# 官方主页
http://nginx.org/en/download.html
# 切换到 /usr/local 下
root@localhost:~# cd /usr/local
# 解压 nginx-1.20.2.tar.gz
root@localhost:~# tar -zxvf nginx-1.20.2.tar.gz
# 安装 nginx 环境依赖支持
root@localhost:~# apt-get install openssl libssl-dev
root@localhost:~# apt-get install libpcre3 libpcre3-dev
root@localhost:~# apt-get install zlib1g zlib1g-dev
# 进入到 nginx-1.21.0 目录
root@localhost:~# cd nginx-1.20.2
# 配置编译信息
root@localhost:~# ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-stream --with-http_v2_module
# 编译 nginx
root@localhost:~# make
# 执行安装
root@localhost:~# make install
# 建立nginx用户(该用户没有登陆权限)
root@localhost:~# useradd -M -r -d /dev/null -s /sbin/nologin nginx
# 设置目录所属用户和组
root@localhost:~# chown -R nginx:nginx /usr/local/nginx
# 配置服务启动
root@localhost:~# vi /lib/systemd/system/nginx.service
# 文件内容如下
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s stop
PrivateTmp=true
Group=tomcat
[Install]
WantedBy=multi-user.target
# 修改服务后重新加载服务
root@localhost:~# systemctl daemon-reload
# 设置开机启动
root@localhost:~# systemctl enable nginx.service
# 删除开机启动
root@localhost:~# systemctl disable nginx.service
# 启动 nginx 服务
root@localhost:~# systemctl start nginx.service
# 停止 nginx 服务
root@localhost:~# systemctl stop nginx.service
# 从新加载 nginx 配置
root@localhost:~# systemctl reload nginx.service
# 重启 nginx 服务
root@localhost:~# systemctl restart nginx.service
# 查看 nginx 服务状态
root@localhost:~# systemctl status nginx.service
user nginx;
worker_processes 1;
error_log logs/error.log;
pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
gzip on;
# Tomcat
upstream appServer {
server 127.0.0.1:8080 weight=10;
}
# HTTP Server
server {
listen 80;
server_name localhost;
charset utf-8;
access_log logs/http.localhost.access.log main;
rewrite ^(.*)$ https://$host$1 permanent;
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
# HTTPS Server
server {
listen 443 ssl;
server_name localhost;
charset utf-8;
access_log logs/https.localhost.access.log main;
ssl_certificate ./../cert/localhost.pem;
ssl_certificate_key ./../cert/localhost.key;
ssl_session_timeout 5m;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://appServer;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
proxy_connect_timeout 240;
proxy_send_timeout 240;
proxy_read_timeout 240;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}