centos7.4源码安装nginx-1.16.1 及NGINX最全配置 缓存缩略图4层转发
一、环境与下载
1、环境
系统:centos7.4
软件: nginx-1.16.1 ngx_cache_purge-2.3.tar.gz
2、下载地址
http://nginx.org/download/nginx-1.16.1.tar.gz
http://labs.frickle.com/files/ngx_cache_purge-2.3.tar.gz
3、下载
# yum install -y wget
# cd /usr/local/src
# wget -c http://nginx.org/download/nginx-1.16.1.tar.gz
# wget -c http://labs.frickle.com/files/ngx_cache_purge-2.3.tar.gz
二、安装
1、添加用户
# groupadd nginx
# useradd -s /sbin/nologin -g nginx nginx
2、安装依赖
# yum install gcc gcc-c++ make automake autoconf libtool pcre-devel zlib-devel openssl openssl-devel gd-devel libcurl-devel
3、解压编译
# tar zxvf nginx-1.16.1.tar.gz
# tar zxvf ngx_cache_purge-2.3.tar.gz
# cd nginx-1.16.1
# ./configure --prefix=/usr/local/nginx --with-pcre --with-stream --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-http_realip_module --add-module=../ngx_cache_purge-2.3 --with-http_image_filter_module --user=nginx --group=nginx
# make
# make install
解释:
–prefix= 指定安装路径
–with-pcre 开启pcre库,rewrite功能
–with-stream 开启TCP转发
–with-http_stub_status_module 开启status模块,统计nginx信息
–with-http_ssl_module 开启ssl模块
–with-http_gzip_static_module 开启gzip压缩传输
–with-http_realip_module 开启head头里客户端真实地址的修改
–add-module=…/ngx_cache_purge-2.3 添加缓存清理模块
–with-http_image_filter_module 开启缩略图模块
–user=nginx 指定运行的用户
–group=nginx 指定运行的用户组
三、配置
1、创建一些文件夹
# cd /usr/local/nginx
# mkdir conf/vhosts
# mkdir tmp
# mkdir ssl
vhosts 存放http模块server配置的目录
tmp 临时文件
proxy_cache 存放缓存文件(启动自动生成不用创建)
ssl 存放ssl证书
2、主配置
# cat /usr/local/nginx/conf/nginx.confuser nginx;
worker_processes auto;
worker_cpu_affinity auto;
worker_rlimit_nofile 102400;events {use epoll;accept_mutex on;worker_connections 20000;
}http {server_tokens off;proxy_redirect off;proxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-Proto $scheme;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;client_max_body_size 20m;client_body_buffer_size 256k;proxy_connect_timeout 90;proxy_send_timeout 90;proxy_read_timeout 90;proxy_buffering on;proxy_buffer_size 128k;proxy_buffers 4 64k;proxy_busy_buffers_size 128k;proxy_temp_file_write_size 128k;limit_req_zone $binary_remote_addr zone=query:20m rate=20r/s;limit_conn_zone $binary_remote_addr zone=one:20m;proxy_cache_path /usr/local/nginx/proxy_cache levels=1:2 keys_zone=proxycache:20m inactive=1d max_size=100m;charset utf-8;client_body_temp_path /usr/local/nginx/tmp/client_body_temp 1 2;proxy_temp_path /usr/local/nginx/tmp/proxy_temp 1 2;fastcgi_temp_path /usr/local/nginx/tmp/fastcgi_temp 1 2;uwsgi_temp_path /usr/local/nginx/tmp/uwsgi_temp 1 2;scgi_temp_path /usr/local/nginx/tmp/scgi_temp 1 2;ignore_invalid_headers on;server_names_hash_max_size 256;server_names_hash_bucket_size 64;client_header_buffer_size 8k;large_client_header_buffers 4 32k;connection_pool_size 256;request_pool_size 64k;output_buffers 2 128k;postpone_output 1460;client_header_timeout 1m;client_body_timeout 3m;send_timeout 3m;log_format main '$server_addr $remote_addr [$time_local] $msec+$connection "$request" $status $connection $request_time $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for"';access_log /usr/local/nginx/logs/access.log main;error_log /usr/local/nginx/logs/error.log error;open_log_file_cache max=1000 inactive=20s min_uses=1 valid=1m;sendfile on;tcp_nopush off;tcp_nodelay on;types_hash_max_size 2048;include /usr/local/nginx/conf/mime.types;default_type application/octet-stream;reset_timedout_connection on;keepalive_timeout 10 5;keepalive_requests 100;gzip on;gzip_http_version 1.1;gzip_vary on;gzip_proxied any;gzip_min_length 1k;gzip_comp_level 8;gzip_buffers 16 8k;gzip_proxied expired no-cache no-store private auth no_last_modified no_etag;gzip_types text/plain application/x-javascript text/css application/xml application/json application/javascript application/x-httpd-php image/jpeg image/gif image/png;gzip_disable "MSIE [1-6]\.(?!.*SV1)";include /usr/local/nginx/conf/vhosts/*.conf;}
在此贴出的是我在用的生产环境配置。
参数太多就不解释了,有什么不明白的参数可以自行百度一下。
注意:
worker_rlimit_nofile 102400 和 worker_connections 20000 这2个参数需要增加系统ulimit限制,centos7.4默认是1024,临时配置命令ulimit -n 102400,永久配置修改/etc/security/limits.conf.
3、虚拟机配置(server配置文件)
在此配置基础配置
1、禁止IP直接访问
# cat /usr/local/nginx/conf/default.confserver {listen 80 default_server;server_name _;return 405;}
2、域名配置(binghe.com)(综合配置,此配置已经包含nginx配置大部分的常用功能了)
# cat /usr/local/nginx/conf/binghe.confupstream binghe {server 127.0.0.1:8080 max_fails=5 fail_timeout=10s;server 192.168.1.81:8080 max_fails=5 fail_timeout=10s; server 192.168.1.82:8080 max_fails=5 fail_timeout=10s; //已停用的服务server 192.168.1.83:8080 max_fails=5 fail_timeout=10s backup; //备用服务server 192.168.1.84:8080 max_fails=5 fail_timeout=10s shutdown; //停用服务
# ip_hash; //负载均衡方式,请自行查看资料}server {listen 80;server_name binghe.com www.binghe.com;root /usr/local/nginx/html/binghe;return 301 https://$server_name$request_uri; //开启了这行下面的内容不会执行,直接重定向到httpslocation / {index index.jsp index.html end_login.jsp;proxy_pass http://binghe;}}# Settings for a TLS enabled server.server {listen 443 ssl http2 default_server;server_name binghe.com wwww.binghe.com;root /usr/local/nginx/html/back;ssl on;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_certificate "/usr/local/nginx/ssl/binghe.com.pem"; //证书公钥(binghe.com与www.binghe.com证书的合成证书),证书怎么合成请查资料,也可以购买通用域名证书。ssl_certificate_key "/usr/local/nginx/ssl/binghe.com.key"; //证书私钥(合成私钥)ssl_session_cache shared:SSL:10m;ssl_session_timeout 30m;ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;ssl_dhparam /usr/local/nginx/ssl/dhparams.pem; // 开启加强交换秘钥,需要提前用openssl生成好ssl_prefer_server_ciphers on;ssl_buffer_size 8k;ssl_stapling on;resolver 8.8.8.8;ssl_stapling_verify on;add_header Strict-Transport-Security max-age=31536000; // 开启HTST安全访问# 配置binghe.com域名永久重定向到www.binghe.comif ( $host = 'binghe.com' ){rewrite ^/(.*)$ https://www.binghe.com/$1 permanent;}# 配置手机访问的话跳转到手机端访问地址if ( $http_user_agent ~ "(MIDP)|(WAP)|(UP.Browser)|(Smartphone)|(Obigo)|(Mobile)|(AU.Browser)|(wxd.Mms)|(WxdB.Browser)|(CLDC)|(UP.Link)|(KM.Browser)|(UCWEB)|(SEMC\-Browser)|(Mini)|(Symbian)|(Palm)|(Nokia)|(Panasonic)|(MOT\-)|(SonyEricsson)|(NEC\-)|(Alcatel)|(Ericsson)|(BENQ)|(BenQ)|(Amoisonic)|(Amoi\-)|(Capitel)|(PHILIPS)|(SAMSUNG)|(Lenovo)|(Mitsu)|(Motorola)|(SHARP)|(WAPPER)|(LG\-)|(LG/)|(EG900)|(CECT)|(Compal)|(kejian)|(Bird)|(BIRD)|(G900/V1.0)|(Arima)|(CTL)|(TDG)|(Daxian)|(DAXIAN)|(DBTEL)|(Eastcom)|(EASTCOM)|(PANTECH)|(Dopod)|(Haier)|(HAIER)|(KONKA)|(KEJIAN)|(LENOVO)|(Soutec)|(SOUTEC)|(SAGEM)|(SEC\-)|(SED\-)|(EMOL\-)|(INNO55)|(ZTE)|(iPhone)|(Android)|(Windows CE)|(Wget)|(Java)|(curl)|(Opera)" ){rewrite ^/(.*)$ https://m.binghe.com/$1 redirect;}location / {index index.html;#try_files $uri $uri/ /index.html; // 路由规则匹配从左到右至匹配到为止}# 跨域配置location /binghe/web {add_header 'Access-Control-Allow-Origin' $http_origin;add_header 'Access-Control-Allow-Credentials' 'true';add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';add_header 'Access-Control-Allow-Headers' 'DNT,web-token,app-token,Authorization,Accept,Origin,Keep-Alive,User-Agent,X-Mx-ReqToken,X-Data-Type,X-Auth-Token,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';if ($request_method = 'OPTIONS') {add_header 'Access-Control-Max-Age' 1728000;add_header 'Content-Type' 'text/plain; charset=utf-8';add_header 'Content-Length' 0;return 204;}proxy_pass http://www.changge.com;proxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Proto $scheme;}# 开启后端代理location ~ .*\.(jsp|do|API)$ {index index.jsp index.jspx index.do end_login.jsp;add_header X_cache "$upstream_cache_status";proxy_http_version 1.1;proxy_pass http://binghe;}location ~ /backend {proxy_cache proxycache; // 开启缓存空间proxy_cache_lock on;proxy_cache_key $request_uri;proxy_cache_valid 200 301 302 60s;proxy_cache_valid any 60s;add_header X_cache "$upstream_cache_status";proxy_http_version 1.1;proxy_pass http://binghe;}location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|webp)$ {access_log on;expires 1d;valid_referers none blocked binghe.com www.binghe.com; // 只允许域名直接访问,禁止搜索引擎跳转if ($invalid_referer) {return 403;}}location ~ .*\.(htm|html|ioc|ico|rar|zip|txt|flv|mid|doc|ppt|pdf|xls|mp3|wma|css|js)${access_log on;expires 1d;}error_page 404 /404.html;location = /40x.html {}error_page 500 502 503 504 /50x.html;location = /50x.html {}# nginx 的数据统计模块location /status {stub_status on;access_log off;allow 127.0.0.1;deny all;}}
上面把难点都简单都标记了一下,不懂的可以查一下资料,。上面有些功能没有用到,比如缩略图,缩略图配置不难。vhosts可以配置多个域名多个server等
四、授权及启动
# chown -R nginx.nginx /usr/local/nginx
# echo "export PATH=$PATH:/usr/local/nginx/sbin/" > /etc/profile.d/nginx.sh && source /etc/profile.d/nginx.sh //配置环境变量
# /usr/local/nginx/sbin/nginx -t //测试配置文件是否正确,successful就没问题
# /usr/local/nginx/sbin/nginx //启动,也可以直接使用nginx启动
五、4层TCP代理
nginx从1.9版之后就支持tcp转发了,我们上面编译安装的时候加的–with-stream就是添加这个功能的
1、主配置
需要在nginx.conf配置文件的最后面添加几行配置
stream {include /usr/local/nginx/conf/vhosts/*.socket;
}
注意:这个配置是独立在http模块在外的,与http模块是平级的,位置别加错了。
2、server配置
# cat /usr/local/nginx/vhosts/api.socketupstream proxy_socket {zone proxy_socket 1000m;hash $remote_addr;server 192.168.1.81:9985 max_fails=5 fail_timeout=10s;server 192.168.1.82:9985 max_fails=5 fail_timeout=10s;server 192.168.1.83:9985 max_fails=5 fail_timeout=10s;}server {listen 88;proxy_timeout 600s;proxy_pass proxy_socket;}
配置比较简单,不懂请查看资料
六、测试
7层代理使用 http://www.binghe.com 访问
4层代理也可用 ws://www.binghe.com:88 访问 //看代理的何种协议,协议不同头不同,如http或ws、wss等
七、最后
贴一个websocket代理配置
upstream websocket {server 192.168.1.85:8887;
}upstream binghewss {server 192.168.1.85:5678;
}server {listen 443 ssl;server_name websocket.binghe.cn;ssl_certificate /usr/local/nginx/conf/cert/dd.fazhixing.cn.pem;ssl_certificate_key /usr/local/nginx/conf/cert/dd.fazhixing.cn.key;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Proto $scheme;proxy_set_header X-Forwarded-Port $server_port;proxy_set_header Host $http_host;proxy_set_header X-Real-IP $remote_addr;ssl_session_cache shared:SSL:1m;ssl_session_timeout 5m;ssl_ciphers HIGH:!aNULL:!MD5;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_prefer_server_ciphers on;location /wss {proxy_pass http://websocket;proxy_http_version 1.1;proxy_set_header Upgrade $http_upgrade;proxy_set_header Connection "Upgrade";}location /binghewss {proxy_pass http://shwss;proxy_http_version 1.1;proxy_set_header Upgrade $http_upgrade;proxy_set_header Connection "Upgrade";}location / {proxy_pass http://127.0.0.1:8080;}}
八、完成
注意事项:
如果要增加模块自己编译的会yum安装的方便。只需要重新编译一此,编译的时候添加你需要的模块即可。注意make完后千万不要make install,不然会覆盖之前安装,如果是生成环境又没有备份那你就完蛋了。make完之后 拷出objs/nginx文件 覆盖 /usr/local/nginx/sbin/nginx文件即可,然后重启nginx就完成了升级,方便吧,哈哈…
centos7.4源码安装nginx-1.16.1 及NGINX最全配置 缓存缩略图4层转发相关推荐
- centos7.2源码安装openssl1.0.2
centos7.2默认是安装了opensll软件包的,但是部署个别服务时,由于版本太低.会影响服务的正常部署.只能使用源码安装提高openssl软件版本. 因为之前有openssl软件包,所以要先移除 ...
- 在CentOS7上源码安装MongoDB 3.2.7
转载http://www.jianshu.com/p/132c9b2766e0 在CentOS7上源码安装MongoDB 3.2.7 字数1780 阅读100 评论0 喜欢0 环境准备 [root@s ...
- 阿里云服务器——centos7下源码安装tomcat9
阿里云服务器--centos7下源码安装tomcat9 (第一次写文章,俺会努力的) 首先进入src文件夹: cd /usr/local/src 使用wget命令下载tomcat : wget htt ...
- centos7 mysql 源码安装_CentOS7.4 源码安装MySQL8.0的教程详解
MySQL 8 正式版 8.0.11 已发布,官方表示 MySQL 8 要比 MySQL 5.7 快 2 倍,还带来了大量的改进和更快的性能! 以下为本人2018.4.23日安装过程的记录.整个过程大 ...
- Centos7 Git源码安装
Git简介 有关于git的详细介绍和使用这里就不多说了,有兴趣看的话可以访问上一篇文章文章yum安装git 实验环境 系统版本:centos7x3.10.0-514.el7.x86_64 Git版本: ...
- nginx1.10.3 php7.0,centos7.2源码安装php7.0.9和nginx1.10.3服务器
下载nginx-1.10.3.tar.gz,php-7.0.9.tar.gz.也可以去nginx官网,php官网下载想要的版本.我选择nginx1.10.3稳定版和php7.0.9最新版.php源码包 ...
- CentOS7 下源码安装MPlayer播放器
最近学习了build源码安装软件,老师布置的习题,用所学过的知识安装mplayer播放器.通过上网我了解到在linux系统下,mplayer播放器十分强大好用.但是,在安装的过程中遇到了很多问题,比如 ...
- linux7/centos7下源码安装nginx-1.16.1详解
以下操作因为系统是最小安装,所以会需要安装的依赖和命令较多,实验环境,centos7ip:192.168.11.123 1. 下载或上传nginx安装包 我这边使用wget命令直接在centos7上下 ...
- Centos7 下源码安装nginx
一.安装必要的库: (nginx 中gzip模块需要 zlib 库,rewrite模块需要 pcre 库,ssl 功能需要openssl库) 选定/usr/local/nginx 为安装目录 ,文中版 ...
- 在Centos7下源码安装配置Redis
1.安装前准备开发环境 安装pcre开发包: yum install -y pcre-devel 安装编译源码所需的工具和库:yum install gcc gcc-c++ ncurses-deve ...
最新文章
- 【Qt】qss样式表之:自定义属性实现动态切换样式
- 14.1 线程回顾和同步函数
- linux下用js生成xml文件,使用JS读取XML文件的方法
- input输入框自动消除空格
- 怪咖发明家,乔布斯给了他四亿,他没要,转身靠发明救了10亿人。
- linux系统中安装python_2. Linux 下安装python
- 前端开发 “性能”有多重要
- Fast上传图片成功,FastDFSweb页面显示失败
- C# 不借助第三个变量实现两整数交换
- 月球探测器中的计算机技术,月球探测器自主视觉导航技术的研究
- boost创建线程池_linux下boost的一个扩展线程池-threadpool-的学习
- 算法成华纳旗下歌手?背景音乐经济
- 成都拓嘉启远:多多进宝如何关
- 最最最详细的springboot项目中集成微信扫码登入功能.步骤代码超级详细(OAuth2)
- 挂站服务器什么意思?挂站服务器可以挂多少网站?
- el-table表格横竖双表头,表头带斜线
- Python 之 Anaconda
- “如何实现高效的应用交付”鲁班会开发者训练营厦门站进行时
- mysql 5.7.14 winx64_mysql-5.7.14-winx64解压版配置
- 连接MySQL错误:Can#39;t connect to MySQL server (10060)