nginx一键安装脚本
2024-04-26 15:00:22
nginx一键安装脚本
[root@cc nginx]# cat nginx_install.sh
#!/bin/bash
# > File Name: nginx_install.sh
# > Author: cc
# > mail: 547253687@qq.com
# > Created Time: Fri 16 Nov 2018 11:02:58 AM CSTINSTALL_DIR=/usr/local
SRC_DIR=/root
NGINX_LUA="nginx-tengine+lua"
GEOIP="GeoIP-1.4.8"
SOCK="sock"
CONF="/root/nginx-tengine+lua/conf"
NGINX_DIR="/usr/local/tengine"
system_version=`grep -o "[0-9].*[0-9]" /etc/redhat-release | awk '{print int($0)}'`[ ! -d ${INSTALL_DIR} ] && mkdir -p ${INSTALL_DIR}
[ ! -d ${SRC_DIR} ] && mkdir -p ${SRC_DIR}
[ ! -d ${SRC_DIR}$SOCK ] && mkdir -p ${INSTALL_DIR}/$SOCKif [ $(id -u) != "0" ]; thenecho "Error: you must be root to run this script!"exit 1
fi##颜色输出函数
red_echo(){local what=$*echo -e "\e[1;31m ********************* \e[0m"echo -e "\e[1;31m ${what} \e[0m"echo -e "\e[1;31m ********************* \e[0m"
}
blue_echo()
{local what=$*echo -e "\e[1;32m --------------------- \e[0m"echo -e "\e[1;32m ${what} \e[0m"echo -e "\e[1;32m --------------------- \e[0m"
}##yum安装相关变量包
Install_Package()
{
for Package in lrzsz openssl-devel zlib zlib-devel pcre pcre-devel geoip-devel patch iptables iptables-services c++ gcc-c++ telnet curl curl-devel vim make wget lua lua-devel tcl ipset patch ntpdate
doyum -y install $Package
done
}If_Success()
{
if [ $? -eq 0 ]thenecho -e "\033[32m ------------------- \033[0m"echo -e "\033[32m $1 $2 Success!!! \033[0m"echo -e "\033[32m ------------------- \033[0m"
else echo -e "\033[31m ******************* \033[0m"echo -e "\033[31m $1 $2 Failure!!! \033[0m"echo -e "\033[31m ******************* \033[0m"
fi
sleep 5
}##centos7以下手动编译Geoip库,在下面函数将此函数调用即可
If_GeoIp()
{
cd ${SRC_DIR}/${NGINX_LUA}/${GEOIP}
./configure
If_Success "Configure" "GeoIp"
make
If_Success "Make" "GeoIp"
make install
If_Success "Install" "GeoIp"
}Install_Nginx()
{
NGINX="tengine-2.2.2"
PCRE="pcre-8.40"
ZLIB="zlib-1.2.11"
OPENSSL="openssl-1.0.2p"
ACCESSKEY="nginx-accesskey-2.0.3"##解压准备好的包
cd ${SRC_DIR}
echo "Extracting ${NGINX_LUA}"
tar -xzf ${NGINX_LUA}.tar.gz
cd ${SRC_DIR}/${NGINX_LUA}
echo "Done..."##下载安装包
:<<!
cd ${SRC_DIR}/${NGINX_LUA}
echo 'Downloading NGINX'
if [ ! -f ${NGINX}.tar.gz ]
thenwget -c http://nginx.org/download/${NGINX}.tar.gz
elseecho 'Skipping: NGINX already downloaded'
fiecho 'Downloading PCRE'
if [ ! -f ${PCRE}.tar.gz ]
thenwget -c https://sourceforge.net/projects/pcre/files/pcre/8.35/${PCRE}.tar.gz
elseecho 'Skipping: PCRE already downloaded'
fiecho 'Downloading ZLIB'
if [ ! -f ${ZLIB}.tar.gz ]
thenwget -c http://zlib.net/${ZLIB}.tar.gz
elseecho 'Skipping: ZLIB already downloaded'
fiecho 'Downloading OPENSSL'
if [ ! -f ${OPENSSL}.tar.gz ]
thenwget -c http://www.openssl.org/source/${OPENSSL}.tar.gz
elseecho 'Skipping: OPENSSL already downloaded'
fiecho '----------Unpacking downloaded archives. This process may take serveral minutes---------'echo "Extracting ${NGINX}..."
tar xzf ${NGINX}.tar.gz
echo 'Done.'echo "Extracting ${PCRE}..."
tar xzf ${PCRE}.tar.gz
echo 'Done.'echo "Extracting ${ZLIB}..."
tar xzf ${ZLIB}.tar.gz
echo 'Done.'echo "Extracting ${OPENSSL}..."
tar xzf ${OPENSSL}.tar.gz
echo 'Done.'
!##创建用户
groupadd nginx
useradd -g nginx nginx##系统为7以下时打开
if [ $system_version -ne 7 ]
thenIf_GeoIp
elseecho "pass..."
fi##编译
echo '###################'
echo 'Compile NGINX'
echo '###################'
cd ${SRC_DIR}/${NGINX_LUA}/${NGINX}
./configure --prefix=${INSTALL_DIR}/tengine \
--user=nginx --group=nginx \
--lock-path=/var/run/nginx.lock \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/var/run/nginx.pid \
--with-http_secure_link_module \
--with-http_random_index_module \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_gzip_static_module \
--with-http_stub_status_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_auth_request_module \
--with-http_v2_module \
--with-http_addition_module \
--with-http_sub_module \
--with-file-aio \
--with-http_geoip_module \
--with-pcre=../${PCRE} \
--with-openssl=../${OPENSSL} \
--with-zlib=../${ZLIB} \
--add-module=../ngx_cache_purge-master \
--add-module=../echo-nginx-module \
--add-module=../file-md5-master \
--add-module=../${ACCESSKEY} \
--add-module=../lua-nginx-module-master \
--add-module=../nginx_tcp_proxy_module-master \
--with-cc-opt='-O2 -g -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' \
--with-ld-opt=-Wl,-rpath,/usr/local/lib
If_Success "Configure"make
If_Success "Make" "NGINX"make install
If_Success "Install" "NGINX"
}##创建sock
Create_Sock()
{
SOCKPACK="sockproc-master"
SHELL="shell"cd ${SRC_DIR}/${NGINX_LUA}/${SOCKPACK}
chmod u+x sockproc
./sockproc /tmp/$SHELL.sock
chmod 0666 /tmp/$SHELL.sock
}##安装redis
Install_Redis()
{
REDIS="redis-5.0.0"
WORK_REDIS="/etc/redis"[ ! -d ${WORK_REDIS} ] && mkdir -p ${WORK_REDIS}cd ${SRC_DIR}/${NGINX_LUA}
echo 'Downloading Redis...'
if [ ! -f ${REDIS}.tar.gz ]
thenwget -c http://download.redis.io/releases/${REDIS}.tar.gz
elseecho "Skipping: REDIS already downloaded..."
fi
echo "Extracting ${REDIS}..."
tar xzf ${REDIS}.tar.gz -C ${INSTALL_DIR}
echo "Done..."cd ${INSTALL_DIR}/${REDIS}
make
If_Success "Make" "REDIS"
make install
If_Success "Install" "REDIS"cd ${INSTALL_DIR}/${REDIS}/src
cp -a redis-server redis-benchmark redis-cli ${WORK_REDIS}
cp -a ${CONF}/redis.conf ${WORK_REDIS}
cd ${WORK_REDIS}
./redis-server redis.conf > /dev/null 2>&1 &
sleep 3
netstat -tunlp | grep redis > /dev/null 2>&1
if [ $? -eq 0 ]
thenblue_echo "Redis in started..."
elsered_echo "Error:Redis started failed..."
fi
}##安装ipset以及创建ipset表
Install_Ipset()
{
IPSET="ipset-6.38"
IPTABLES_CONF="/etc/sysconfig"
IPSET_CONF="/usr/local/ipset"##安装
cd ${SRC_DIR}/${NGINX_LUA}
ipset version > /dev/null 2>&1
if [ $? -ne 0 ]
thenwget http://ipset.netfilter.org/${IPSET}.tar.bz2echo "Extracting ${IPSET}..."tar xf ${SRC_DIR}/${NGINX_LUA}/${IPSET}.tar.bz2echo "Done..."cd ${SRC_DIR}/${NGINX_LUA}/${IPSET}./configure > /dev/null 2>&1if [ $? -eq 0 ]thenIf_Success "Configure" "IPSET"makeIf_Success "Make" "IPSET"make installIf_Success "Install" "IPSET"elsewget http://www.rpmfind.net/linux/centos/6.10/updates/x86_64/Packages/kernel-devel-2.6.32-754.3.5.el6.x86_64.rpmrpm -ivh kernel-devel-2.6.32-754.3.5.el6.x86_64.rpm./configureIf_Success "Configure" "IPSET"makeIf_Success "Make" "IPSET"make installIf_Success "Install" "IPSET"fi
elseecho "Skipping: IPSET already install..."
fi##创建
ipset create timeout hash:ip maxelem 100000 timeout 300 ##参数说明,timeout是表(集合)名,以 hash 方式存储,存储内容是 IP 地址,ipset默认可以存储65536个element,使用maxelem指定数量,只存放300秒,即300秒后解除限制
ipset create bmd hash:ip maxelem 100000 ##白名单列表,永久生效
ipset create black hash:ip maxelem 100000 ##黑名单,永久限制
ipset create ssh hash:ip maxelem 100000 ##办公出口ip表##添加ssh白名单
ipset add ssh 192.168.2.200##添加防火墙规则
/usr/bin/systemctl stop firewalld.service > /dev/null 2>&1
/usr/bin/systemctl disable firewalld.service > /dev/null 2>&1
\cp -a ${CONF}/iptables* ${IPTABLES_CONF}
if [ $system_version -eq 7 ]
then/usr/bin/systemctl restart iptables > /dev/null 2>&1if [ $? -eq 0 ]theniptables -I INPUT -m set --match-set timeout src -j DROP #添加定时黑名单iptables -I INPUT -m set --match-set black src -j DROP #添加黑名单iptables -I INPUT -m set --match-set bmd src -j ACCEPT #添加白名单iptables -I INPUT -m set --match-set ssh src -p tcp --destination-port 22 -j ACCEPT #创建防火墙规则,与此同时,允许ssh这个ipset里的ip访问22端口iptables -I INPUT -p tcp --dport 80 -j ACCEPT #允许80访问iptables -I INPUT -p tcp --dport 443 -j ACCEPT #允许443访问service iptables save/usr/bin/systemctl restart iptables > /dev/null 2>&1if [ $? -eq 0 ]thenblue_echo "Iptables is started..."elsered_echo "Error:Iptables started failed..."fielsered_echo "Error:Iptables started failed..."fi
elseservice iptables restart > /dev/null 2>&1if [ $? -eq 0 ]theniptables -I INPUT -m set --match-set timeout src -j DROP #添加定时黑名单iptables -I INPUT -m set --match-set black src -j DROP #添加黑名单iptables -I INPUT -m set --match-set bmd src -j ACCEPT #添加白名单iptables -I INPUT -m set --match-set ssh src -p tcp --destination-port 22 -j ACCEPT #创建防火墙规则,与此同时,允许ssh这个ipset里的ip访问22端口iptables -I INPUT -p tcp --dport 80 -j ACCEPT #允许80访问iptables -I INPUT -p tcp --dport 443 -j ACCEPT #允许443访问service iptables saveservice iptables restart > /dev/null 2>&1if [ $? -eq 0 ]thenblue_echo "IPTALBES is started..."elsered_echo "Error:Iptables started failed..."fielsered_echo "Error:Iptables started failed..."fi
fi##配置文件持久化
[ ! -d ${IPSET_CONF} ] && mkdir -p ${IPSET_CONF}echo '''0 */8 * * * /usr/sbin/ntpdate ntp1.aliyun.com;/sbin/hwclock -w
*/1 * * * * /usr/sbin/ipset save black > /usr/local/ipset/black.txt
*/1 * * * * /usr/sbin/ipset save timeout > /usr/local/ipset/timeout.txt
*/1 * * * * /usr/sbin/ipset save bmd > /usr/local/ipset/bmd.txt
*/1 * * * * /usr/sbin/ipset save ssh > /usr/local/ipset/ssh.txt''' >> /var/spool/cron/root
}##系统优化
System_Optimization()
{
echo ulimit -n 65535 >> /etc/profile
source /etc/profile
echo '''fs.nr_open = 1048576
fs.nr_open = 1048576
fs.file-max = 51200
net.ipv4.tcp_congestion_control = hybla
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_synack_retries = 3
net.ipv4.tcp_syn_retries = 3
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 30
kernel.pid_max = 32768
#net.ipv4.ip_conntrack_max = 10240
net.ipv4.ip_local_port_range = 1024 65535
vm.overcommit_memory=1''' >> /etc/sysctl.conf
sysctl -pcp -a /etc/security/limits.conf /etc/security/limits.conf.bak
echo '''* soft nofile 65535
* hard nofile 65535
* soft nproc 65535
* hard nproc 65535''' >> /etc/security/limits.confcp -a /etc/security/limits.d/20-nproc.conf /etc/security/limits.d/20-nproc.conf.bak
echo '''* soft nproc 65535
root soft nproc unlimited''' > /etc/security/limits.d/20-nproc.conf
}##拷贝文件
Copy_File()
{
NGINX_FILE="/root/nginx-tengine+lua"mkdir -p /home/nginx/logs
mkdir -p /data/proxy_cache_path
mkdir -p /data/proxy_temp_path
chown nginx:nginx /data -Rcd ${NGINX_FILE}
\cp -a geoip lua lualib ${NGINX_DIR}/conf
\cp -a ${CONF}/nginx.conf ${NGINX_DIR}/conf
mkdir ${NGINX_DIR}/conf/vhostschown nginx:nginx ${NGINX_DIR} -R
}##启动nginx
NGINX_START()
{
${NGINX_DIR}/sbin/nginx
if [ $? -eq 0 ]
then blue_echo "Nginx is started..."
elsered_echo "Error:Nginx started faild..."
fi
}Install_Package
Install_Nginx
Create_Sock
Install_Redis
Install_Ipset
System_Optimization
Copy_File
NGINX_START
开机脚本
[root@cc nginx]# cat inotify.sh
#!/bin/bash
# > File Name: inotify.sh
# > Author: cc
# > mail: 547253687@qq.com
# > Created Time: Fri 16 Nov 2018 11:02:58 AM CSTsystem_version=`grep -o "[0-9].*[0-9]" /etc/redhat-release | awk '{print int($0)}'`rm -rf /usr/local/ipset/shell.sock && /root/nginx-tengine+lua/sockproc-master/sockproc /tmp/shell.sock && chmod 0666 /tmp/shell.sock
/etc/redis/redis-server /etc/redis/redis.conf >/dev/null 2>&1 &
/usr/sbin/ipset restore </usr/local/ipset/black.txt
/usr/sbin/ipset restore </usr/local/ipset/timeout.txt
/usr/sbin/ipset restore </usr/local/ipset/bmd.txt
/usr/sbin/ipset restore </usr/local/ipset/ssh.txtif [ $system_version -eq 7 ]
then/usr/bin/systemctl restart iptables
else/sbin/service iptables restart
fi
转载于:https://www.cnblogs.com/jcici/p/9990565.html
nginx一键安装脚本相关推荐
- nginx服务安装 附一键安装脚本
一.手动安装 yLinux(CentOS7.X)安装Nginx 二.一键安装脚本 #!/bin/bash#关闭firewalld防火墙 systemctl stop firewalld systemc ...
- linux安装yum的脚本,lnmp一键安装脚本yum方式快速安装
自己编写的yum安装方式的LNMP一键安装脚本,yum方式安装,速度非常快,目前只有centos版本,其他系统没有弄. Centos5 chmod +x lnmp.sh sh lnmp.sh Cent ...
- zabbix一键安装脚本
一.lnmp一键安装脚本 注: /root/目下下需要准备好nginx-1.10.2.tar.gz和php-5.5.38.tar.gz软件包#!/bin/bash#================== ...
- 内网穿透神器Frps一键安装脚本及设置教程
frps 是一个高性能的反向代理应用,可以帮助您轻松地进行内网穿透,对外网提供服务,支持 tcp, http, https 等协议类型,并且 web 服务支持根据域名进行路由转发. *因为frps是g ...
- CentOS7下pptp ***一键安装脚本
CentOS 6.7下pptp ***一键安装脚本,安装如下: wget http://mirrors.linuxeye.com/scripts/***_centos.sh chmod +x ./** ...
- mysql脚本简书,mysql一键安装脚本
#!/bin/bash #MySQL一键安装脚本 #脚本运行前请确认本机没有安装其他版本的MySQL #运行脚本前请详细阅读my.cnf文件 PASSWORD=`cat my.cnf | grep p ...
- Nginx自动安装脚本
如下脚本为Nginx自动安装脚本,仅供参考,可以根据实际情况修改,这里使用case方式,真实环境安装可以去掉case这种模式,全自动安装. #!/bin/sh ###nginx install she ...
- *** Python版一键安装脚本
本脚本适用环境: 系统支持:CentOS 6,7,Debian,Ubuntu 内存要求:≥128M 日期:2018 年 02 月 07 日 关于本脚本: 一键安装 Python 版 *** 的最新版. ...
- NPS内网穿透服务端一键安装脚本
NPS内网穿透服务端一键安装脚本,支持安装,更新,卸载以及重新生成配置文件,基于官方GitHub制作,自动安装最新版本 作者博客链接 脚本概览 安装 wget https://content.928w ...
最新文章
- 扫描服务器端口信息工具,服务器端口扫描工具
- Python奇遇记:数据结构窥探2
- 第 3 章 kickstart
- .Net开源 Shuttle(飞梭)服务总线(ESB)入门
- SOFAMosn 无损重启/升级
- P1433 吃奶酪(状压dp)
- 3 Python os 文件和目录
- iOS 16要来了:速度更快、UI改动明显?苹果WWDC大会或将在线下举行
- 《MATLAB R2012a超级学习手册》一第1章 MATLAB概述
- mvc% html.%,MVC的html.doc
- HTTP响应码与HTTP头标
- Protel技巧之设计原理图模块化
- CAD图清晰打印设置
- 微信小程序实现tab选项卡
- poj 1287 Networking(最小生成树)
- 使用开源文档工具docsify,用写博客的姿势写文档
- 十八个著名的心理学效应,生活中你一定用的到
- matlab如何寻找兼职
- C#如何将汉字转换成拼音
- 89c51控制小车运行c语言,STC89C52单片机蓝牙遥控小车代码