安装nginx,自定义服务器名称

2021-03-19 14:32
683
0

下载、解压源代码到 /user/local/src/ 

wget nginx-1.18.0.tar.gz
wget openssl-1.1.1i.tar.gz
wget zlib-1.2.11.tar.gz

tar -zxvf nginx-1.18.0.tar.gz
tar -zxvf openssl-1.1.1i.tar.gz
tar -zxvf zlib-1.2.11.tar.gz

mv nginx-1.18.0 openssl-1.1.1i zlib-1.2.11 /usr/local/src/

 

#移除默认openssl 安装基本环境 

yum remove openssl openssl-devel

yum install gcc-c++
yum install -y pcre pcre-devel
yum install -y zlib zlib-devel

yum install -y openssl-devel

 

# 编译安装Openssl

cd /usr/local/src/openssl-1.1.1i

./config  --prefix=/usr/local/openssl
make
make install 

#出错了试试:
make clean

 

# 编译安装Nginx

rpm -aq |grep mariadb

cd /usr/local/src/nginx-1.18.0

./configure \
--with-pcre \
--with-stream \
--with-stream_ssl_module \
--with-http_v2_module \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_addition_module \
--with-http_sub_module
--with-threads \
--with-openssl-opt='enable-tls1_3' \
--prefix=/usr/local/nginx \
--with-openssl=../openssl-1.1.1i \
--with-zlib=../zlib-1.2.11

#--add-module=../ngx-fancyindex/

make

make install

# \换行

 

#通过systemctl 管理 nginx

/usr/lib/systemd/system/nginx.service
[Unit]
Description=nginx
After=network.target
  
[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s quit
PrivateTmp=true
  
[Install]
WantedBy=multi-user.target

 

#启动管理nginx

#启动
systemctl start nginx
#重启
systemctl restart nginx
#停止
systemctl stop nginx
#状态
systemctl status nginx

#其他的自己百度

 

## 自定义Nginx服务器名称需要在编译之前修改,例如改为Android/11.0.6

vim src/core/nginx.h

#define nginx_version      1106
#define NGINX_VERSION      "11.0.6"
#define NGINX_VER          "Android/" NGINX_VERSION

 

vim src/http/ngx_http_header_filter_module.c

static u_char ngx_http_server_string[] = "Server: Android" CRLF;

 

vim src/http/ngx_http_special_response.c

static u_char ngx_http_error_tail[] =
"<hr><center>Android</center>" CRLF
"</body>" CRLF
"</html>" CRLF
;

 

骚操作:

1、切割日志:

vim /etc/nginx/conf/cutlog.sh

#!/bin/sh
systemctl stop nginx
touch "/opt/static/log/nginx.json"
touch "/opt/static/log/err.json"
mv "/opt/static/log/nginx.json" "/opt/static/log/nginx-$(date -d "yesterday" +%G.%m.%d).json"
mv "/opt/static/log/err.json" "/opt/static/log/err-$(date -d "yesterday" +%G.%m.%d).json"
systemctl start nginx

执行方法:

vim /etc/crontab

# *  *  *  *  * user-name  command to be executed

0 0 * * * root /etc/nginx/conf/cutlog.sh

 

2、简化配置

首先改配置路径:

vim /usr/local/nginx/conf/nginx.conf

#这个文件在 /usr/local/nginx/conf/nginx.conf
worker_processes 2;
worker_cpu_affinity 01 10;
worker_rlimit_nofile 65535;
# pid /usr/local/nginx/logs/nginx.pid;
#Specifies the value for maximum file descriptors that can be opened by this process.
events{
  use epoll;
  worker_connections 1024;
  multi_accept on;
}
http{
  # 所有http 下面的配置(包括每一个 location 的配置) 从这里导入配置
  include /etc/nginx/*.conf;
}

 

先创建个配置目录: mkdir /etc/nginx/

编辑第一个配置(属于http{} 之下的 ): (0.作为序号,用来调整每一个 location的加载顺序)

vim /etc/nginx/0.nginx.conf 

include                         mime.types;
default_type                    application/octet-stream;
server_names_hash_bucket_size   128;
client_header_buffer_size       32k;
large_client_header_buffers     4 32k;
client_max_body_size            50m;
sendfile                        on;
tcp_nopush                      on;

keepalive_timeout               120;
keepalive_requests              1000;
fastcgi_connect_timeout         300;
fastcgi_send_timeout            300;
fastcgi_read_timeout            300;
fastcgi_buffer_size             64k;
fastcgi_buffers 64              64k;
fastcgi_busy_buffers_size       128k;
fastcgi_temp_file_write_size    256k;
fastcgi_intercept_errors        on;

tcp_nodelay                     on;
#server_tokens                  off;

gzip                            on;
gzip_comp_level                 6;
gzip_min_length                 1k;
gzip_types                      text/plain text/css text/xml text/javascript text/x-component application/json application/javascript application/x-javascript application/xml application/xhtml+xml application/rss+xml application/atom+xml application/x-font-ttf application/vnd.ms-fontobject image/svg+xml image/x-icon font/opentype;
gzip_disable                    "MSIE [1-6].(?!.*SV1)";

proxy_connect_timeout           5s;
proxy_read_timeout              60s;
proxy_send_timeout              90s;

log_format log_json
                                '{"@timestamp":"$time_iso8601",'
                                #'"bytes":$body_bytes_sent,'
                                #'"remote_addr":"$remote_addr",'
                                '"x_ip":"$http_x_real_ip",'
                                '"x_forwarded":"$http_x_forwarded_for",'
                                '"referer":"$http_referer",'
                                '"url":"$request_method$status-$scheme://$host$request_uri",'
                                '"agent":"$http_user_agent"}\n';

error_log                       /opt/static/log/err.json error;
access_log                      /opt/static/log/nginx.json log_json;
index                           index.html;

server { ##集成了一个配置,强制跳转https 用 )
  server_name                   zhuihoude.com;
  listen                        80;
  location /                    {return 301 https://zhuihoude.com$request_uri?port=80;}
}

 

一般配置:vim /etc/nginx/1.www.conf

(你没看错,https 配置就那么短,不需要长篇大论~ 只需要一个 include )

server {
include                         /etc/nginx/conf/public.conf;
  ssl_certificate               /etc/nginx/conf/w.crt;
  ssl_certificate_key           /etc/nginx/conf/w.key;
  server_name                   zhuihoude.com;
  listen 443  ssl http2         fastopen=3 reuseport; ##每个端口只允许配一个,fastopen=3 reuseport 否则报错
  root                          /opt/static/;
  location / {                  
    root                        /opt/static/;
  }
} 

 

给你 include 一个https 的配置,比较长,但是一般不需要改:

vim /etc/nginx/conf/public.conf

ssl_dhparam                     /etc/nginx/conf/dhparam.pem;

    ssl_protocols               TLSv1.2 TLSv1.3; #使用安全的TLSv1.3
    ssl_session_cache           shared:SSL:10m;  #缓存大小
    ssl_session_tickets         on;              #浏览器缓存
    ssl_session_timeout         10m;             #缓存超时
    keepalive_timeout           120s;            #TCP 保持
    keepalive_requests          1000;
    ssl_prefer_server_ciphers   on;              #使用服务器密码
    ssl_ciphers                 ECDHE:!CBC:!NULL:!aNULL:!eNULL:!MD5:!ADH:!RC4:!DH:!DHE;
    ssl_early_data              on;              #开启 1.3 o-RTT


  # OCSP Stapling 开启。OCSP是用于在线查询证书吊销情况的服务,使用OCSP Stapling能将证书有效状态的信息缓存到服务器,提高 TLS 握手速度
    ssl_stapling                on;
    ssl_stapling_verify         on;
    ssl_trusted_certificate     /etc/nginx/conf/full_chained.pem;
    resolver                    208.67.222.222 208.67.220.220 valid=240s;
    resolver_timeout            5s;



  # 设置各种反代http头和浏览器http头
    proxy_hide_header           X-Real-IP; #隐藏X-Real-IP,改用x_forwarded
    proxy_set_header            Host $host;
    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_hide_header           Strict-Transport-Security;
    add_header                  Strict-Transport-Security "max-age=126144000; includeSubdomains; preload";
    proxy_hide_header           X-Frame-Options;
    add_header                  X-Frame-Options SAMEORIGIN; #禁止跨域iframe
    proxy_hide_header           X-Content-Type-Options;
    add_header                  X-Content-Type-Options nosniff; #防止 MIME 类型混淆攻击
    proxy_hide_header           Content-Security-Policy;
    add_header                  Content-Security-Policy upgrade-insecure-requests; #升级http为https

 #  跨域
    proxy_hide_header           Access-Control-Allow-Origin;
    add_header                  Access-Control-Allow-Origin *;
    proxy_hide_header           Access-Control-Allow-Methods;
    add_header                  Access-Control-Allow-Methods 'GET, POST, OPTIONS';
    proxy_hide_header           Access-Control-Allow-Headers;
    add_header                  Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
 #  Error http-https
    error_page                  497 https://zhuihoude.com$request_uri?url_497;

    error_page 400              /error/400.html;
    error_page 401              /error/401.html;
    error_page 403              /error/403.html;
    error_page 404              /error/404.html;
    error_page 502 =200         /error/502.html;
    error_page 504 =200         /error/504.html;

 

全部评论