nginx的基础配置

###########nginx############

1.源码包安装

tar zxf nginx-1.12.0.tar.gz
cd nginx-1.12.0/src/core
vim nginx.h
  #define NGINX_VERSION "0.7.67"

  #define NGINX_VER "nginx" ##修改此行,去掉后面的“NGINX_VERSION”,这样编译修改显示名称使其不显示版本号 

        

cd nginx-1.12.0/auto/cc
vim gcc
  # debug

  #CFLAGS=”$CFLAGS -g”  ##注释掉这行,去掉debug模式编译,编译以后程序只有几百k 

    

cd nginx-1.12.0/
useradd -M -d /usr/local/lnmp/nginx -s /sbin/nologin -u 800 nginx    ##创建用户
##根据需求选择安装项目
./configure --prefix=/usr/local/lnmp/nginx --user=nginx --group=nginx --with-threads --with-file-aio --with-http_ssl_module --with-http_stub_status_module

yum install pcre-devel -y    
yum install openssl-devel -y    ##安装依赖性
rpm -qc gcc            ##检测是否安装gcc，否则必须安装
yum install gcc -y
make && make install        ##编译成功后安装
make clean            ##若出现问题，需要重新编译，就要清除编译后生成的文件
cd /usr/local/lnmp/nginx/sbin
./nginx                ##启动程序
ln -s /usr/local/lnmp/nginx/sbin/nginx /sbin/    ##创建软连接，在任意位置可以打开软件
which nginx
/sbin/nginx


测试结果：
 curl localhost -I
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 19 Jul 2017 05:11:39 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Wed, 19 Jul 2017 05:10:24 GMT
Connection: keep-alive
ETag: "596ee9c0-264"
Accept-Ranges: bytes

2.cpu绑定

cd  /usr/local/lnmp/nginx/conf
vim nginx.conf
  worker_processes  2;        ##开启进程数
  worker_cpu_affinity 01 10;    ##绑定cpu
  events {
    worker_connections  65535;    ##更改允许连接数
  }
[root@server1 ~]# sysctl -a|grep file    ##查看系统最大文件数必须大于更改的文件
  fs.file-nr = 416    0    188444
  fs.file-max = 188444
[root@server1 ~]# usermod -s /bin/bash nginx
[root@server1 ~]# vim /etc/security/limits.conf    ##更改系统文件限制
  nginx           -       nofile          65535

测试：

           [root@server1 ~]# su - nginx
            -bash-4.1$ ulimit -a
             core file size          (blocks, -c) 0
             data seg size           (kbytes, -d) unlimited
             scheduling priority             (-e) 0
             file size               (blocks, -f) unlimited
             pending signals                 (-i) 14867
             max locked memory       (kbytes, -l) 64
             max memory size         (kbytes, -m) unlimited
             open files                      (-n) 65535          ##改后生效的结果
             pipe size            (512 bytes, -p) 8
             POSIX message queues     (bytes, -q) 819200
             real-time priority              (-r) 0
             stack size              (kbytes, -s) 10240
             cpu time               (seconds, -t) unlimited
              max user processes              (-u) 1024
              virtual memory          (kbytes, -v) unlimited
               file locks                      (-x) unlimited
              -bash-4.1$ logout

3.虚拟主机

[root@server1 ~]# cd /usr/local/lnmp/nginx/conf/
[root@server1 conf]# vim nginx.conf
server {
        listen 80;
        server_name www.westos.org;
        location / {
                root /web1;
                index index.html;
        }
}
nginx -t    ##检测是否有语法错误

[root@server1 conf]# nginx -s reload    ##重新加载配置文件

测试：

       网页输入：www.westos.org

4.创建密钥认证https

[root@server1 ~]# cd /usr/local/lnmp/nginx/conf/
[root@server1 conf]# vim nginx.conf    ##编辑主配置文件
server {
        listen       443 ssl;        ##开启443端口
        server_name  localhost;        ##主机名

        ssl_certificate      cert.pem;    ##证书名(相对路径)
        ssl_certificate_key  cert.pem;    ##密钥

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

        location / {
            root   html;
            index  index.html index.htm;
        }
    }

[root@server1 conf]# cd /etc/pki/tls/certs/
[root@server1 certs]# make cert.pem        ##创建生成密钥
umask 77 ; \
    PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
    PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
    /usr/bin/openssl req -utf8 -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ; \
    cat $PEM1 >  cert.pem ; \
    echo ""    >> cert.pem ; \
    cat $PEM2 >> cert.pem ; \
    rm -f $PEM1 $PEM2
Generating a 2048 bit RSA private key
..............................................................+++
..............+++
writing new private key to '/tmp/openssl.3TIgtU'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:shaanxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:westos
Organizational Unit Name (eg, section) []:linux
Common Name (eg, your name or your server's hostname) []:server1
Email Address []:15202913064@163.com
[root@server1 certs]# mv cert.pem /usr/local/lnmp/nginx/conf/    ##移动到文件位置
[root@server1 certs]# nginx -t                    ##检测是否存在语法错误
nginx: the configuration file /usr/local/lnmp/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/lnmp/nginx/conf/nginx.conf test is successful
[root@server1 certs]# nginx -s reload                ##重新加载配置文件
[root@server1 certs]#
测试：
    网页输入:https://172.25.33.1/

5.访问控制

[root@server1 ~]# cd /usr/local/lnmp/nginx/conf/
[root@server1 conf]# vim nginx.conf     ##编辑主配置文件
 56    location /status {
 57                 stub_status on;
 58                 access_log off;
 59                 allow 127.0.0.1;
 60         #       deny all;

 61         }

测试结果：

6.网页重定向

[root@server1 ~]# cd /usr/local/lnmp/nginx/conf/
[root@server1 conf]# vim nginx.conf     ##编辑主配置文件
126         location / {
127             root   /web1;
128             index  index.html index.htm;
129         }
130     }

131    server {
132         listen 80;
133         server_name www.westos.org;
134         rewrite ^(.*)$ https://www.westos.org$1 redirect;
135    }
测试结果：
[root@foundation33 Desktop]# curl www.westos.org -I
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Wed, 19 Jul 2017 08:59:58 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: https://www.westos.org/    ##网页重新定向到该地址

7.反向代理，负载均衡

[root@server1 ~]# cd /usr/local/lnmp/nginx/conf/
[root@server1 conf]# vim nginx.conf     ##编辑主配置文件
 20         upstream westos {
        #ip_hash;    ##同一ip进行同一访问的算法
 21         server 172.25.33.2:80 weight=3;    ##轮叫的次数
 22         server 172.25.33.3:8080;
 23         server 127.0.0.1:8000 backup;
 24         }
126         location / {
127             root   /web1;
128             index  index.html index.htm;
129         }
130     }
131 server {
132         listen 80;
133         server_name www.westos.org;
134         #rewrite ^(.*)$ https://www.westos.org$1 redirect;
135         location / {
136                 proxy_pass http://westos;
137         }
138
139 }
更改http 服务的端口
[root@server1 conf]#  vim /etc/httpd/conf/httpd.conf
[root@server1 conf]# /etc/init.d/httpd start
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 172.25.33.1 for ServerName
                                                           [  OK  ]

测试：

  网页输入：www.westos.org