yum install gcc-c++
yum install -y pcre pcre-devel
yum install -y zlib zlib-devel
yum install -y openssl openssl-devel
官網:https://nginx.org/en/download.html
選擇安裝包右鍵複製鏈接地址。執行wget -c "複製的鏈接地址",例如:
wget -c https://nginx.org/download/nginx-1.17.0.tar.gz
tar -zxvf nginx-1.17.0.tar.gz
cd nginx-1.17.0
./configure
make
make install
查看安裝路徑:
whereis nginx
啓動、停止nginx
cd /usr/local/nginx/sbin/
./nginx
./nginx -s stop
./nginx -s quit
./nginx -s reload
./nginx -s quit
:此方式停止步驟是待nginx進程處理任務完畢進行停止。./nginx -s stop
:此方式相當於先查出nginx進程id再使用kill命令強制殺掉進程。
查詢nginx進程:
ps aux|grep nginx
開機自啓動
即在rc.local
增加啓動代碼就可以了。
vi /etc/rc.local
增加一行 /usr/local/nginx/sbin/nginx
設置執行權限:
chmod 755 rc.local
打開/usr/local/nginx/conf/nginx.conf可以看到nginx默認端口爲80,防火牆開放80端口並重啓:
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --reload
在瀏覽器輸入http://ip:80查看
配置Nginx的SSL模塊
Nginx如果未開啓SSL模塊,配置Https時提示錯誤
1,cd到源碼包
cd /data/nginx/
2,查看nginx原有模塊
/usr/local/nginx/sbin/nginx -V
3,配置並編譯
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
make
4,這裏不進行make install操作,否則會覆蓋安裝,可以先備份原來的nginx
cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak
5,將剛剛編譯好的nginx覆蓋掉原有的nginx(這個時候nginx要停止狀態)
cp ./objs/nginx /usr/local/nginx/sbin/
6,然後啓動nginx,仍可以通過第二步的命令查看是否已經加入成功
Nginx SSL性能調優
1 2 3 4 5 |
|
最後附上部分nginx配置
server {
listen 80;
server_name test.com;
rewrite ^(.*)$ https://$server_name$1 permanent;
}
server {
listen 443 ssl;
server_name test.com;
ssl_certificate ../cert/test.pem;
ssl_certificate_key ../cert/test.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
server {
listen 80;
server_name son.test.com;
rewrite ^(.*)$ https://$server_name$1 permanent;
}
server {
listen 443 ssl;
server_name son.test.com;
ssl_certificate ../cert/son.pem;
ssl_certificate_key ../cert/son.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
tcp_nodelay on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:18001;
}
}