Nginx 配置
A little Mew
2021-09-21 12:37
70
0
- 下载解压 Nginx 源码解压
cd /user/local/src/
wget nginx-1.18.0.tar.gz
wget openssl-1.1.1l.tar.gz
wget zlib-1.2.11.tar.gz
tar -zxvf nginx-1.18.0.tar.gz
tar -zxvf openssl-1.1.1l.tar.gz
tar -zxvf zlib-1.2.11.tar.gz
- 移除默认环境&安装环境
rpm -aq |grep mariadb
rpm -aq |grep openssl
#
yum remove openssl openssl-devel
yum install gcc-c++
yum install -y pcre pcre-devel
yum install -y zlib zlib-devel
yum install -y openssl-devel
- 编译安装 编译安装 Openssl
cd /usr/local/src/openssl-1.1.1l
./config --prefix=/usr/local/openssl
make
make install
## 出错了试试:
make clean
- 编译安装 Nginx
cd /usr/local/src/nginx-1.18.0
./configure \
--with-pcre \
--with-stream \
--with-stream_ssl_module \
--with-http_v2_module \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_addition_module \
--with-http_sub_module \
--with-threads \
--with-openssl-opt='enable-tls1_3' \
--prefix=/usr/local/nginx \
--with-openssl=../openssl-1.1.1l \
--with-zlib=../zlib-1.2.11
#--add-module=../ngx-fancyindex/
make
make install
## \ 可以换行,看起来清爽一点
- 使用systemctl 管理 nginx
/usr/lib/systemd/system/nginx.service
[Unit]
Description=nginx
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s quit
PrivateTmp=true
[Install]
WantedBy=multi-user.target
- 修改 nginx 名称
修改 Nginx 内部名称 vim src/core/nginx.h
#define NGINX_VERSION "macOS 11.5.2 (20G95)"
#define NGINX_VER "Apple/" NGINX_VERSION
修改 HTTP Response Header vim src/http/ngx_http_header_filter_module.c
static u_char ngx_http_server_string[] = "Server: Apple" CRLF;
修改错误页的底部 Footer vim src/http/ngx_http_special_response.c
static u_char ngx_http_error_tail[] =
"<hr><center>Apple: macOS 11.5.2 (20G95)</center>" CRLF
"</body>" CRLF
"</html>" CRLF
;
- 自动分割日志
vim /etc/nginx/conf/cutlog.sh
#!/bin/sh
systemctl stop nginx
touch "/usr/local/nginx/logs/error.log"
touch "/usr/local/nginx/logs/nginx.json"
touch "/usr/local/nginx/logs/zhuihoude.json"
mv "/usr/local/nginx/logs/error.log" "/etc/nginx/conf/logs/error_$(date -d "yesterday" +%G.%m.%d).txt"
mv "/usr/local/nginx/logs/nginx.json" "/etc/nginx/conf/logs/nginx_$(date -d "yesterday" +%G.%m.%d).json"
mv "/usr/local/nginx/logs/zhuihoude.json" "/etc/nginx/conf/logs/zhuihoude_$(date -d "yesterday" +%G.%m.%d).json"
systemctl start nginx
- 配置
vim /usr/local/nginx/conf/nginx.conf
#这个文件在 /usr/local/nginx/conf/nginx.conf
worker_processes 2;
worker_cpu_affinity 01 10;
worker_rlimit_nofile 65535;
# pid /usr/local/nginx/logs/nginx.pid;
#Specifies the value for maximum file descriptors that can be opened by this process.
events{
use epoll;
worker_connections 1024;
multi_accept on;
}
http{
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 50m;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
index index.html;
proxy_connect_timeout 3s;
proxy_read_timeout 60s;
proxy_send_timeout 90s;
keepalive_timeout 120;
keepalive_requests 1000;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 64 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
gzip on;
gzip_comp_level 6;
gzip_min_length 1k;
gzip_types text/plain text/css text/xml text/javascript text/x-component application/json application/javascript application/x-javascript application/xml application/xhtml+xml application/rss+xml application/atom+xml application/x-font-ttf application/vnd.ms-fontobject image/svg+xml image/x-icon font/opentype;
gzip_disable "MSIE [1-6].(?!.*SV1)";
log_format log_json
'{\n"timestamp":"$time_iso8601",\n'
'"x_forwarded":"$http_x_forwarded_for",\n'
'"remote_addr":"$remote_addr",\n'
'"upstream_response_time": "$upstream_response_time",\n'
'"request_time": "$request_time",\n'
'"request_url":"$scheme://$host:$Server_port$request_uri",\n'
'"request_method_status":"$request_method$status",\n'
'"referer":"$http_referer",\n'
'"user_agent":"$http_user_agent"\n'
'}\n';
access_log /usr/local/nginx/logs/nginx.json log_json;
#error_log /usr/local/nginx/logs/error.json warn;
include /etc/nginx/*.conf;
}
vim /etc/nginx/conf/public.conf
## proxy_hide_header WWW-Authenticate;
## proxy_set_header Authorization "Basic YWRtaW46YWRtaW4=";#base64(admin:admin)
## autoindex_format json;
## proxy_set_header Host $host;
## listen 1443 ssl http2 fastopen=3 reuseport;
## proxy_redirect default;
## add_after_body /page/footer.html;
ssl on;
ssl_dhparam /etc/nginx/conf/certificate/dhparam.pem;
ssl_protocols SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; #使用安全的TLSv1.3
ssl_session_cache shared:SSL:10m; #缓存大小
ssl_session_tickets on; #浏览器缓存
ssl_session_timeout 10m; #缓存超时
keepalive_timeout 120s; #TCP 保持
keepalive_requests 1000;
ssl_prefer_server_ciphers on; #使用服务器密码
ssl_ciphers ECDHE:!CBC:!NULL:!aNULL:!eNULL:!MD5:!ADH:!RC4:!DH:!DHE;
ssl_early_data on; #开启 1.3 o-RTT
# OCSP Stapling 用于在线查询证书吊销情况
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/conf/certificate/w.crt;
resolver 8.8.8.8 208.67.220.220 valid=240s;
resolver_timeout 10s;
# proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# 调试参数,可以查看当前访问域名和 IP
add_header your_host $host;
add_header your_addr $remote_addr;
proxy_hide_header Strict-Transport-Security;
add_header Strict-Transport-Security "max-age=126144000; includeSubdomains; preload";
# 禁止 iframe
proxy_hide_header X-Frame-Options;
add_header X-Frame-Options SAMEORIGIN;
# 防止 MIME 类型混淆攻击
proxy_hide_header X-Content-Type-Options;
add_header X-Content-Type-Options nosniff;
# 安全性-升级引用文件 http 为 https
proxy_hide_header Content-Security-Policy;
add_header Content-Security-Policy upgrade-insecure-requests;
# 跨域
proxy_hide_header Access-Control-Allow-Origin;
add_header Access-Control-Allow-Origin *;
proxy_hide_header Access-Control-Allow-Methods;
add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
proxy_hide_header Access-Control-Allow-Headers;
add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
error_page 400 /page/400.html;
error_page 401 /page/401.html;
error_page 403 /page/403.html;
error_page 404 /page/404.html;
error_page 502 /page/502.html;
error_page 504 /page/504.html;
error_page 506 =200 /page/666.html;
# 一律跳转到当前端口的 https
error_page 497 https://$host:$Server_port$request_uri?request_error_http_497=$scheme://$host:$Server_port;
#-----BEGIN Public-----
location /page/ {
root /etc/nginx/conf/;
autoindex on;
charset utf-8;
autoindex_localtime on;
add_after_body /page/footer.html;
access_log /usr/local/nginx/logs/nginx.json log_json;
}
location ~^/(favicon.ico|robots.txt) { root /etc/nginx/conf/page/;}
location /status { stub_status on; }
#-----END Public-----
location /logs/ {
root /etc/nginx/conf/;
autoindex on;
charset utf-8;
autoindex_localtime on;
access_log /usr/local/nginx/logs/nginx.json log_json;
}
vim /etc/nginx/1.conf
## 本配置不允许错误的域名,直接跳转到zhuihoude.com
server {
include /etc/nginx/conf/public.conf;
ssl_certificate /etc/nginx/conf/certificate/all.crt;
ssl_certificate_key /etc/nginx/conf/certificate/all.key;
server_name default;
listen 80 ssl http2;
listen 443 ssl http2;
listen 1443 ssl http2;
listen 8888 ssl http2;
return https://zhuihoude.com$request_uri?request_error_domain=$scheme://$host:$Server_port;
}
vim /usr/local/nginx/conf/mime.types 添加:
application/vnd.apple.pages pages;
application/vnd.apple.numbers numbers;
application/vnd.apple.keynote keynote;
application/vnd.apple.installer+xml pkg mpkg;
vnd.SimTech-MindMapper mm;
text/markdown md markdown;
text/plain log;
全部评论