CentOS8 源碼編譯安裝Nginx及相應配置

一、編譯安裝

#給nginx集成echo模塊
wget https://github.com/openresty/echo-nginx-module/archive/v0.62.tar.gz
tar -zxvf v0.62.tar.gz

yum -y install gcc gcc-c++ pcre pcre-devel zlib zlib-devel openssl openssl-devel --setopt=protected_multilib=false
wget http://nginx.org/download/nginx-1.18.0.tar.gz  (建議在下載下來之后先更改源碼中nginx版本號及其它敏感信息 
解壓tar -xzvf nginx-1.8.0.tar.gz
vim src/core/nginx.h   (10.0     Microsoft-IIS/)
groupadd www #添加www組
useradd -g www www -s /bin/false #創(chuàng)建nginx運行賬戶www并加入到www組,不允許www用戶直接登錄系統(tǒng)
創(chuàng)建目錄:  mkdir -p /var/cache/nginx/client_temp/ /var/log/nginx/ /usr/local/nginx/tmp/proxy_temp /var/tmp/nginx/fcgi/ /var/tmp/nginx/proxy/

./configure --prefix=/usr/local/nginx --sbin-path=/usr/local/nginx/sbin/nginx --error-log-path=/var/log/nginx/error.log --pid-path=/usr/local/nginx/logs/nginx.pid --lock-path=/var/lock/nginx.lock --user=www --group=www --with-http_ssl_module --with-http_dav_module --with-http_realip_module --with-http_flv_module --with-http_gzip_static_module --with-http_stub_status_module --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/cache/nginx/client_temp/ --http-proxy-temp-path=/var/tmp/nginx/proxy/ --http-fastcgi-temp-path=/var/tmp/nginx/fcgi/ --add-module=/usr/local/soft/echo-nginx-module-0.62/

make && make install

二、nginx.conf

user  root;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    use epoll;
    worker_connections  2048;
}

http {
        ## 這里取得原始用戶的IP地址
        map $http_x_forwarded_for $clientRealIp {
                ""      $remote_addr;
                ~^(?P<firstAddr>[0-9\.]+),?.*$  $firstAddr;
        }
        #自定義日志格式
        log_format main   '$clientRealIp [$time_local] "$request" $status "$http_referer" "$http_user_agent" $ssl_protocol $ssl_cipher $upstream_addr $request_time $upstream_response_time';

        #針對原始用戶 IP 地址做限制
        limit_conn_zone $clientRealIp zone=TotalConnLimitZone:10m;
        limit_conn TotalConnLimitZone 5;    #限制每個IP只能發(fā)起5個并發(fā)連接

        #每秒處理 10 個請求
        limit_req_zone $clientRealIp zone=ConnLimitZone:10m  rate=10r/s;


        include                  mime.types;
        include                  gzip.types;
        default_type          application/octet-stream;
        include                  vhosts/*.conf;
}

二、gzip.types

server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
keepalive_timeout 65;
client_body_temp_path /usr/local/nginx/client_body_temp;
proxy_temp_path /usr/local/nginx/tmp/proxy_temp;
#gzip模塊設置
gzip on;
gzip_min_length  1k;
gzip_buffers     4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;  #壓縮等級
#壓縮類型,認已包含text/html,所以下面不用再寫,寫上去也不會有問題,但有一個警
gzip_types       text/plain application/x-javascript text/css application/xml;
gzip_vary on;
client_header_timeout  3m;
client_body_timeout    3m;
send_timeout          3m;
sendfile                on;
tcp_nopush              on;
tcp_nodelay            on;

三、vhosts/**1.conf

server {
        listen      443 ssl;
        #證書文件
        ssl_certificate /opt/web/ssl/***.com.pem;
        #私鑰文件
        ssl_certificate_key     /opt/web/ssl/***.com.key;
        server_name     ***.com www.***.com *.***.com;
        root            /opt/web/***.com/;
        index  default.html index.html index.htm;

        #CDN IP 獲取
        set $Real_IP $http_x_forwarded_for;
        #最多 5 個排隊, 由于每秒處理 10 個請求 + 5個排隊,你一秒最多發(fā)送 15 個請求過來,再多就直接返回 503 錯誤
        limit_req zone=ConnLimitZone burst=5 nodelay;

        #從系統(tǒng)時間中正則匹配出年月日
        if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})") {
                set $access_date $1-$2-$3;
        }
        access_log   /var/log/nginx/$access_date.access_www.***.com.log  main;
        error_log    /var/log/nginx/error_www.***.com.log   warn;
        error_page 401 404 /40x.html;
        error_page 500 504 /50x.html;
        location = /40x.html {
                root /usr/local/nginx/html;
        }
        location = /50x.html {
                root /usr/local/nginx/html;
        }
        if ($host != 'www.***.com') {
                rewrite ^/(.*)$ https://www.***.com/$1 permanent;
        }

        #測試獲取當前真實IP
        location /realip {
                default_type text/plain;
                echo $clientRealIp;
        }

        #忽略js.map文件
        rewrite ^/(.*).js.map /resource/js/nullmap.txt permanent;
        #解決蘋果設備發(fā)起的請求
        rewrite ^/apple-touch-(.*).png /resource/img/logo-ren.png permanent;

        #驗證碼
        location ^~ /auth/vCode {
                proxy_pass http://**.*****.com:82;
                proxy_set_header X-Real-IP  $Real_IP;
        }
        #統(tǒng)計閱讀量
        location ^~ /cms/newsdoc/readcount/ {
                proxy_pass http://**.*****.com:82;
                proxy_set_header X-Real-IP  $Real_IP;
        }
        #執(zhí)行指定搜索
        location ^~ /search/detail/ {
                proxy_pass http://**.*****.com:82;
                proxy_set_header X-Real-IP  $Real_IP;
        }
        #執(zhí)行指定搜索(熱門搜索)
        location ^~ /search/keySearchDetail/ {
                proxy_pass http://**.*****.com:82;
                proxy_set_header X-Real-IP  $Real_IP;
        }
        location ~ .*\.(js|css|html)$ {
                expires 7d;
        }
        location ~ .*\.(ico|gif|jpg|jpeg|png|bmp)$ {
                expires 30d;
        }
        location ~ ^/(WEB-INF|META-INF)/* {
                deny all;
        }
}

四、vhosts/**2.conf

server {
        listen      443 ssl;
        #證書文件
        ssl_certificate /opt/web/ssl/*****.com.pem;
        #私鑰文件
        ssl_certificate_key     /opt/web/ssl/*****.com.key;
        server_name     **.*****.com;
        root            /opt/web/*****.com/;
        index  default.html index.html index.htm;
        access_log   /var/log/nginx/access_**.*****.com.log  main;
        error_log    /var/log/nginx/error_**.*****.com.log   warn;
        error_page 401 404 /40x.html;
        error_page 500 504 /50x.html;
        location = /40x.html {
                root /usr/local/nginx/html;
        }
        location = /50x.html {
                root /usr/local/nginx/html;
        }
        location ~ .*\.(js|css|html)$ {
                expires 7d;
        }
        location ~ .*\.(ico|gif|jpg|jpeg|png|bmp)$ {
                expires 30d;
        }
        location ^~ /file/ {
                root /opt/web/*****.com/;
        }
        location ^~ /html/ {
                root /opt/web/*****.com/;
        }
        location ^~ /resource/ {
                root /opt/web/*****.com/;
        }
        location ^~ / {
                root /opt/web/*****.com/;
                index  default.html index.html index.htm;
                proxy_pass http://**.*****.com:82;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP  $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_send_timeout 600;
                proxy_read_timeout 600;
                proxy_connect_timeout 600;
                client_max_body_size 20M;
        }
        location ~ ^/(WEB-INF|META-INF)/* {
                deny all;
        }
}

五、sbin/clearLogs.sh

#!/bin/bash
#find ./ -name “*date*” -mtime +2 當前目錄下文件名包含access_www.*****.com.log,而且修改時間在24*10小時以上的
find /var/log/nginx/ -mtime +10 -name "*.access_www.******.com.log" -exec rm -rf {} \;

六、每天定時執(zhí)行

終端執(zhí)行:crontab -e
錄入:

# 每日01時定時執(zhí)行清理歷史日志文件
00 1 * * * /usr/local/nginx/sbin/clearLogs.sh
最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時請結(jié)合常識與多方信息審慎甄別。
平臺聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點,簡書系信息發(fā)布平臺,僅提供信息存儲服務。
禁止轉(zhuǎn)載,如需轉(zhuǎn)載請通過簡信或評論聯(lián)系作者。

友情鏈接更多精彩內(nèi)容