下载文件
http://nginx.org/en/download.html 下载 nginx-1.9.3.tar.gz
安装Nginx
安装
一、安装nginx时必须先安装相应的编译工具
yum -y install gcc gcc-c++yum -y install zlib zlib-devel openssl openssl-devel pcre-devel 建立nginx 组
groupadd -r nginx
# -r 表示创建的是系统组
useradd -s /sbin/nologin -g nginx -r nginx
# -r 表示创建的是系统用户
id nginx
# 即使用其他用户启动nginx, 也必须创建nginx用户和用户组, 否则会出现 nginx: [emerg] getpwnam("nginx") failed 错误 zlib:nginx提供gzip模块,需要zlib库支持
openssl:nginx提供ssl功能
pcre:支持地址重写rewrite功能 二、tar -zxvf nginx-1.9.3.tar.gz 三、cd nginx-1.9. 四、./configure \
--prefix=/usr \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--pid-path=/var/run/nginx/nginx.pid \
--user=nginx \
--group=nginx \
--with-http_ssl_module \
--with-http_flv_module \
--with-http_gzip_static_module \
--http-log-path=/var/log/nginx/access.log \
--http-client-body-temp-path=/var/tmp/nginx/client \
--http-proxy-temp-path=/var/tmp/nginx/proxy \
--http-fastcgi-temp-path=/var/tmp/nginx/fcgi \
--with-http_stub_status_module 我用的参数是
./configure --prefix=/opt/nginx --user=nginx --group=nginx --with-http_gzip_static_module --with-pcre --with-http_ssl_module --with-stream --with-stream_ssl_module 五、make && make install
如果openssl是编译安装的, 使用以下命令
./configure --prefix=/opt/nginx --user=nginx --group=nginx --with-http_gzip_static_module --with-pcre --with-http_ssl_module --with-openssl=/usr/src/openssl-1.0.1p/ --with-http_stub_status_module --with-stream --with-stream_ssl_module # stub_status模块主要用于查看Nginx的一些状态信息
# with-openssl 指定 openssl 的源码目录
启动关闭
#启动nginx sudo /opt/nginx/sbin/nginx #查看nginx进程
ps aux|grep nginx nginx -s reload :修改配置后重新加载生效
nginx -s reopen :重新打开日志文件 nginx -c /path/to/nginx.conf 指定配置文件启动nginx
nginx -t -c /path/to/nginx.conf 测试nginx配置文件, 但不启动 #关闭nginx:
nginx -s stop :快速停止
nginx -s quit :完整有序的停止
其他的停止nginx 方式:
ps -ef | grep nginx
kill -QUIT 主进程号 :从容停止Nginx
kill -TERM 主进程号 :快速停止Nginx
pkill - nginx :强制停止Nginx
参考资料
http://ilz.me/2015/04/29/nginx-190-make/ Nginx1.9.0编译安装过程, 带geoip的编译
http://www.cnblogs.com/zhuhongbao/archive/2013/06/04/3118061.html nginx1.2.8版本的安装及配置
使用非root用户启动/关闭Nginx
首先把nginx的owner设为tomcat
sudo chown -R tomcat:tomcat /opt/nginx
更精确一点, 需要设置owner为tomcat的目录包括: fastcgi_temp, log 和 proxy_temp, 目录的权限详细为:
[root@bogon nginx]# ll
total
drwx------ nginx root Dec : client_body_temp
drwxr-xr-x root root Jan : conf
drwx------ tomcat tomcat Dec : fastcgi_temp
drwxr-xr-x root root Dec : html
drwxr-xr-x tomcat tomcat Jan : logs
drwx------ tomcat tomcat Jan : proxy_temp
drwxr-xr-x root root Dec : sbin
drwx------ nginx root Dec : scgi_temp
drwx------ nginx root Dec : uwsgi_temp
使用非root用户启动nginx出现端口绑定权限错误的处理
错误: nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
参考 https://wiki.apache.org/httpd/NonRootPortBinding
1. 通过setcap
这个方法需要较高的内核版本: Requires a not-ancient linux kernel (2.6.24 or later), Centos6及以上可以
# sudo setcap cap_net_bind_service=+ep /opt/nginx/sbin/nginx
检查是否capability is added:
# getcap /opt/nginx/sbin/nginx
/opt/nginx/sbin/nginx = cap_net_bind_service+ep
2. 较通用的办法, 通过iptables, nat based method to redirect traffic from port 80 to 8080.
例如
# iptables -t nat -A PREROUTING -d <ip> -p tcp --dport -m addrtype --dst-type LOCAL -j DNAT --to-destination <ip>:
# iptables -t nat -A OUTPUT -d <ip> -p tcp --dport -m addrtype --dst-type LOCAL -j DNAT --to-destination <ip>:
or
# iptables -t nat -A PREROUTING -i eth0 -p tcp --dport http -j REDIRECT --to-ports
# iptables -t nat -A PREROUTING -i eth0 -p tcp --dport -j REDIRECT --to-port
# iptables-save
# this redirects incoming connections on port to port
附: iptable参数说明: http://ipset.netfilter.org/iptables.man.html https://help.ubuntu.com/community/IptablesHowTo
Nginx配置
#user tomcat;
worker_processes ; #启动进程,通常设置成和cpu的数量相等 #error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info; pid logs/nginx.pid; events {
use epoll; #epoll是多路复用IO(I/O Multiplexing)中的一种方式, 仅用于linux2.6以上内核, 可提高nginx性能
worker_connections ;
} http {
include mime.types; #设定mime类型,类型由mime.type文件定义
default_type application/octet-stream; # 日志格式, 如果access_log 或者是虚拟主机里的access_log启用了, 这个也要启用, 否则启动时会有警告
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #指令指定 nginx 是否调用 sendfile 函数(zero copy 方式)来输出文件. 对于普通应用必须设为 on, 如果用来进行下载等应用磁盘IO重负载应用可设置为 off, 以平衡磁盘与网络I/O处理速度, 降低系统的uptime.
#tcp_nopush on; #keepalive_timeout ;
keepalive_timeout ; #连接超时时间 gzip on; #开启gzip压缩 server {
listen ;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main; #默认请求
location / {
root html; #定义服务器的默认网站根目录位置
index index.html index.htm;
} #error_page /.html;
# redirect server error pages to the static page /50x.html
error_page /50x.html;
location = /50x.html {
root html;
} # proxy the PHP scripts to Apache listening on 127.0.0.1:
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#} # deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
} # another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen ;
# listen somename:;
# server_name somename alias another.alias; # location / {
# root html;
# index index.html index.htm;
# }
#} # 增加同端口不同域名的虚拟主机
# 可以放到子目录下再include进来, 如 include vhost/cc.com.conf;
server {
listen ;
server_name demo.rb.com;
location / {
root /var/www/html;
index index.html index.htm index.php;
}
location /images/ {
# 使用root时, 服务器会去找 /opt/nginx/html/images 目录
root /opt/nginx/html;
}
location /images2/ {
# 使用alias时, 服务器找的才是/opt/nginx/html目录
# 这是一个严格的匹配, 所以如果location 以/结束, 下面的alias也要以/结束
alias /opt/nginx/html/;
}
access_log logs/demo.rb.com.access.log main;
} # HTTPS server
#
#server {
# listen ssl;
# server_name localhost; # ssl_certificate cert.pem;
# ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on; # location / {
# root html;
# index index.html index.htm;
# }
#} }
开启 stub status
在nginx.conf的server块中添加如下代码
location /nginx_status {
# Turn on nginx stats
stub_status on;
# I do not need logs for stats
access_log off;
# Security: Only allow access from 192.168.1.100 IP #
#allow 192.168.1.100;
# Send rest of the world to /dev/null #
#deny all;
}
这段代码是加在默认的server里的,
假设默认server的配置为
listen 127.0.0.1:;
server_name 127.0.0.1;
那么访问nginx的状态,就可以通过 curl 127.0.0.1/nginx_status访问了
自定义启动脚本
if [ $(ps -ef |grep "nginx" |grep -v "grep" |wc -l) -gt ];then
echo "Trying to quit existing nginx processes..."
if $(/opt/nginx/sbin/nginx -s quit);then
echo "Nginx quited."
else
echo "Failed to quietly quit Nginx."
if $(/opt/nginx/sbin/nginx -s stop);then
echo "Nginx stopped."
else
echo "Failed to stop Nginx, please kill the process."
exit
fi
fi
else
echo "No existing Nginx processes."
fi echo "Starting the nginx service..."
if $(/opt/nginx/sbin/nginx);then
echo "Nginx started."
else
echo "Failed to start Nginx."
fi
一个用于添加到init.d服务的nginx服务脚本(未测试)
#!/bin/bash
# nginx Startup script for the Nginx HTTP Server
# this script create it by ivan at 2010.12..
#
# chkconfig: -
# description: Nginx is a high-performance web and proxy server.
# It has a lot of features, but it's not for everyone.
# processname: nginx
# pidfile: /var/run/nginx.pid
# config: /etc/nginx.conf nginxd=/usr/local/nginx/sbin/nginx
nginx_config=/usr/local/nginx/conf/nginx.conf
nginx_pid=/usr/local/nginx/run/nginx.pid RETVAL=
prog="nginx" # Source function library.
. /etc/rc.d/init.d/functions # Source networking configuration.
. /etc/sysconfig/network # Check that networking is up.
[ ${NETWORKING} = "no" ] && exit
[ -x $nginxd ] || exit # Start nginx daemons functions.
start(){ if [ -e $nginx_pid ]; then
echo "nginx already running..."
exit
fi
echo -n $"Starting $prog:"
daemon $nginxd -c ${nginx_config}
RETVAL=$?
echo
[ $RETVAL = ] && touch /var/lock/subsys/nginx
return $RETVAL
} # Stop nginx daemons functions.
stop(){
echo -n $"Stopping $prog:"
killproc $nginxd
RETVAL=$?
echo
[ $RETVAL = ] && rm -f /var/lock/subsys/nginx $nginx_pid
} #reload nginx service functions.
reload(){
echo -n $"Reloading $proc:"
killproc $nginxd -HUP
RETVAL=$?
echo
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
stop
start
;;
status)
status $prog
RETVAL=$?
;;
*)
echo $"Usage: $prog {start|stop|restart|reload|status|help}"
exit
esac exit $RETVAL
让日志文件名按日期生成
if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})") {
set $year $;
set $month $;
set $day $;
}
access_log /var/log/nginx/$year-$month-$day-access.log;
让日志记录cookie
set $dm_cookie "";
if ($http_cookie ~* "(.+)(?:;|$)") {
set $dm_cookie $;
} # 然后在日志格式中添加 $dm_cookie