下载文件
http://nginx.org/en/download.html 下载 nginx-1.9.3.tar.gz
安装Nginx
一、安装nginx时必须先安装相应的编译工具 yum -y install gcc gcc-c++yum -y install zlib zlib-devel openssl openssl-devel pcre-devel 建立nginx 组 groupadd -r nginx
# -r 表示创建的是系统组 useradd -s /sbin/nologin -g nginx -r nginx
# -r 表示创建的是系统用户 id nginx
# 即使用其他用户启动nginx, 也必须创建nginx用户和用户组, 否则会出现 nginx: [emerg] getpwnam("nginx") failed 错误 zlib:nginx提供gzip模块,需要zlib库支持 openssl:nginx提供ssl功能 pcre:支持地址重写rewrite功能 二、tar -zxvf nginx-1.9.3.tar.gz 三、cd nginx-1.9.3 四、./configure --prefix=/usr --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --pid-path=/var/run/nginx/nginx.pid --user=nginx --group=nginx --with-http_ssl_module --with-http_flv_module --with-http_gzip_static_module --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/tmp/nginx/client --http-proxy-temp-path=/var/tmp/nginx/proxy --http-fastcgi-temp-path=/var/tmp/nginx/fcgi --with-http_stub_status_module
我用的参数是
./configure --prefix=/opt/nginx --user=nginx --group=nginx --with-http_gzip_static_module --with-pcre --with-http_ssl_module --with-stream --with-stream_ssl_module 五、make && make install
./configure --prefix=/opt/nginx --user=nginx --group=nginx --with-http_gzip_static_module --with-pcre --with-http_ssl_module --with-openssl=/usr/src/openssl-1.0.1p/ --with-http_stub_status_module --with-stream --with-stream_ssl_module # stub_status模块主要用于查看Nginx的一些状态信息 # with-openssl 指定 openssl 的源码目录
#启动nginx sudo /opt/nginx/sbin/nginx #查看nginx进程 ps aux|grep nginx nginx -s reload :修改配置后重新加载生效 nginx -s reopen :重新打开日志文件 nginx -c /path/to/nginx.conf 指定配置文件启动nginx nginx -t -c /path/to/nginx.conf 测试nginx配置文件, 但不启动 #关闭nginx: nginx -s stop :快速停止 nginx -s quit :完整有序的停止
其他的停止nginx 方式:
ps -ef | grep nginx kill -QUIT 主进程号 :从容停止Nginx kill -TERM 主进程号 :快速停止Nginx pkill -9 nginx :强制停止Nginx
参考资料
http://ilz.me/2015/04/29/nginx-190-make/ Nginx1.9.0编译安装过程, 带geoip的编译
http://www.cnblogs.com/zhuhongbao/archive/2013/06/04/3118061.html nginx1.2.8版本的安装及配置
使用非root用户启动/关闭Nginx
首先把nginx的owner设为tomcat
sudo chown -R tomcat:tomcat /opt/nginx
更精确一点, 需要设置owner为tomcat的目录包括: fastcgi_temp, log 和 proxy_temp, 目录的权限详细为:
[root@bogon nginx]# ll total 36 drwx------ 2 nginx root 4096 Dec 26 16:44 client_body_temp drwxr-xr-x 3 root root 4096 Jan 13 21:36 conf drwx------ 2 tomcat tomcat 4096 Dec 26 16:44 fastcgi_temp drwxr-xr-x 2 root root 4096 Dec 26 16:44 html drwxr-xr-x 2 tomcat tomcat 4096 Jan 13 01:46 logs drwx------ 12 tomcat tomcat 4096 Jan 13 21:20 proxy_temp drwxr-xr-x 2 root root 4096 Dec 26 16:44 sbin drwx------ 2 nginx root 4096 Dec 26 16:44 scgi_temp drwx------ 2 nginx root 4096 Dec 26 16:44 uwsgi_temp
使用非root用户启动nginx出现端口绑定权限错误的处理
错误: nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
参考 https://wiki.apache.org/httpd/NonRootPortBinding
1. 通过setcap
这个方法需要较高的内核版本: Requires a not-ancient linux kernel (2.6.24 or later), Centos6及以上可以
# sudo setcap cap_net_bind_service=+ep /opt/nginx/sbin/nginx
检查是否capability is added:
# getcap /opt/nginx/sbin/nginx
/opt/nginx/sbin/nginx = cap_net_bind_service+ep
2. 较通用的办法, 通过iptables, nat based method to redirect traffic from port 80 to 8080.
例如
# iptables -t nat -A PREROUTING -d <ip> -p tcp --dport 80 -m addrtype --dst-type LOCAL -j DNAT --to-destination <ip>:8080 # iptables -t nat -A OUTPUT -d <ip> -p tcp --dport 80 -m addrtype --dst-type LOCAL -j DNAT --to-destination <ip>:8080 or # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport http -j REDIRECT --to-ports 8080 # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 843 -j REDIRECT --to-port 8430 # iptables-save # this redirects incoming connections on port 843 to port 8430
附: iptable参数说明: http://ipset.netfilter.org/iptables.man.html https://help.ubuntu.com/community/IptablesHowTo
Nginx配置
#user tomcat; worker_processes 1; #启动进程,通常设置成和cpu的数量相等 #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; pid logs/nginx.pid; events { use epoll; #epoll是多路复用IO(I/O Multiplexing)中的一种方式, 仅用于linux2.6以上内核, 可提高nginx性能 worker_connections 1024; } http { include mime.types; #设定mime类型,类型由mime.type文件定义 default_type application/octet-stream; # 日志格式, 如果access_log 或者是虚拟主机里的access_log启用了, 这个也要启用, 否则启动时会有警告 log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #指令指定 nginx 是否调用 sendfile 函数(zero copy 方式)来输出文件. 对于普通应用必须设为 on, 如果用来进行下载等应用磁盘IO重负载应用可设置为 off, 以平衡磁盘与网络I/O处理速度, 降低系统的uptime. #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #连接超时时间 gzip on; #开启gzip压缩 server { listen 10080; server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; #默认请求 location / { root html; #定义服务器的默认网站根目录位置 index index.html index.htm; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ .php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ .php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # 增加同端口不同域名的虚拟主机 # 可以放到子目录下再include进来, 如 include vhost/cc.com.conf; server { listen 10080; server_name demo.rb.com; location / { root /var/www/html; index index.html index.htm index.php; } location /images/ { # 使用root时, 服务器会去找 /opt/nginx/html/images 目录 root /opt/nginx/html; } location /images2/ { # 使用alias时, 服务器找的才是/opt/nginx/html目录 # 这是一个严格的匹配, 所以如果location 以/结束, 下面的alias也要以/结束 alias /opt/nginx/html/; } access_log logs/demo.rb.com.access.log main; } # HTTPS server # #server { # listen 443 ssl; # server_name localhost; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #} }
开启 stub status
在nginx.conf的server块中添加如下代码 location /nginx_status { # Turn on nginx stats stub_status on; # I do not need logs for stats access_log off; # Security: Only allow access from 192.168.1.100 IP # #allow 192.168.1.100; # Send rest of the world to /dev/null # #deny all; } 这段代码是加在默认的server里的, 假设默认server的配置为 listen 127.0.0.1:80; server_name 127.0.0.1; 那么访问nginx的状态,就可以通过 curl 127.0.0.1/nginx_status访问了
自定义启动脚本
if [ $(ps -ef |grep "nginx" |grep -v "grep" |wc -l) -gt 0 ];then echo "Trying to quit existing nginx processes..." if $(/opt/nginx/sbin/nginx -s quit);then echo "Nginx quited." else echo "Failed to quietly quit Nginx." if $(/opt/nginx/sbin/nginx -s stop);then echo "Nginx stopped." else echo "Failed to stop Nginx, please kill the process." exit 1 fi fi else echo "No existing Nginx processes." fi echo "Starting the nginx service..." if $(/opt/nginx/sbin/nginx);then echo "Nginx started." else echo "Failed to start Nginx." fi
一个用于添加到init.d服务的nginx服务脚本(未测试)
#!/bin/bash # nginx Startup script for the Nginx HTTP Server # this script create it by ivan at 2010.12.29. # # chkconfig: - 85 15 # description: Nginx is a high-performance web and proxy server. # It has a lot of features, but it's not for everyone. # processname: nginx # pidfile: /var/run/nginx.pid # config: /etc/nginx.conf nginxd=/usr/local/nginx/sbin/nginx nginx_config=/usr/local/nginx/conf/nginx.conf nginx_pid=/usr/local/nginx/run/nginx.pid RETVAL=0 prog="nginx" # Source function library. . /etc/rc.d/init.d/functions # Source networking configuration. . /etc/sysconfig/network # Check that networking is up. [ ${NETWORKING} = "no" ] && exit 0 [ -x $nginxd ] || exit 0 # Start nginx daemons functions. start(){ if [ -e $nginx_pid ]; then echo "nginx already running..." exit 1 fi echo -n $"Starting $prog:" daemon $nginxd -c ${nginx_config} RETVAL=$? echo [ $RETVAL = 0 ] && touch /var/lock/subsys/nginx return $RETVAL } # Stop nginx daemons functions. stop(){ echo -n $"Stopping $prog:" killproc $nginxd RETVAL=$? echo [ $RETVAL = 0 ] && rm -f /var/lock/subsys/nginx $nginx_pid } #reload nginx service functions. reload(){ echo -n $"Reloading $proc:" killproc $nginxd -HUP RETVAL=$? echo } # See how we were called. case "$1" in start) start ;; stop) stop ;; reload) reload ;; restart) stop start ;; status) status $prog RETVAL=$? ;; *) echo $"Usage: $prog {start|stop|restart|reload|status|help}" exit 1 esac exit $RETVAL
让日志文件名按日期生成
if ($time_iso8601 ~ "^(d{4})-(d{2})-(d{2})") { set $year $1; set $month $2; set $day $3; } access_log /var/log/nginx/$year-$month-$day-access.log;
让日志记录cookie
set $dm_cookie ""; if ($http_cookie ~* "(.+)(?:;|$)") { set $dm_cookie $1; } # 然后在日志格式中添加 $dm_cookie