centos 源码编译安装nginx 1.18.0 教程 nginx安装脚本

 

  • 源码编译安装nginx 1.18.0
  • pcre zlib openssl的库通过yum安装
  • nginx 源码安装maxmind IP 库, 编译安装谷歌 brotli 压缩
  • 修改最大打开文件描述符数到最大
  • 如需不需要关闭selinux, iptables, firewalld, 请在disable_firewall前面加#
  • nginx 反向代理配置文件,nginx开启缓存配置,请参考下方的nginx.conf
  • nginx 开启反向代理websocket

 

#!/bin/bash
yum install epel-release -y
yum install gcc gcc-c++ pcre pcre-devel openssl openssl-devel zlib zlib-devel make automake -y
yum install autoconf libtool iptables-services wget bind-utils unzip -y

cd /usr/local/src
rm -rf *

mv /etc/localtime /etc/localtime.bak
/bin/cp -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
echo 'ZONE="CST"' > /etc/sysconfig/clock


disable_firewall() {

setenforce 0
sed -i "s/=enforcing/=disabled/g" /etc/selinux/config
systemctl firewalld stop
systemctl disable firewalld
chkconfig iptables on
service iptables start
iptables -F
service iptables save

}

disable_firewall

cd /usr/local/src/
wget http://download.zhufunin.com/libmaxminddb-1.3.2.tar.gz
tar zxf libmaxminddb-1.3.2.tar.gz
cd libmaxminddb-1.3.2
./configure
make && make install
[[ -z `cat /etc/ld.so.conf |grep "\/usr\/local\/lib"` ]] && echo "/usr/local/lib" >> /etc/ld.so.conf
ldconfig

cd /usr/local/src/
wget http://download.zhufunin.com/ngx_http_geoip2_module.zip
unzip ngx_http_geoip2_module.zip

wget http://download.zhufunin.com/ngx_brotli.tar.gz
tar zxf ngx_brotli.tar.gz

wget http://nginx.org/download/nginx-1.18.0.tar.gz
tar zxf nginx-1.18.0.tar.gz

useradd -M -s /sbin/nologin www

cd /usr/local/src/nginx-1.18.0
./configure \
--user=www \
--group=www \
--prefix=/usr/local/nginx \
--with-http_ssl_module \
--with-http_sub_module \
--with-http_gzip_static_module \
--with-http_gunzip_module \
--with-http_stub_status_module \
--with-http_realip_module \
--with-stream \
--with-http_v2_module \
--with-threads \
--with-http_slice_module \
--add-module=/usr/local/src/ngx_http_geoip2_module-master \
--add-module=/usr/local/src/ngx_brotli
make -j2
make install

 

 

 

nginx

启动/usr/local/nginx/sbin/nginx

reload: /usr/local/nginx/sbin/nginx -s reload

停止:  /usr/local/nginx/sbin/nginx -s quit

 

下面使一些额外的

mkdir -p /usr/local/nginx/ssl
openssl req -x509 -nodes -days 10000 -newkey rsa:2048 -keyout /usr/local/nginx/ssl/nginx.key -out /usr/local/nginx/ssl/nginx.crt -subj "/C=US/ST=US/L=US/O=ssl/OU=ssl/CN=ssl.com/emailAddress=admin@ssl.com"

mkdir -p /usr/local/nginx/geoip
cd /usr/local/nginx/geoip
wget http://download.zhufunin.com/maxmind-city.mmdb.tar.gz
tar zxf maxmind-city.mmdb.tar.gz


echo "ulimit -n 65536" >> /etc/profile
echo "root soft nofile 65536" >> /etc/security/limits.conf
echo "root hard nofile 65536" >> /etc/security/limits.conf
echo "* soft nofile 65536" >> /etc/security/limits.conf
echo "* hard nofile 65536" >> /etc/security/limits.conf
source /etc/profile

 

 nginx.conf配置

user  www;
pid                  /var/run/nginx.pid;
worker_processes     auto;
worker_rlimit_nofile 65535;
events {
    multi_accept       on;
    worker_connections 65535;
}
http {
    charset              utf-8;
    sendfile             on;
    tcp_nopush           on;
    tcp_nodelay          on;
    server_tokens        off;
    log_not_found        off;
    types_hash_max_size  2048;
    client_max_body_size 100M;
    server_names_hash_bucket_size  64;
    resolver 8.8.8.8 8.8.4.4 1.1.1.1 valid=600s ipv6=off;
    resolver_timeout 30s;
    proxy_connect_timeout 600;
    proxy_send_timeout 600;
    proxy_read_timeout 600;

    # MIME
    include              mime.types;
    default_type         application/octet-stream;
    # Logging
    log_format main '$time_local{F;}$remote_addr{F;}$http_host{F;}$request_uri{F;}$upstream_cache_status{F;}$status{F;}$upstream_addr{F;}$upstream_status{F;}$upstream_response_time{F;}$request_time{F;}$body_bytes_sent{F;}$request_length{F;}$content_length{F;}$sent_http_cache_control{F;}$sent_http_content_type{F;}$http_referer{F;}$http_x_forwarded_for{F;}$http_user_agent{F;}$server_port{F;}$server_protocol{F;}$request_method{F;}$scheme{F;}$ssl_protocol{F;}$remote_port{F;}$http_cookie{F;}$args';
    access_log           /usr/local/nginx/logs/access.log main;
    error_log            /usr/local/nginx/logs/error.log;

 
    proxy_cache_path /usr/local/nginx/proxy_cache/ levels=1:2 keys_zone=static:5m inactive=14d max_size=5G use_temp_path=off;

    upstream myupstream {
    server 127.0.0.1:7070;
    }

    server {
        listen       80;
        server_name  www.test123.com;
        access_log off;
        # gzip
        gzip              on;
        gzip_min_length 1k;
        gzip_vary         on;
        gzip_proxied      any;
        gzip_comp_level   6;
        gzip_types        text/xml text/plain application/xml application/xhtml+xml image/svg+xml text/javascript application/x-javascript application/javascript application/json text/css application/font-woff application/rss+xml application/atom+xml;

        # brotli
        brotli            on;
        brotli_comp_level 6;
        brotli_types      text/xml text/plain application/xml application/xhtml+xml image/svg+xml text/javascript application/x-javascript application/javascript application/json text/css application/font-woff application/rss+xml application/atom+xml;

        location / {
        proxy_http_version                 1.1;
        proxy_cache_bypass                 $http_upgrade;
        proxy_set_header Upgrade           $http_upgrade;
        proxy_set_header Connection        "upgrade";
        proxy_set_header Host              $host;
        proxy_set_header X-Real-IP         $remote_addr;
        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host  $host;
        proxy_set_header X-Forwarded-Port  $server_port;
        proxy_set_header Accept-Encoding "";
        proxy_pass http://myupstream;
        }
        # favicon.ico
        location = /favicon.ico {
        log_not_found off;
        access_log    off;
        }
        # ACME-challenge
        location ^~ /.well-known/acme-challenge/ {
            alias /usr/local/nginx/ssl/;
        }
        #proxy_store
        location ~*  ^.*\.(jpg|png)$
       {
            proxy_http_version          1.1;
            proxy_set_header Connection '';
            proxy_set_header Host              $host;
            proxy_set_header X-Real-IP         $remote_addr;
            proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Forwarded-Host  $host;
            proxy_set_header X-Forwarded-Port  $server_port;

            proxy_set_header Accept-Encoding "";
            proxy_ignore_headers Cache-Control;
            proxy_ignore_headers Set-Cookie;
            proxy_hide_header Cache-Control;
            proxy_hide_header Set-Cookie;
                add_header X-Proxy-Cache 'HIT';
                root /usr/local/nginx/proxy_store/;
                proxy_store on;
                proxy_store_access user:rw group:rw all:rw;
                proxy_temp_path /usr/local/nginx/proxy_store/;
                if ( !-e $request_filename) {
                    proxy_pass http://myupstream;
                }
        }
        #proxy_cache
        location ~*  ^.*\.(gif|jpg|jpeg|png|bmp|swf|woff2|css|js|rar|zip|docx|tiff|csv|pptx|svg|midi|ppt|mid|fnt|svgz|ps|doc|eps|eot|tif|xlsx|woff|ejs|pdf|ico|class|webp|jar|pls|otf|xls|pict|ttf|opus|webm|mp3|ogg|zip|mp4|ipa|apk|wav|m4a)$
       {
            proxy_http_version          1.1;
            proxy_set_header Connection '';
            proxy_set_header Host              $host;
            proxy_set_header X-Real-IP         $remote_addr;
            proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Forwarded-Host  $host;
            proxy_set_header X-Forwarded-Port  $server_port;
                
            proxy_ignore_headers Cache-Control;
            proxy_ignore_headers Set-Cookie;
            proxy_hide_header Cache-Control;
            proxy_hide_header Set-Cookie;
 

            add_header X-Proxy-Cache '$upstream_cache_status';
                proxy_cache static;
                proxy_cache_lock on;
                proxy_cache_key $uri$is_args$args;
                proxy_cache_valid 404 10s;
                proxy_cache_valid 200 206 301 304 14d;
                proxy_cache_valid 405 2m;
                expires 14d;
                if ( !-e $request_filename) {
                    proxy_pass http://myupstream;
                }
        }

    }
}

 免费let's encrypt证书申请

mkdir -p /usr/local/shell/
cd /usr/local/shell/
wget -O acme_tiny.py http://download.zhufunin.com/acme_tiny.py
wget -O autossl.sh http://download.zhufunin.com/autossl.sh
chmod 755 autossl.sh
chmod 755 acme_tiny.py

用法是
cd /usr/local/shell/
./autossh.sh www.123abc.com
后面接域名

 

相关文章:

猜你喜欢
相关资源
相似解决方案
热门标签
Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode