By | 2022-01-02
  • 下载地址
# 官方主页
http://nginx.org/en/download.html
  • 编译安装
# 切换到 /usr/local 下
root@localhost:~# cd /usr/local

# 解压 nginx-1.20.2.tar.gz
root@localhost:~# tar -zxvf nginx-1.20.2.tar.gz

# 安装 nginx 环境依赖支持
root@localhost:~# apt-get install openssl libssl-dev
root@localhost:~# apt-get install libpcre3 libpcre3-dev
root@localhost:~# apt-get install zlib1g zlib1g-dev

# 进入到 nginx-1.21.0 目录
root@localhost:~# cd nginx-1.20.2

# 配置编译信息
root@localhost:~# ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-stream --with-http_v2_module

# 编译 nginx
root@localhost:~# make

# 执行安装
root@localhost:~# make install
  • 新建运行用户和组
# 建立nginx用户(该用户没有登陆权限)
root@localhost:~# useradd -M -r -d /dev/null -s /sbin/nologin nginx
# 设置目录所属用户和组
root@localhost:~# chown -R nginx:nginx /usr/local/nginx
  • 安装服务
# 配置服务启动
root@localhost:~# vi /lib/systemd/system/nginx.service
# 文件内容如下
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target

[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s stop
PrivateTmp=true
Group=tomcat

[Install]
WantedBy=multi-user.target
  • 常用服务命令
# 修改服务后重新加载服务
root@localhost:~# systemctl daemon-reload
# 设置开机启动
root@localhost:~# systemctl enable nginx.service
# 删除开机启动
root@localhost:~# systemctl disable nginx.service
# 启动 nginx 服务
root@localhost:~# systemctl start nginx.service
# 停止 nginx 服务
root@localhost:~# systemctl stop nginx.service
# 从新加载 nginx 配置
root@localhost:~# systemctl reload nginx.service
# 重启 nginx 服务
root@localhost:~# systemctl restart nginx.service
# 查看 nginx 服务状态
root@localhost:~# systemctl status nginx.service
  • 基础配置
user  nginx;
worker_processes  1;

error_log  logs/error.log;
pid        logs/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;
    gzip  on;

    # Tomcat
    upstream appServer {
        server 127.0.0.1:8080 weight=10;
    }

    # HTTP Server
    server {
        listen       80;
        server_name  localhost;
        charset utf-8;
        access_log  logs/http.localhost.access.log  main;
        rewrite ^(.*)$  https://$host$1 permanent;
        error_page  404              /404.html;
        error_page  500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }

    # HTTPS Server
    server {
        listen 443 ssl;
        server_name localhost;
                charset utf-8;
        access_log  logs/https.localhost.access.log  main;

        ssl_certificate   ./../cert/localhost.pem;
        ssl_certificate_key  ./../cert/localhost.key;
        ssl_session_timeout 5m;
        add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_prefer_server_ciphers on;
        location / {
                    proxy_pass http://appServer;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_redirect off;
            proxy_connect_timeout      240;
            proxy_send_timeout         240;
            proxy_read_timeout         240;
        }
        error_page  404              /404.html;
        error_page  500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }

}