Nginx
reference
https://www.nginx.com/resources/admin-guide/installing-nginx-open-source/
install from source code
所需要的额外的库
yum install gcc
yum install make
yum install pcre-static
yum install zlib-static
tar -xvf nginx-1.10.3.tar
cd nginx-1.10.3
./configure
显示如下
Configuration summary
+ using system PCRE library
+ OpenSSL library is not used
+ using builtin md5 code
+ sha1 library is not found
+ using system zlib library
nginx path prefix: "/usr/local/nginx"
nginx binary file: "/usr/local/nginx/sbin/nginx"
nginx modules path: "/usr/local/nginx/modules"
nginx configuration prefix: "/usr/local/nginx/conf"
nginx configuration file: "/usr/local/nginx/conf/nginx.conf"
nginx pid file: "/usr/local/nginx/logs/nginx.pid"
nginx error log file: "/usr/local/nginx/logs/error.log"
nginx http access log file: "/usr/local/nginx/logs/access.log"
nginx http client request body temporary files: "client_body_temp"
nginx http proxy temporary files: "proxy_temp"
nginx http fastcgi temporary files: "fastcgi_temp"
nginx http uwsgi temporary files: "uwsgi_temp"
nginx http scgi temporary files: "scgi_temp"
make
make install
配置
- 将nginx所在路径加入环境变量
echo “export PATH=$PATH:/usr/local/nginx/sbin”»/etc/profile
-
使用nginx -c /usr/local/nginx/conf/nginx.con启动进程
-
如何配置nginx服务和开机自启?
- 添加nginx.service服务
在/usr/lib/systemd/system目录下添加nginx.service
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
- 配置开启基础认证
注意基础认证使用base64进行编码
抓包方法tcpdump -XvvennSs 0 -i eth0 tcp[20:2]=0x4745 or tcp[20:2]=0x4854
抓取http报文
htpasswd -bcm /home/p root root
auth_basic "hello";
auth_basic_user_file /home/p;
- 配置开机自启
systemctl enable nginx.service
reference
https://www.nginx.com/resources/wiki/start/topics/examples/systemd/
https://www.linode.com/docs/web-servers/nginx/how-to-configure-nginx
- 如何监听多个端口,或者说如何在一台主机上启动多个服务?
配置多个server,不同的server监听不同的端口就可以了。
- 配置https
安装openssl-devel,
yum install openssl-devel
nginx编译时使用ssl模块
./configure --with-http_stub_status_module --with-http_ssl_module
conf中开启监听443端口,并添加证书
遇到的问题
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
定位分析:
已经有程序占用了80端口,导致该端口对nginx不可用
我使用nginx -c /usr/local/nginx/conf/nginx.conf启动nginx进程,然后去访问服务器发现报403错误。
定位分析:
查看相关文件
ps -ef|grep nginx
root 240585 1 0 18:19 ? 00:00:00 nginx: master process nginx -c /usr/local/nginx/conf/nginx.conf
nobody 240587 240585 0 18:19 ? 00:00:00 nginx: worker process
cat /usr/local/nginx/conf/nginx.conf
#user nobody;
worker_processes 1;
cat /usr/local/nginx/logs/error.log
2017/08/01 19:05:22 [error] 48166#0: *4 open() "/usr/local/nginx/html/50x.html" failed (13: Permission denied), client: 10.10.10.10, server: loc alhost, request: "GET /50x.html HTTP/1.1", host: "9.9.9.9"
403 Forbidden
可能是权限问题
- 已nobody用户运行的程序的权限不足以访问系统中的文件,所以重新配置nginx,以普通用户的方式运行 解决方法修改nginx.conf,重新载入nginx -s reload
- 配置服务器的根目录权限为普通用户可读chmod 744 /usr/local/nginx/conf/nginx.conf
安全相关配置
# 不显示nginx版本信息
server_tokens off;