1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
|
yum groupinstall
"Development Tools"
-y
yum
install
wget zlib-devel openssl-devel pcre-devel -y
yum -y
install
gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel
bzip2
bzip2
-devel ncurses ncurses-devel gd gd-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5-devel libidn libidn-devel openssl openssl-devel openldap openldap-devel nss_ldap openldap-clients openldap-servers pcre pcre-devel ImageMagick ImageMagick-devel git
cd
/usr/local/src
wget http:
//nginx
.org
/download/nginx-1
.12.1.
tar
.gz
tar
zxvf nginx-1.12.1.
tar
.gz
cd
nginx-1.12.1
groupadd -g 58 nginx
useradd
-u 58 -g 58 -M nginx -s
/sbin/nologin
mkdir
-p
/var/tmp/nginx/
{client,proxy,fastcgi,uwsgi,scgi}
mkdir
-p
/var/cache/nginx/client_temp
.
/configure
\
--user=nginx --group=nginx \
--prefix=
/etc/nginx
\
--sbin-path=
/usr/sbin/nginx
\
--conf-path=
/etc/nginx/nginx
.conf \
--error-log-path=
/var/log/nginx/error
.log \
--http-log-path=
/var/log/nginx/access
.log \
--pid-path=
/var/run/nginx
.pid \
--lock-path=
/var/run/nginx
.lock \
--http-client-body-temp-path=
/var/cache/nginx/client_temp
\
--http-proxy-temp-path=
/var/cache/nginx/proxy_temp
\
--http-fastcgi-temp-path=
/var/cache/nginx/fastcgi_temp
\
--http-uwsgi-temp-path=
/var/cache/nginx/uwsgi_temp
\
--http-scgi-temp-path=
/var/cache/nginx/scgi_temp
\
--user=nginx \
--group=nginx \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_stub_status_module \
--with-http_auth_request_module \
--with-threads \
--with-stream \
--with-stream_ssl_module \
--with-http_slice_module \
--with-mail \
--with-mail_ssl_module \
--with-
file
-aio \
--with-http_v2_module \
--with-ipv6
make
&&
make
install
nginx -V
cat
>>
/lib/systemd/system/nginx
.service <<EOF
[Unit]
Description=nginx - high performance web server
Documentation=http:
//nginx
.org
/en/docs/
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=
/run/nginx
.pid
ExecStartPre=
/usr/sbin/nginx
-t -c
/etc/nginx/nginx
.conf
ExecStart=
/usr/sbin/nginx
-c
/etc/nginx/nginx
.conf
ExecReload=
/bin/kill
-s HUP $MAINPID
ExecStop=
/bin/kill
-s QUIT $MAINPID
PrivateTmp=
true
[Install]
WantedBy=multi-user.target
EOF
systemctl
enable
nginx.service
systemctl start nginx.service
netstat
-lntup |
grep
80
mv
/etc/nginx/nginx
.conf
/etc/nginx/nginx
.conf.bak
cat
>>
/etc/nginx/nginx
.conf <<EOF
user nginx nginx;
worker_processes auto;
error_log
/usr/local/nginx/logs/nginx_error
.log crit;
pid
/usr/local/nginx/logs/nginx
.pid;
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 51200;
multi_accept on;
}
http
{
include mime.types;
default_type application
/octet-stream
;
log_format main
'$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'
;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 50m;
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 256k;
gzip
on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text
/plain
application
/javascript
application
/x-javascript
text
/javascript
text
/css
application
/xml
application
/xml
+rss;
gzip_vary on;
gzip_proxied expired no-cache no-store private auth;
gzip_disable
"MSIE [1-6]\."
;
#limit_conn_zone $binary_remote_addr zone=perip:10m; 容器共使用10M的内存来对于IP传输开销
##If enable limit_conn_zone,add "limit_conn perip 10;" to server section. 每个IP使用10个连接,添加在location 里面
server_tokens off;
access_log off;
server
{
listen 80 default_server;
#listen [::]:80 default_server ipv6only=on;
server_name localhost;
index index.html index.htm index.php;
root
/etc/nginx/html
;
#error_page 404 /404.html;
# Deny access to PHP files in specific directory
#location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME
/scripts
$fastcgi_script_name;
include fastcgi_params;
}
#location ~ [^/]\.php(/|$)
#{
# try_files $uri =404;
# fastcgi_pass unix:/tmp/php-cgi.sock;
# fastcgi_index index.php;
# include fastcgi.conf;
#}
location
/nginx_status
{
stub_status on;
access_log off;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /.well-known {
allow all;
}
location ~ /\.
{
deny all;
}
access_log
/usr/local/nginx/logs/access
.log;
}
}
EOF
cat
>>
/var/log/nginx/log
.sh <<EOF
#!/bin/bash
path=
/var/log/nginx/backup
if
[ ! -d
"#path"
];
then
mkdir
-p $path
fi
cd
/var/log/nginx
mv
access.log backup/$(
date
+%F -d -1day).log
systemctl reload nginx.service
EOF
chmod
+x
/var/log/nginx/log
.sh
crontab
-e
00 00 * * *
/var/log/nginx/log
.sh >
/dev/null
2&1
|
本文转自 295631788 51CTO博客,原文链接:http://blog.51cto.com/hequan/1981306,如需转载请自行联系原作者