reference

https://www.nginx.com/resources/admin-guide/installing-nginx-open-source/

install from source code

所需要的额外的库

yum install gcc

yum install make

yum install pcre-static

yum install zlib-static

tar -xvf nginx-1.10.3.tar
cd nginx-1.10.3
./configure

显示如下
Configuration summary
  + using system PCRE library
  + OpenSSL library is not used
  + using builtin md5 code
  + sha1 library is not found
  + using system zlib library

  nginx path prefix: "/usr/local/nginx"
  nginx binary file: "/usr/local/nginx/sbin/nginx"
  nginx modules path: "/usr/local/nginx/modules"
  nginx configuration prefix: "/usr/local/nginx/conf"
  nginx configuration file: "/usr/local/nginx/conf/nginx.conf"
  nginx pid file: "/usr/local/nginx/logs/nginx.pid"
  nginx error log file: "/usr/local/nginx/logs/error.log"
  nginx http access log file: "/usr/local/nginx/logs/access.log"
  nginx http client request body temporary files: "client_body_temp"
  nginx http proxy temporary files: "proxy_temp"
  nginx http fastcgi temporary files: "fastcgi_temp"
  nginx http uwsgi temporary files: "uwsgi_temp"
  nginx http scgi temporary files: "scgi_temp"


make
make install

配置

  1. 将nginx所在路径加入环境变量

echo “export PATH=$PATH:/usr/local/nginx/sbin”»/etc/profile

  1. 使用nginx -c /usr/local/nginx/conf/nginx.con启动进程

  2. 如何配置nginx服务和开机自启?

  • 添加nginx.service服务

在/usr/lib/systemd/system目录下添加nginx.service

[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true

[Install]
WantedBy=multi-user.target
  1. 配置开启基础认证

注意基础认证使用base64进行编码

抓包方法tcpdump -XvvennSs 0 -i eth0 tcp[20:2]=0x4745 or tcp[20:2]=0x4854抓取http报文

htpasswd -bcm /home/p root root
auth_basic "hello";
auth_basic_user_file /home/p;
  1. 配置开机自启

systemctl enable nginx.service

reference

https://www.nginx.com/resources/wiki/start/topics/examples/systemd/

https://www.linode.com/docs/web-servers/nginx/how-to-configure-nginx

  1. 如何监听多个端口,或者说如何在一台主机上启动多个服务?

配置多个server,不同的server监听不同的端口就可以了。

  1. 配置https

安装openssl-devel,

yum install openssl-devel

nginx编译时使用ssl模块

./configure --with-http_stub_status_module --with-http_ssl_module

conf中开启监听443端口,并添加证书

遇到的问题

nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)

定位分析:

已经有程序占用了80端口,导致该端口对nginx不可用

我使用nginx -c /usr/local/nginx/conf/nginx.conf启动nginx进程,然后去访问服务器发现报403错误。

定位分析:

查看相关文件

ps -ef|grep nginx

root     240585      1  0 18:19 ?        00:00:00 nginx: master process nginx -c /usr/local/nginx/conf/nginx.conf
nobody   240587 240585  0 18:19 ?        00:00:00 nginx: worker process

cat /usr/local/nginx/conf/nginx.conf

#user  nobody;
worker_processes  1;

cat /usr/local/nginx/logs/error.log

2017/08/01 19:05:22 [error] 48166#0: *4 open() "/usr/local/nginx/html/50x.html" failed (13: Permission denied), client: 10.10.10.10, server: loc        alhost, request: "GET /50x.html HTTP/1.1", host: "9.9.9.9"

403 Forbidden

可能是权限问题

  1. 已nobody用户运行的程序的权限不足以访问系统中的文件,所以重新配置nginx,以普通用户的方式运行 解决方法修改nginx.conf,重新载入nginx -s reload
  2. 配置服务器的根目录权限为普通用户可读chmod 744 /usr/local/nginx/conf/nginx.conf

安全相关配置

# 不显示nginx版本信息
server_tokens off;