|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
|
下面的是一键安装nginx 1.10.3 最新稳定版本,编译参数是官方推荐的。
yum groupinstall
"Development Tools"
-y
yum
install
wget zlib-devel openssl-devel pcre-devel -y
cd
/usr/local/src
wget http:
//nginx
.org
/download/nginx-1
.10.3.
tar
.gz
tar
zxvf nginx-1.10.3.
tar
.gz
cd
nginx-1.10.3
groupadd -g 58 nginx
useradd
-u 58 -g 58 -M nginx -s
/sbin/nologin
mkdir
-p
/var/tmp/nginx/
{client,proxy,fastcgi,uwsgi,scgi}
mkdir
-p
/var/cache/nginx/client_temp
.
/configure
\
--user=nginx --group=nginx \
--prefix=
/etc/nginx
\
--sbin-path=
/usr/sbin/nginx
\
--conf-path=
/etc/nginx/nginx
.conf \
--error-log-path=
/var/log/nginx/error
.log \
--http-log-path=
/var/log/nginx/access
.log \
--pid-path=
/var/run/nginx
.pid \
--lock-path=
/var/run/nginx
.lock \
--http-client-body-temp-path=
/var/cache/nginx/client_temp
\
--http-proxy-temp-path=
/var/cache/nginx/proxy_temp
\
--http-fastcgi-temp-path=
/var/cache/nginx/fastcgi_temp
\
--http-uwsgi-temp-path=
/var/cache/nginx/uwsgi_temp
\
--http-scgi-temp-path=
/var/cache/nginx/scgi_temp
\
--user=nginx \
--group=nginx \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_stub_status_module \
--with-http_auth_request_module \
--with-threads \
--with-stream \
--with-stream_ssl_module \
--with-http_slice_module \
--with-mail \
--with-mail_ssl_module \
--with-
file
-aio \
--with-http_v2_module \
--with-ipv6
make
&&
make
install
nginx -V
Centos7 启动方式
cat
>>
/lib/systemd/system/nginx
.service <<EOF
[Unit]
Description=nginx - high performance web server
Documentation=http:
//nginx
.org
/en/docs/
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=
/run/nginx
.pid
ExecStartPre=
/usr/sbin/nginx
-t -c
/etc/nginx/nginx
.conf
ExecStart=
/usr/sbin/nginx
-c
/etc/nginx/nginx
.conf
ExecReload=
/bin/kill
-s HUP $MAINPID
ExecStop=
/bin/kill
-s QUIT $MAINPID
PrivateTmp=
true
[Install]
WantedBy=multi-user.target
EOF
systemctl
enable
nginx.service
systemctl start nginx.service
netstat
-lntup |
grep
80
|
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
内核优化
cat
>>
/etc/sysctl
.conf << EOF
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 262144
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 30
net.ipv4.ip_local_port_range = 1024 6500
EOF
|
|
1
2
3
|
sysctl -p
cd
/etc/nginx/
mv
nginx.conf nginx.conf.bak
|
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
|
配置文件优化,启用HTTPS
vim nginx.conf
user nginx nginx;
worker_processes auto;
worker_rlimit_nofile 65535;
error_log
/var/log/nginx/error
.log info;
pid
/var/run/nginx
.pid;
events {
use epoll;
worker_connections 10240;
multi_accept on;
}
http
{
include mime.types;
default_type application
/octet-stream
;
charset utf-8;
log_format main
'$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'
;
access_log
/var/log/nginx/access
.log main;
server_names_hash_bucket_size 128;
client_header_buffer_size 16k;
large_client_header_buffers 4 16k;
client_max_body_size 50m;
server_tokens off;
autoindex off;
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;
client_header_timeout 15;
reset_timedout_connection on;
client_body_timeout 15;
send_timeout 15;
fastcgi_intercept_errors on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 16k;
fastcgi_buffers 16 16k;
fastcgi_busy_buffers_size 16k;
fastcgi_temp_file_write_size 16k;
fastcgi_cache_path
/etc/nginx/fastcgi_cache
levels=1:2
keys_zone=TEST:10m
inactive=5m;
fastcgi_cache TEST;
fastcgi_cache_valid 200 302 1h;
fastcgi_cache_valid 301 1d;
fastcgi_cache_valid any 1m;
fastcgi_cache_min_uses 1;
fastcgi_cache_use_stale error timeout invalid_header http_500;
fastcgi_cache_key
"$request_method://$host$request_uri"
;
open_file_cache max=204800 inactive=20s;
open_file_cache_min_uses 1;
open_file_cache_valid 30s;
gzip
on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 5;
gzip_types text
/css
application
/javascript
text
/xml
;
gzip_vary on;
gzip_disable
"MSIE [1-6].(?!.*SV1)"
;
server
{
listen 80;
server_name hequan.lol;
index index.php index.html index.htm;
root html;
return
301 https:
//
$server_name$request_uri;
}
server {
listen 443 ssl;
server_name hequan.lol;
index index.html index.htm index.php default.html default.htm default.php;
root html;
ssl on;
ssl_certificate
/etc/nginx/key/1_www
.hequan.lol_bundle.crt;
ssl_certificate_key
/etc/nginx/key/2_www
.hequan.lol.key;
ssl_ciphers
"EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5"
;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
location
/status
{
stub_status on;
access_log off;
#allow 127.0.0.1;
#deny all;
}
error_page 400 401 402 403 404
/40x
.html;
location =
/40x
.html {
root html;
index index.html index.htm;
}
error_page 500 501 502 503 504
/50x
.html;
location =
/50x
.html {
root html;
index index.html index.htm;
}
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME
/etc/nginx/html
$fastcgi_script_name;
include fastcgi_params;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
}
}
日志切割
cat
>> log.sh <<EOF
#!/bin/bash
path=
/var/log/nginx/backup
if
[ ! -d
"#path"
];
then
mkdir
-p $path
fi
cd
/var/log/nginx
mv
access.log backup/$(
date
+%F -d -1day).log
systemctl reload nginx.service
EOF
crontab
-e
00 00 * * *
/var/log/nginx/log
.sh >
/dev/null
2&1
|
关于证书 可以去
https://console.qcloud.com/ssl/apply (有效期一年) 申请,非常简单。腾讯认证的。跟着流程走,几分钟就好。
|
1
2
|
ssl_certificate
/etc/nginx/key/1_www
.hequan.lol_bundle.crt;
ssl_certificate_key
/etc/nginx/key/2_www
.hequan.lol.key;
|
上面一个是证书,一个是密钥。自定义目录。
以上设置仅供参考。欢迎提出有疑问的地方。
本文转自 295631788 51CTO博客,原文链接:http://blog.51cto.com/hequan/1895932,如需转载请自行联系原作者
