centos 6.5上编译安装nginx

时间 2019-11-12

标签 centos 6.5 编译安装 nginx 栏目 CentOS 繁體版

原文原文链接

平台：Centos 6.5 x86_64
1，安装基本库
yum install -y gcc gcc-c++ autoconf automake
2，安装支持模块
yum install -y zlib zlib-devel openssl openssl-devel pcre pcre-devel
3，简单编译安装nginx
wget http://nginx.org/download/nginx-1.12.0.tar.gz
tar zxvf nginx-1.12.0.tar.gz
cd nginx-1.12.0
./configure
make
make install
编译安装默认二进制文件、配置文件目录是/usr/local/nginx，编译安装可能是为了定制安装模块或者添加第三方模块，./configure --help便可看到模块介绍，按需求选择便可
默认配置文件 /usr/local/nginx/conf/nginx.conf
默认web根目录/usr/local/nginx/html
默认日志目录/usr/local/nginx/logs/
启动
/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
中止
kill - QUIT '/usr/local/webserver/nginx/logs/nginx.pid'
快速中止/usr/local/nginx/sbin/nginx -s stop
强制中止
pkill -9 nginx
ps -ef | grep nginx
kill -s SIGINT pid
4，特性配置
4.1 nginx压缩输出配置
nginx.conf下
http{...}中
gzip on;
gzip_min_length 1k;
gzip_buffers     4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
4.2自动列出目录配置
在虚拟主机location / {
    autoindex on;
    autoindex_exact_size on;
    autoindex_localtime on;
}
4.3浏览器本地图片、js、css文件缓存配置
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
    expires 7d;
}
location ~ .*\.(js|css)?$
{
    expires 1h;
}
4.4目录自动加斜线
if (-d $request_filename){
       rewrite ^/(.*)([^/])$ http://$host/$1/$2/ permanent;
}
配置完nginx 后检查语法正确与否
/usr/local/nginx/sbin/nginx -t
查看nginx主进程号
ps -ef | grep "nginx: master process" | grep -v "grep" | awk -F ' ' '{print $2}'
5.优化内核参数
vi /etc/sysctl.conf
net.ipv4.tcp_max_syn_backlog = 65536
net.core.netdev_max_backlog = 32768
net.core.somaxconn = 32768
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_tw_recycle =1
#net.ipv4.tcp_tw_len =1
net.ipv4.tcp_tw_reuse =1
#net.ipv4.tcp_fin_timeout = 30
#net.ipv4.tcp_keepalive_time = 120
net.ipv4.ip_local_port_range = 1024 65535
1)配置DDOS防护
nginx.conf里的http段
limit_req_log_level warn;
limit_req_zone $bianry_remote_dir zone=ONLY_one:10m rate=1r/s;
default.conf的server段
limit_req zone=ONLY_one burst=5;
DDOS还能够在nginx.conf设置最高链接数、减小keepalive_timeout值来限制
若是server段执行rewrite指令，那么请求将在location肯定以前执行，若是在被选择的location中仍然rewrite，那么它一样被执行，若是在这个location中又出发rewrite，那么就会再次改变URI。这种周期为10次，若10次以后仍然找不到具体的URI，则返回500错误。
2)对图片、视频及音乐文件设置防盗链
location ~* \. (gif|jpg|png|bmp|swf|flv|mp4|mp3)$ {
    valid_referers none blocked www.yonglibao.com;
    if ($invalid_referer) {
    rewrite ^/ http://www.yonglibao.com/403.html;
    }
}
3)https服务优化
nginx.conf配置http段添加
ssl_session_cacheshared:SSL:10m;
ssl_session_timeout 10m;
下降ssl握手：增长ssl会话缓存，延长缓存时间javascript