创建用户组和不能登录的用户

groupadd www
useradd -g www -s /sbin/nologin -M www

安装依赖

yum -y install zlib zlib-devel openssl openssl-devel pcre-devel

下载安装包, 解压, 然后进入解压后的目录.

检查安装环境

./configure \
--prefix=/usr/local/nginx \
--user=www \
--group=www \
--with-http_stub_status_module \
--with-http_v2_module \
--with-http_ssl_module \
--with-http_gzip_static_module \
--with-http_realip_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-openssl=/usr/local/src/openssl-1.0.2p \
--with-pcre=/usr/local/src/pcre-8.42 \
--with-pcre-jit \
--with-ld-opt='-ljemalloc'    //注意要先安装 jemalloc

编译&&安装

make && make install

安装完成

/usr/local/nginx/sbin/nginx        //直接回车就是启动nginx服务
/usr/local/nginx/sbin/nginx -s stop        //停止服务
/usr/local/nginx/sbin/nginx -s reload    //热重启服务, 不要用restart

优化nginx命令

echo "export PATH=/usr/local/nginx/sbin:\$PATH" >> /etc/profile

替换nginx.conf

用下面的这份conf替换掉 /config/nginx.conf

#用户和用户组, 默认设置是www
user nginx nginx;
worker_processes 1;        #进程数, 根据cpu的数量来设置, 我这里是1核, 所以设置为1

error_log /data/wwwlogs/error_nginx.log crit;
#pid logs/nginx.pid;
worker_rlimit_nofile 51200;

events {
  use epoll;
  worker_connections 51200;
  multi_accept on;
}

http {
    include mime.types;
    default_type application/octet-stream;
    server_names_hash_bucket_size 128;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 32k;
    client_max_body_size 1024m;
    client_body_buffer_size 10m;
    sendfile on;
    tcp_nopush on;
    keepalive_timeout 120;
    server_tokens off;
    tcp_nodelay on;

    fastcgi_connect_timeout 300;
    fastcgi_send_timeout 300;
    fastcgi_read_timeout 300;
    fastcgi_buffer_size 64k;
    fastcgi_buffers 4 64k;
    fastcgi_busy_buffers_size 128k;
    fastcgi_temp_file_write_size 128k;
    fastcgi_intercept_errors on;

    #Gzip Compression
    gzip on;
    gzip_buffers 16 8k;
    gzip_comp_level 6;
    gzip_http_version 1.1;
    gzip_min_length 256;
    gzip_proxied any;
    gzip_vary on;
    gzip_types
      text/xml application/xml application/atom+xml application/rss+xml application/xhtml+xml image/svg+xml
      text/javascript application/javascript application/x-javascript
      text/x-json application/json application/x-web-app-manifest+json
      text/css text/plain text/x-component
      font/opentype application/x-font-ttf application/vnd.ms-fontobject
      image/x-icon;
    gzip_disable "MSIE [1-6]\.(?!.*SV1)";

    ##If you have a lot of static files to serve through Nginx then caching of the files' metadata (not the actual files' contents) can save some latency.
    #open_file_cache max=1000 inactive=20s;
    #open_file_cache_valid 30s;
    #open_file_cache_min_uses 2;
    #open_file_cache_errors on;

######################## default ############################
    server {
        listen       80;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            root   html;
            index  index.html index.htm;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }

########################## vhost #############################
    include vhost/*.conf;

}

增加站点

在 /config/vhost 目录下配置站点的nginx信息.

server {
  listen 80;
  listen 443 ssl http2;
  ssl_certificate /usr/local/nginx/conf/ssl/test.com.pem;
  ssl_certificate_key /usr/local/nginx/conf/ssl/test.com.key;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
  ssl_prefer_server_ciphers on;
  ssl_session_timeout 10m;
  ssl_session_cache builtin:1000 shared:SSL:10m;
  ssl_buffer_size 1400;
  add_header Strict-Transport-Security max-age=15768000;
  ssl_stapling on;
  ssl_stapling_verify on;
  server_name test.com;
  access_log /data/wwwlogs/test.com_nginx.log combined;
  index index.html index.htm index.php;
  root /data/wwwroot/test.com;
  include /usr/local/nginx/conf/rewrite/none.conf;
  #error_page 404 /404.html;
  #error_page 502 /502.html;
  
  location ~ [^/]\.php(/|$) {
    #fastcgi_pass remote_php_ip:9000;
    fastcgi_pass unix:/dev/shm/php-cgi.sock;
    fastcgi_index index.php;
    include fastcgi.conf;
  }

  location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
    expires 30d;
    access_log off;
  }
  location ~ .*\.(js|css)?$ {
    expires 7d;
    access_log off;
  }
  location ~ /\.ht {
    deny all;
  }
}

如果http跳转https, 则在18行后面添加

if ($ssl_protocol = "") { return 301 https://$host$request_uri; }

如果多个域名, 在15行 server_name 后添加 其他的域名, 这里以other.test.com为例.

server_name test.com other.test.com;

如果多个域名都跳转到一个域名, 例如都跳转到test.com, 则在18行后面添加

if ($host != test.com) { return 301 $scheme://test.com$request_uri; }

添加http站点

server {
  listen 80;
  server_name test.com;
  access_log off;
  index index.html index.htm index.php;
  root /data/wwwroot/test.com;
  
  include /usr/local/nginx/conf/rewrite/none.conf;
  #error_page 404 /404.html;
  #error_page 502 /502.html;
  
  location ~ [^/]\.php(/|$) {
    #fastcgi_pass remote_php_ip:9000;
    fastcgi_pass unix:/dev/shm/php-cgi.sock;
    fastcgi_index index.php;
    include fastcgi.conf;
  }

  location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
    expires 30d;
    access_log off;
  }
  location ~ .*\.(js|css)?$ {
    expires 7d;
    access_log off;
  }
  location ~ /\.ht {
    deny all;
  }
}

常用的重定向

  • laravel && lemun
  location / {
    try_files $uri $uri/ /index.php?$query_string;
  }
  • thinkphp
location / {
  if (!-e $request_filename) {
    rewrite ^(.*)$ /index.php?s=$1 last;
    break;
  }
}
  • wordpress
location / {
  try_files $uri $uri/ /index.php?$args;
}
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
location ~* ^/wp-content/uploads/.*\.php$ {
  deny all;
}
  • ecshop
if (!-e $request_filename) {
  rewrite "^/index\.html" /index.php last;
  rewrite "^/category$" /index.php last;
  rewrite "^/feed-c([0-9]+)\.xml$" /feed.php?cat=$1 last;
  rewrite "^/feed-b([0-9]+)\.xml$" /feed.php?brand=$1 last;
  rewrite "^/feed\.xml$" /feed.php last;
  rewrite "^/category-([0-9]+)-b([0-9]+)-min([0-9]+)-max([0-9]+)-attr([^-]*)-([0-9]+)-(.+)-([a-zA-Z]+)(.*)\.html$" /category.php?id=$1&brand=$2&price_min=$3&price_max=$4&filter_attr=$5&page=$6&sort=$7&order=$8 last;
  rewrite "^/category-([0-9]+)-b([0-9]+)-min([0-9]+)-max([0-9]+)-attr([^-]*)(.*)\.html$" /category.php?id=$1&brand=$2&price_min=$3&price_max=$4&filter_attr=$5 last;
  rewrite "^/category-([0-9]+)-b([0-9]+)-([0-9]+)-(.+)-([a-zA-Z]+)(.*)\.html$" /category.php?id=$1&brand=$2&page=$3&sort=$4&order=$5 last;
  rewrite "^/category-([0-9]+)-b([0-9]+)-([0-9]+)(.*)\.html$" /category.php?id=$1&brand=$2&page=$3 last;
  rewrite "^/category-([0-9]+)-b([0-9]+)(.*)\.html$" /category.php?id=$1&brand=$2 last;
  rewrite "^/category-([0-9]+)(.*)\.html$" /category.php?id=$1 last;
  rewrite "^/goods-([0-9]+)(.*)\.html" /goods.php?id=$1 last;
  rewrite "^/article_cat-([0-9]+)-([0-9]+)-(.+)-([a-zA-Z]+)(.*)\.html$" /article_cat.php?id=$1&page=$2&sort=$3&order=$4 last;
  rewrite "^/article_cat-([0-9]+)-([0-9]+)(.*)\.html$" /article_cat.php?id=$1&page=$2 last;
  rewrite "^/article_cat-([0-9]+)(.*)\.html$" /article_cat.php?id=$1 last;
  rewrite "^/article-([0-9]+)(.*)\.html$" /article.php?id=$1 last;
  rewrite "^/brand-([0-9]+)-c([0-9]+)-([0-9]+)-(.+)-([a-zA-Z]+)\.html" /brand.php?id=$1&cat=$2&page=$3&sort=$4&order=$5 last;
  rewrite "^/brand-([0-9]+)-c([0-9]+)-([0-9]+)(.*)\.html" /brand.php?id=$1&cat=$2&page=$3 last;
  rewrite "^/brand-([0-9]+)-c([0-9]+)(.*)\.html" /brand.php?id=$1&cat=$2 last;
  rewrite "^/brand-([0-9]+)(.*)\.html" /brand.php?id=$1 last;
  rewrite "^/tag-(.*)\.html" /search.php?keywords=$1 last;
  rewrite "^/snatch-([0-9]+)\.html$" /snatch.php?id=$1 last;
  rewrite "^/group_buy-([0-9]+)\.html$" /group_buy.php?act=view&id=$1 last;
  rewrite "^/auction-([0-9]+)\.html$" /auction.php?act=view&id=$1 last;
  rewrite "^/exchange-id([0-9]+)(.*)\.html$" /exchange.php?id=$1&act=view last;
  rewrite "^/exchange-([0-9]+)-min([0-9]+)-max([0-9]+)-([0-9]+)-(.+)-([a-zA-Z]+)(.*)\.html$" /exchange.php?cat_id=$1&integral_min=$2&integral_max=$3&page=$4&sort=$5&order=$6 last;
  rewrite "^/exchange-([0-9]+)-([0-9]+)-(.+)-([a-zA-Z]+)(.*)\.html$" /exchange.php?cat_id=$1&page=$2&sort=$3&order=$4 last;
  rewrite "^/exchange-([0-9]+)-([0-9]+)(.*)\.html$" /exchange.php?cat_id=$1&page=$2 last;
  rewrite "^/exchange-([0-9]+)(.*)\.html$" /exchange.php?cat_id=$1 last;
}

升级Nginx到最新版本

  1. -V查看一下原来安装nginx的编译参数

    [root@4710419222 ~]# /usr/local/nginx/sbin/nginx -V
    nginx version: nginx/1.14.0
    built by gcc 4.8.5 20150623 (Red Hat 4.8.5-28) (GCC) 
    built with OpenSSL 1.0.2p  14 Aug 2018
    TLS SNI support enabled
    configure arguments: --prefix=/usr/local/nginx --user=www --group=www --with-http_stub_status_module --with-http_v2_module --with-http_ssl_module --with-http_gzip_static_module --with-http_realip_module --with-http_flv_module --with-http_mp4_module --with-openssl=../openssl-1.0.2p --with-pcre=../pcre-8.42 --with-pcre-jit --with-ld-opt=-ljemalloc
    [root@4710419222 ~]# 
  2. 下载要升级的nginx版本.
  3. 解压, 进入解压后的目录, 然后编译make, 切记不要make install (这一步骤的时间比较长)

    [root@4710419222 nginx-1.15.7]# ./configure  --prefix=/usr/local/nginx --user=www --group=www --with-http_stub_status_module --with-http_v2_module --with-http_ssl_module --with-http_gzip_static_module --with-http_realip_module --with-http_flv_module --with-http_mp4_module --with-openssl=../openssl-1.0.2p --with-pcre=../pcre-8.42 --with-pcre-jit --with-ld-opt=-ljemalloc
    
    ...
    
    [root@4710419222 nginx-1.15.7]# make
  4. 先将原来的nginx执行文件备份, 然后将make生成的objs目录下的 nginx 执行文件复制到 /usr/local/nginx/sbin/ 下

    [root@4710419222 nginx-1.15.7]# mv /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.old
    [root@4710419222 nginx-1.15.7]# cp ./objs/nginx /usr/local/nginx/sbin/
    [root@4710419222 nginx-1.15.7]# ll /usr/local/nginx/sbin/
    total 13860
    -rwxr-xr-x 1 root root 9961360 Dec  3 14:47 nginx
    -rwxr-xr-x 1 root root 4228832 Oct 27 08:45 nginx.old
  5. make upgrade 升级

    [root@4710419222 nginx-1.15.7]# make upgrade
    /usr/local/nginx/sbin/nginx -t
    nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
    nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
    kill -USR2 `cat /usr/local/nginx/logs/nginx.pid`
    sleep 1
    test -f /usr/local/nginx/logs/nginx.pid.oldbin
    kill -QUIT `cat /usr/local/nginx/logs/nginx.pid.oldbin`

标签: none

添加新评论