安装配置Nginx

挂载远程源码包到本地

mount.cifs //192.168.100.10/LNMP-C7 /mnt        //挂载到/mnt目录下

解压源码包到/opt目录下

[root@localhost ~]# cd /abc                                                       //切换到挂载点目录
[root@localhost abc]# ls
Discuz_X3.4_SC_UTF8.zip    nginx-1.12.2.tar.gz
mysql-boost-5.7.20.tar.gz  php-7.1.10.tar.gz
[root@localhost abc]# tar zxvf nginx-1.12.2.tar.gz -C /opt        //解压Nginx源码包到/opt下
[root@localhost abc]# cd /opt/                                                  //切换到解压的目录下
[root@localhost opt]# ls
nginx-1.12.2  rh

安装编译需要的环境组件包

[root@localhost opt]# yum -y install \
gcc \                                              //c语言
gcc-c++ \                                      //c++语言
pcre-devel \                                  //pcre语言工具
zlib-devel                                     //数据压缩用的函式库

创建程序名为nginx的用户并编译Nginx

[root@localhost opt]# useradd -M -s /sbin/nologin nginx     //创建程序用户,限定其
[root@localhost opt]# cd nginx-1.12.2/                                //切换到nginx目录下
[root@localhost nginx-1.12.2]# ./configure \                        //配置nginx
> --prefix=/usr/local/nginx \                                                  //安装路径
> --user=nginx \                                                                   //用户名
> --group=nginx \                                                                 //用户组
> --with-http_stub_status_module                                       //访问状态统计模块

编译和安装

[root@localhost nginx-1.12.0]# make && make install                               //编译及安装

制作Nginx管理脚本,便于管理使用

[root@localhost nginx]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/ 
                                                                                        //创建软连接                                                                 [root@nginx nginx-1.12.2]# vim /etc/init.d/nginx             //编辑启动脚本
#!/bin/bash
# chkconfig: - 99 20
# description: Nginx Service Control Script
PROG="/usr/local/nginx/sbin/nginx"
PIDF="/usr/local/nginx/logs/nginx.pid"
case "$1" in
  start)
    $PROG
    ;;
  stop)
    kill -s QUIT $(cat $PIDF)
    ;;  
  restart)
    $0 stop
    $0 start
    ;;  
  reload)
    kill -s HUP $(cat $PIDF)
    ;;  
  *)    
        echo "Usage: $0 {start|stop|restart|reload}"
        exit 1  
esac            
exit 0
[root@nginx nginx-1.12.2]# chmod +x /etc/init.d/nginx                  //给脚本执行权限
[root@nginx nginx-1.12.2]# chkconfig --add nginx                        //添加到service管理器中
[root@nginx nginx-1.12.2]# yum install elinks -y                           //
[root@nginx nginx-1.12.2]# service nginx start                             //启动Nginx服务
[root@nginx nginx-1.12.2]# netstat -ntap | grep 80
tcp        0      0 0.0.0.0:80        0.0.0.0:*          LISTEN      42028/nginx: master 
[root@nginx nginx-1.12.2]# systemctl stop firewalld.service                   //关闭防火墙
[root@nginx nginx-1.12.2]# setenforce 0                                          //关闭增强型安全功能
[root@nginx nginx-1.12.2]# elinks http://192.168.131.133/                                                                                                           

配置Nginx网页缓存

复制图片到站点目录

[root@localhost nginx-1.12.0]# ls /abc
Discuz_X3.4_SC_UTF8.zip    nginx-1.12.2.tar.gz
tupian.png                   php-7.1.10.tar.bz2
mysql-boost-5.7.20.tar.gz  php-7.1.20.tar.gz
nginx-1.12.0.tar.gz
[root@localhost nginx-1.12.0]# cp /abc/game.jpg /usr/local/nginx/html/
[root@localhost nginx-1.12.0]# cd /usr/local/nginx/html/
[root@localhost html]# ls
50x.html  game.jpg  index.html

修改网页信息,将图片加到index.html文件中

[root@localhost html]# vim index.html

Welcome to nginx!

//添加图片路径
[root@localhost html]# vim /usr/local/nginx/conf/nginx.conf             //修改配置文件
events {
        worker_connections  1024;
}
        user nginx nginx;                     //修改Nginx用户和组
    #deny access to .htaccess files, if Apache's document root
    #concurs with nginx's one
    location ~\.(gif|jepg|jpg|ico|bmp|png)$ {              //添加支持图片格式
        root html;           //站点
        expires 1d;         //缓存一天
        }
[root@localhost html]# service nginx stop                  //重启服务
[root@localhost html]# service nginx start 

使用虚拟机访问网页,并使用fiddler查看缓存

Nginx优化之缓存与压缩、版本隐藏_第1张图片

Nginx网页压缩

修改Nginx.conf文件

[root@localhost ~]# cd /usr/local/nginx/conf/
[root@localhost conf]# vim nginx.conf
gzip  on;                   //使用x键删除此行前的井号注释
gzip_min_length 1k;                  //压缩阈值
gzip_buffers 4 16k;                   //buffers大小为4个16k缓冲区大小
gzip_http_version 1.1;              //压缩版本号
gzip_comp_level 6;
//压缩比率,最小为1,处理快但传输慢;最大为9,处理慢,但传输快;此处设6,相对适中
gzip_types text/plain application/x-javascript text/css image/jpg image/jpegimage/png image/gif application/xml text/javascript application/x-httpd-php 
application/javascript application/json;                     //支持的类型格式类型
gzip_disable "MSIE [1-6]\.";
//配置禁用gzip条件,支持正则表达式,表示ie6以下不启用gzip
gzip_vary on;                     //让前端的缓存服务器缓存经过gzip压缩的页面

复制图片到站点目录

[root@localhost conf]# cd ../html/
[root@localhost html]# cp /abc/tupian.png/
[root@localhost html]# ls
50x.html  tupian.png  index.html

修改站点首页内容

[root@localhost html]# vim index.html

Welcome to nginx!

//在h1标签下添加图片路径 [root@localhost html]# systemctl stop nginx.service //重启服务 [root@localhost html]# systemctl start nginx.service [root@localhost html]# systemctl stop firewalld.service //关闭防火墙 [root@localhost html]# setenforce 0 //关闭增强型安全功能

使用测试机访问网页,并使用fiddler查看压缩
Nginx优化之缓存与压缩、版本隐藏_第2张图片

Nginx版本隐藏

隐藏版本号

[root@localhost init.d]# curl -I http://192.168.131.133/              //查看Nginx信息
HTTP/1.1 200 OK
Server: nginx/1.12.2           //显示版本号
Date: Tue, 12 Nov 2019 14:23:24 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 12 Nov 2019 13:46:35 GMT
Connection: keep-alive
ETag: "5dcab7bb-264"
Accept-Ranges: bytes
[root@localhost init.d]# vim /usr/local/nginx/conf/nginx.conf  ##修改配置文件

http {              //在http下添加
        include       mime.types;
        default_type  application/octet-stream;
        server_tokens off;            //关闭版本号

[root@localhost init.d]# service nginx stop         //关闭服务
[root@localhost init.d]# service nginx start        //开启服务
[root@localhost init.d]# curl -I http://192.168.131.133/          //查看Nginx信息
HTTP/1.1 200 OK      
Server: nginx                   //版本号被隐藏
Date: Tue, 12 Nov 2019 14:22:00 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 12 Nov 2019 13:46:35 GMT
Connection: keep-alive
ETag: "5dcab7bb-264"
Accept-Ranges: bytes

伪造版本号

[root@localhost init.d]# vim /usr/local/nginx/conf/nginx.conf
http {
        include       mime.types;
        default_type  application/octet-stream;
        server_tokens on;                  //开启版本号
[root@localhost init.d]# cd /opt/nginx-1.12.2/src/core/             //切换到src源码包目录
[root@localhost core]# vim nginx.h       //进入配置文件

#define NGINX_VERSION      "1.1.1"               //此处版本号伪造成1.1.1
[root@localhost core]# cd /opt/nginx-1.12.2/         //切换目录到Nginx下
[root@localhost nginx-1.12.2]# ./configure \         //重新配置
> --prefix=/usr/local/nginx \
> --user=nginx \
> --group=nginx \
> --with-http_stub_status_module
[root@localhost nginx-1.12.0]# make && make install          //重新编译及安装
[root@localhost nginx-1.12.2]# service nginx stop        //重启服务
[root@localhost nginx-1.12.2]# service nginx start        
[root@localhost nginx-1.12.2]# curl -I http://192.168.131.133/            //查看Nginx信息
HTTP/1.1 200 OK 
Server: nginx/1.1.1              //此时的版本号就是伪造的版本号
Date: Tue, 12 Nov 2019 14:34:02 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 12 Nov 2019 13:46:35 GMT
Connection: keep-alive
ETag: "5dcab7bb-264"
Accept-Ranges: bytes