz
wget -c https://www.zlib.net/zlib-1.2.11.tar.gz
wget -c https://www.openssl.org/source/openssl-1.1.1a.tar.gz解压:
tar -xzvf nginx-1.15.7.tar.gz
tar -xzvf pcre-8.42.tar.gz
tar -xzvf zlib-1.2.11.tar.gz
tar -xzvf openssl-1.1.1a.tar.gz2. 编译环境工具安装
for centos:
sudo yum check-update || sudo yum update -y
sudo yum groupinstall -y 'Development Tools' && sudo yum install -y vim
sudo yum install -y epel-release
sudo yum install -y perl perl-devel perl-ExtUtils-Embed libxslt libxslt-devel libxml2 libxml2-devel gd gd-devel GeoIP GeoIP-develfor ubuntu:
可选依赖进行安装:
sudo apt update && sudo apt upgrade -y
sudo apt install build-essential -y
sudo apt install libxml2 libxml2-dev libxslt1.1 libxslt1-dev libgd-dev3. 源码编译安装nginx
for centos:
./configure --prefix=/usr/local/nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--user=nginx \
--group=nginx \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--with-select_module \
--with-poll_module \
--with-threads \
--with-file-aio \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_xslt_module=dynamic \
--with-http_image_filter_module=dynamic \
--with-http_geoip_module=dynamic \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_auth_request_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_degradation_module \
--with-http_slice_module \
--with-http_stub_status_module \
--with-mail=dynamic \
--with-mail_ssl_module \
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module \
--with-stream_geoip_module=dynamic \
--with-stream_ssl_preread_module \
--with-compat \
--with-pcre=../pcre-8.42 \
--with-pcre-jit \
--with-zlib=../zlib-1.2.11 \
--with-openssl=../openssl-1.1.1a \
--with-openssl-opt=no-nextprotoneg \
--with-debug
make
sudo make installfor ubuntu:
./configure --prefix=/usr/local/nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--user=nginx \
--group=nginx \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--with-select_module \
--with-poll_module \
--with-threads \
--with-file-aio \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_auth_request_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_degradation_module \
--with-http_slice_module \
--with-http_stub_status_module \
--with-mail=dynamic \
--with-mail_ssl_module \
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module \
--with-stream_ssl_preread_module \
--with-compat \
--with-pcre=../pcre-8.42 \
--with-pcre-jit \
--with-zlib=../zlib-1.2.11 \
--with-openssl=../openssl-1.1.1a \
--with-openssl-opt=no-nextprotoneg \
--with-debug
make
sudo make install4. 打印nginx版本,编译器版本及配置脚本选项
sudo nginx -V
nginx version: nginx/1.15.7
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC)
built with OpenSSL 1.1.1a 20 Nov 2018
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --conf-path=/etc/nginx/nginx.conf --user=nginx --group=nginx --pid-path=/var/run/nginx/nginx.pid --lock-path=/var/run/nginx.lock --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --with-select_module --with-poll_module --with-threads --with-file-aio --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --with-mail=dynamic --with-mail_ssl_module --with-stream --with-stream_ssl_module --with-stream_realip_module --with-stream_geoip_module=dynamic --with-stream_ssl_preread_module --with-compat --with-pcre=../pcre-8.42 --with-pcre-jit --with-zlib=../zlib-1.2.11 --with-openssl=../openssl-1.1.1a --with-openssl-opt=no-nextprotoneg --with-debug5. 创建nginx用户及用户组
sudo useradd --system --home /var/cache/nginx --shell /sbin/nologin --comment "nginx user" --user-group nginx6. 创建nginx systemd unit文件
for centos:
sudo vim /usr/lib/systemd/system/nginx.service或
sudo vim /lib/systemd/system/nginx.service拷贝粘贴以下内容:
[Unit]
Description=nginx - high performance web server
Documentation=https://nginx.org/en/docs/
After=network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target
[Service]
Type=forking
PIDFile=/var/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t -c /etc/nginx/nginx.conf
ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s TERM $MAINPID
[Install]
WantedBy=multi-user.targetfor ubuntu:
sudo vim /etc/systemd/system/nginx.service或
sudo vim /lib/systemd/system/nginx.service拷贝粘贴以下内容:
[Unit]
Description=A high performance web server and a reverse proxy server
After=network.target
[Service]
Type=forking
PIDFile=/var/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t -q -g 'daemon on; master_process on;'
ExecStart=/usr/sbin/nginx -g 'daemon on; master_process on;'
ExecReload=/usr/sbin/nginx -g 'daemon on; master_process on;' -s reload
ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /var/run/nginx.pid
TimeoutStopSec=5
KillMode=mixed
[Install]
WantedBy=multi-user.target7. 开启并启用nginx服务开机自启动
sudo systemctl start nginx.service && sudo systemctl enable nginx.service
sudo systemctl daemon-reload检查nginx服务是否会在重启后自启动:
sudo systemctl is-enabled nginx.service
# enabled重启你的vps查看nginx服务是否自启动:
sudo shutdown -r now检查nginx是否正在运行:
sudo systemctl status nginx.service
ps aux | grep nginx
curl -I 127.0.0.1
sudo lsof -i:808. nginx服务管理
nginx服务启动:
sudo systemctl start nginxnginx服务停止:
sudo systemctl stop nginxnginx服务重启:
sudo systemctl restart nginxnginx配置文件热更新:
sudo nginx -s reloadnginx配置文件语法检查:
sudo nginx -t9. 端口监听检查
sudo netstat -anp
sudo netstat -tualpn | grep LISTEN
sudo netstat -tualpn | grep 80
sudo netstat -tualpn | grep 443
telnet [IP/域名] 443
Trying [IP]...
Connected to [IP/域名].
Escape character is '^]'.
Connection closed by foreign host.创建nginx配置文件目录
在nginx配置文件根目录下创建目录conf.d:
sudo mkdir -p /etc/nginx/conf.d在nginx配置文件/etc/nginx/nginx.conf使/etc/nginx/conf.d生效,在http模块内添加include /etc/nginx/conf.d/*.conf;, nginx.conf文件内容示例如下:
# user nobody;
user nginx nginx;
worker_processes 4;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
error_log /var/log/nginx/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
注意: 在给nginx配置https证书时, 需要检查防火墙和阿里云安全组是否对443端口开放, 且安全组是否在nginx所在的ecs实例上。