CentOS 7.6 安装 nginx，配置端口访问网站,切换root目录

20190329 CentOS 7.6 安装 nginx，配置端口访问网站

一、查询一下 nginx

yum search nginx
	已加载插件：fastestmirror
	Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast
	Determining fastest mirrors
	 * base: mirrors.aliyun.com
	 * extras: mirrors.aliyun.com
	 * updates: mirrors.aliyun.com
	epel                                                                12744/12744
	......

** 若是已经有旧版本，能够从新卸载安装

二、安装 nginx

sudo yum install -y nginx

启动并设置为开机启动
基本指令：
	sudo systemctl start nginx.service
	sudo systemctl enable nginx.service
	sudo systemctl status nginx.service
	sudo systemctl restart nginx.service

查看版本，确认启动
 nginx -v
	nginx version: nginx/1.12.2
ps -ef |grep nginx

测试网站配置
	sudo nginx -t
	
	curl 127.0.0.1

三、配置 8080 端口访问的网站

参考

https://m.linuxidc.com/Linux/2019-02/156789.htm https://blog.csdn.net/yongzhang52545/article/details/51282914

1.  检查 nginx 配置文件
	sudo  vim /etc/nginx/nginx.conf
	内容摘要以下：
			    server {
	        listen       80 default_server;
	        listen       [::]:80 default_server;
	        server_name  _;
	        root         /usr/share/nginx/html;
	....
	# Load modular configuration files from the /etc/nginx/conf.d directory.
	    # See http://nginx.org/en/docs/ngx_core_module.html#include
	    # for more information.
	    include /etc/nginx/conf.d/*.conf;
	    
	    配置网站模块放在  /etc/nginx/conf.d/*.conf 下
2. 新建一个网站 ： chuangke.conf 
	sudo touch /etc/nginx/conf.d
	sudo vim  chuangke.conf
	加入如下内容
		server {
        listen       8080;
        server_name  127.0.0.1;
        root        /usr/share/nginx/chuangke;
        # root    /var/www/chuangke;
        index   index.html;

        location / {
        }
    }

测试一下配置
    sudo nginx -t
	nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
	nginx: configuration file /etc/nginx/nginx.conf test is successful

重启 nginx
 sudo systemctl restart nginx

测试网站
curl 127.0.0.1:8080 
使用 root    /var/www/chuangke 老是 403 错误？！
	    <html>
	<head><title>403 Forbidden</title></head>
	<body bgcolor="white">
	<center><h1>403 Forbidden</h1></center>
	<hr><center>nginx/1.12.2</center>
	</body>
	</html>

四、 开放 8080 端口

1. 查看防火墙状态
	sudo systemctl status firewalld
	
	sudo firewall-cmd --state
		running
2. 防火墙基本命令
	# 开启
	service firewalld start
	# 重启
	service firewalld restart
	# 关闭
	sudo service firewalld stop
	
	# 查看防火墙规则
	sudo firewall-cmd --list-all 
	sudo firewall-cmd --state
3. 开启 8080 端口
	sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent
	
	重启防火墙
	sudo systemctl restart firewalld.service
	
	sudo firewall-cmd --reload

4. 不知道为何，就把本身关在外面了 ssh 链接不上去了！
	sudo firewall-cmd --list-all 
		public (active)
		  target: default
		  icmp-block-inversion: no
		  interfaces: enp0s3
		  sources: 
		  services: ssh dhcpv6-client
		  ports: 
		  protocols: 
		  masquerade: no
		  forward-ports: 
		  source-ports: 
		  icmp-blocks: 
		  rich rules: 
	** 能够看到，ports 一个都没有！	  
	** 干脆从新增长端口的时候，先加上 20，22 端口
	sudo firewall-cmd --zone=public --add-port=80/tcp --permanent
	sudo firewall-cmd --zone=public --add-port=22/tcp --permanent
	sudo firewall-cmd --zone=public --add-port=21/tcp --permanent
	sudo firewall-cmd --zone=public --add-port=20/tcp --permanent
	sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent
	sudo firewall-cmd --zone=public --add-port=4433/tcp --permanent

重启防火墙
	sudo systemctl restart firewalld.service
从新查看防火墙规则
	sudo firewall-cmd --list-all 
		public (active)
		  target: default
		  icmp-block-inversion: no
		  interfaces: enp0s3
		  sources: 
		  services: ssh dhcpv6-client
		  ports: 80/tcp 22/tcp 21/tcp 20/tcp 8080/tcp 4433/tcp
		  protocols: 
		  masquerade: no
		  forward-ports: 
		  source-ports: 
		  icmp-blocks: 
		  rich rules: 
** 如今能够安全的退出、从新 ssh 了！

五、再增长一个其余端口 （例如：4433）发生错误

1. 测试：将以上 chuangke.conf 的端口改为 4433后
		sudo systemctl restart nginx
		返回错误！
			Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.

2. 测试 nginx 配置是 OK！
	sudo nginx -t
		nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
		nginx: configuration file /etc/nginx/nginx.conf test is successful
	
3. 查看错误信息
		sudo systemctl status nginx.service
			......
		3月 29 15:07:26 centos7-71 nginx[18289]: nginx: [emerg] bind() to 0.0.0.0:4433 failed (13: Permission denied)
			......
			3月 29 15:07:26 centos7-71 systemd[1]: Unit nginx.service entered failed state.
			3月 29 15:07:26 centos7-71 systemd[1]: nginx.service failed.

** 4433 端口不容许！

六、semanage 解决 http 端口访问配置（Selinux）

参考 https://blog.csdn.net/runsnail2018/article/details/81185138 https://zhb1208.iteye.com/blog/1432957

1. 直接安装 semanage 会提示：没有 semanage
	sudo yum update
	sudo yum install semanage 
		已加载插件：fastestmirror
		Loading mirror speeds from cached hostfile
		 * base: mirrors.aliyun.com
		 * extras: mirrors.aliyun.com
		 * updates: mirrors.aliyun.com
		没有可用软件包 semanage。
		错误：无须任何处理

2. 按照参考文档，执行一下设置和安装命令
	1）. yum provides /usr/sbin/semanage
	2）. yum -y install policycoreutils-python
	3）. 如今就能够执行 semanage 命令了
3. 查看 http 能够访问的端口
	sudo semanage port -l | grep http_port_t
			http_port_t                    tcp      80, 81, 443, 488, 8008, 8009, 8443, 9000
		pegasus_http_port_t            tcp      5988
	** 果真没有发现 4433 端口！	
4. 增长 4433 到 http 访问端口
	sudo semanage port -a -t http_port_t  -p tcp 4433
5. 再来看看 http 端口 
sudo semanage port -l | grep http_port_t
		http_port_t                    tcp      4433, 80, 81, 443, 488, 8008, 8009, 8443, 9000
		pegasus_http_port_t            tcp      5988
** 如今能够访问 4433 了
	sudo systemctl restart nginx
	sudo systemctl status nginx.service
	OK！

一直没有搞明白 SELinux 干么用的！如今有点儿明白了！

不是简单从防火墙开放一个端口就能够了 还要配置 特定服务（此次是 HTTP）可使用哪些端口

六、切换root目录一直 403 错误

参考 http://www.javashuo.com/article/p-rxcpetoj-hs.html

** 这个博客应该是正确的！可是，我照着操做了，仍是不行！

实在没有办法了！
只好先关闭 SELinux ！之后再学习！

sudo vim /etc/selinux/config
		# by wzh 20190329 disable SELINUX
		SELINUX=disabled
		# SELINUX=enforcing

重启才能生效！

查看 SELinux
sestatus
	SELinux status:                 disabled