Nginx记录1-基础安装相关

多线程架构

master进程主要用来管理worker进程,具体包括如下4个主要功能:
(1)接收来自外界的信号。
(2)向各worker进程发送信号。
(3)监控woker进程的运行状态。
(4)当woker进程退出后(异常情况下),会自动重新启动新的woker进程。
woker进程主要用来处理网络事件,各个woker进程之间是对等且相互独立的,它们同等竞争来自客户端的请求,一个请求只可能在一个woker进程中处理,woker进程个数一般设置为机器CPU核数。

参考文献

官方文档 | 在线文档
安装 | 应用实例 | 安全实例 | Nginx限流特技
反向代理-proxy_buffering

安装过程

编译选项:
--with-http_image_filter_module=dynamic --需要GD
--with-pcre-jit
--with-file-aio
--with-http_v2_module
--with-http_realip_module
--with-http_addition_module
--with-http_xslt_module=dynamic
--with-http_sub_module
--with-http_dav_module
--with-http_flv_module
--with-http_mp4_module
--with-http_gunzip_module
--with-http_gzip_static_module
--with-http_random_index_module
--with-http_secure_link_module
--with-http_slice_module
--需要pcre JIT
--with-http_geoip_module=dynamic --需要GeoIP GeoIP-devel

编译参数
--with-stream 支持TCP代理以及负载均衡功能 官网

错误记录:参考错误记录
配置文件:参考配置文件

功能:1.0 - 安装nginx、编译sticky模块、添加service服务

#!/bin/bash
nginxdir=/usr/local/nginx
nginxver=nginx-1.12.2

#funtion
nginx_init () {
curl -L https://raw.githubusercontent.com/mainiubaba/One/master/bash/nginx > /etc/init.d/nginx
if [ $? -eq '0' ];
then
 chmod +x /etc/init.d/nginx
else
 echo "add /etc/init.d/nginx filed."
 exit
fi
}

if [ -d ${nginxdir} ];
then
 echo "${nginxdir} directory exists"
else
 mkdir ${nginxdir}
fi
#yum
yum -y install cmake make gcc gcc-c++ libevent nss zlib zlib-devel openssl openssl-devel glibc glibc-devel compat-expat1 glibc.i686 procps procmail  ncurses-devel ncurses-libs ncurses-base ncurses  libuuid-devel pcre pcre-devel  libxslt libxml2 libxml2-devel gd-devel perl-ExtUtils-Embed perl-devel libxslt-devel
#wget tar
if [ -f ${nginxdir}/${nginxver}.tar.gz ];
then
 rm -r ${nginxdir}/${nginxver}.tar.gz
 rm -rf ${nginxdir}/${nginxver}
 wget -P $nginxdir http://nginx.org/download/${nginxver}.tar.gz
else
 wget -P $nginxdir http://nginx.org/download/${nginxver}.tar.gz
fi
wget -P $nginxdir https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/08a395c66e42.zip
#unzip
cd $nginxdir
tar -zxf nginx-1.12.2.tar.gz
unzip 08a395c66e42.zip
mv nginx-goodies-nginx-sticky-module-ng-08a395c66e42 nginx-sticky-module
#configure
cd ${nginxdir}/nginx-1.12.2
./configure \
--prefix=/usr/local/nginx/ \
--user=nginx \
--group=nginx \
--conf-path=/etc/nginx/nginx.conf \
--pid-path=/var/run/nginx.pid \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--with-http_stub_status_module \
--with-http_ssl_module \
--sbin-path=/usr/sbin/nginx \
--modules-path=/usr/lib64/nginx/modules \
--http-client-body-temp-path=/var/lib/nginx/tmp/client_body  \
--http-proxy-temp-path=/var/lib/nginx/tmp/proxy  \
--http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi  \
--http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi  \
--http-scgi-temp-path=/var/lib/nginx/tmp/scgi  \
--lock-path=/var/lock/subsys/nginx  \
--with-file-aio  \
--with-http_v2_module  \
--with-http_realip_module  \
--with-http_addition_module  \
--with-http_xslt_module=dynamic  \
--with-http_sub_module  \
--with-http_dav_module  \
--with-http_flv_module \
--with-http_mp4_module  \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_random_index_module \
--with-http_secure_link_module  \
--with-http_slice_module \
--add-module=${nginxdir}/nginx-sticky-module

make -j 4
make install

if [ $? -eq '0' ];
then
  nginx_init
fi

功能:1.1 - 安装nginx、编译sticky模块、添加service服务(增加yum安装nginx -V输出的参数)

#!/bin/bash
nginxdir=/usr/local/nginx
nginxver=nginx-1.12.2

#funtion
nginx_init () {
curl -L https://raw.githubusercontent.com/mainiubaba/One/master/bash/nginx > /etc/init.d/nginx
if [ $? -eq '0' ];
then
 chmod +x /etc/init.d/nginx
else
 echo "add /etc/init.d/nginx filed."
 exit
fi
}

if [ -d ${nginxdir} ];
then
 echo "${nginxdir} directory exists"
else
 mkdir ${nginxdir}
fi
#yum
yum -y install cmake make gcc gcc-c++ libevent nss zlib zlib-devel openssl openssl-devel glibc glibc-devel compat-expat1 glibc.i686 procps procmail  ncurses-devel ncurses-libs ncurses-base ncurses  libuuid-devel pcre pcre-devel  libxslt libxml2 libxml2-devel gd-devel perl-ExtUtils-Embed perl-devel libxslt-devel GeoIP GeoIP-devel google-perftools google-perftools-devel
#wget tar
if [ -f ${nginxdir}/${nginxver}.tar.gz ];
then
 rm -r ${nginxdir}/${nginxver}.tar.gz
 rm -rf ${nginxdir}/${nginxver}
 wget -P $nginxdir http://nginx.org/download/${nginxver}.tar.gz
else
 wget -P $nginxdir http://nginx.org/download/${nginxver}.tar.gz
fi
wget -P $nginxdir https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/08a395c66e42.zip
#unzip
cd $nginxdir
tar -zxf nginx-1.12.2.tar.gz
unzip 08a395c66e42.zip
mv nginx-goodies-nginx-sticky-module-ng-08a395c66e42 nginx-sticky-module
#configure
cd ${nginxdir}/nginx-1.12.2
./configure \
--prefix=/usr/local/nginx/ \
--user=nginx \
--group=nginx \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/var/run/nginx.pid \
--http-client-body-temp-path=/var/lib/nginx/tmp/client_body \
--http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi \
--http-proxy-temp-path=/var/lib/nginx/tmp/proxy \
--http-scgi-temp-path=/var/lib/nginx/tmp/scgi \
--http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi \
--lock-path=/var/lock/subsys/nginx \
--modules-path=/usr/lib64/nginx/modules \
--sbin-path=/usr/sbin/nginx \
--with-debug \
--with-file-aio \
--with-google_perftools_module \
--with-http_addition_module \
--with-http_auth_request_module \
--with-http_dav_module \
--with-http_degradation_module \
--with-http_flv_module \
--with-http_geoip_module=dynamic \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_image_filter_module=dynamic \
--with-http_mp4_module \
--with-http_perl_module=dynamic \
--with-http_random_index_module \
--with-http_realip_module \
--with-http_secure_link_module \
--with-http_slice_module \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_sub_module \
--with-http_v2_module \
--with-http_xslt_module=dynamic \
--with-ipv6 \
--with-mail=dynamic \
--with-mail_ssl_module \
--with-pcre \
--with-pcre-jit \
--with-stream=dynamic \
--add-module=${nginxdir}/nginx-sticky-module

make -j 4
make install

if [ $? -eq '0' ];
then
  nginx_init
fi

功能:2.0 - 安装nginx、编译sticky模块、添加service服务、编译modsecurity模块、添加owasp规则

#!/bin/bash
nginxdir=/usr/local/nginx
nginxver=nginx-1.12.2
modsecurity_path=/etc/nginx

#funtion
nginx_init () {
curl -L https://raw.githubusercontent.com/mainiubaba/One/master/nginx > /etc/init.d/nginx
if [ $? -eq '0' ];
then
 chmod +x /etc/init.d/nginx
else
 echo "add /etc/init.d/nginx filed."
 exit
fi
}

if [ -d ${nginxdir} ];
then
 echo "${nginxdir} directory exists"
else
 mkdir ${nginxdir}
fi
#yum
yum -y install cmake make gcc gcc-c++ libevent nss zlib zlib-devel openssl openssl-devel glibc glibc-devel compat-expat1 glibc.i686 procps procmail  ncurses-devel ncurses-libs ncurses-base ncurses  libuuid-devel pcre pcre-devel  libxslt libxml2 libxml2-devel gd-devel perl-ExtUtils-Embed perl-devel libxslt-devel
#wget tar
if [ -f ${nginxdir}/${nginxver}.tar.gz ];
then
 rm -r ${nginxdir}/${nginxver}.tar.gz
 rm -rf ${nginxdir}/${nginxver}
 wget -P $nginxdir http://nginx.org/download/${nginxver}.tar.gz
else
 wget -P $nginxdir http://nginx.org/download/${nginxver}.tar.gz
fi
#wget sticky
wget -P $nginxdir https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/08a395c66e42.zip
#unzip
cd $nginxdir
tar -zxf nginx-1.12.2.tar.gz
unzip 08a395c66e42.zip
mv nginx-goodies-nginx-sticky-module-ng-08a395c66e42 nginx-sticky-module
#install modsecurity
if [ $? -eq '0' ];
then
 yum install -y git gcc make automake autoconf libtool
 yum install -y pcre pcre-devel libxml2 libxml2-devel curl curl-devel httpd-devel
 if [ $? -eq '0' ];
 then
  cd ${nginxdir} && git clone https://github.com/SpiderLabs/ModSecurity.git  mod_security
 else
  exit
 fi
 cd mod_security && \
 chmod 777 autogen.sh && \
 ./autogen.sh && \
 ./configure --enable-standalone-module && \
 make
fi


#configure
cd ${nginxdir}/nginx-1.12.2
./configure \
--prefix=/usr/local/nginx/ \
--user=nginx \
--group=nginx \
--conf-path=/etc/nginx/nginx.conf \
--pid-path=/var/run/nginx.pid \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--with-http_stub_status_module \
--with-http_ssl_module \
--sbin-path=/usr/sbin/nginx \
--modules-path=/usr/lib64/nginx/modules \
--http-client-body-temp-path=/var/lib/nginx/tmp/client_body  \
--http-proxy-temp-path=/var/lib/nginx/tmp/proxy  \
--http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi  \
--http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi  \
--http-scgi-temp-path=/var/lib/nginx/tmp/scgi  \
--lock-path=/var/lock/subsys/nginx  \
--with-file-aio  \
--with-http_v2_module  \
--with-http_realip_module  \
--with-http_addition_module  \
--with-http_xslt_module=dynamic  \
--with-http_sub_module  \
--with-http_dav_module  \
--with-http_flv_module \
--with-http_mp4_module  \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_random_index_module \
--with-http_secure_link_module  \
--with-http_slice_module \
--add-module=${nginxdir}/nginx-sticky-module \
--add-module=${nginxdir}/mod_security/nginx/modsecurity

make -j 4
make install

if [ $? -eq '0' ];
then
  nginx_init
fi
#install modsecurity owasp
cd ${nginxdir} && git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
cp -r owasp-modsecurity-crs/ ${modsecurity_path}
cp ${modsecurity_path}/owasp-modsecurity-crs/crs-setup.conf.example ${modsecurity_path}/owasp-modsecurity-crs/crs-setup.conf
#deploy modsecurity
cp -r /usr/local/nginx/mod_security/{modsecurity.conf-recommended,unicode.mapping} ${modsecurity_path}
cp ${modsecurity_path}/modsecurity.conf-recommended ${modsecurity_path}/modsecurity.conf
sed -i 's/^SecRuleEngine DetectionOnly/SecRuleEngine on/' ${modsecurity_path}/modsecurity.conf
if [ $? -eq '0' ];
then
cat >> ${modsecurity_path}/modsecurity.conf << EOF
SecRule ARGS:testparam "@contains test" "id:1234,deny,status:403,msg:'Our test rule has triggered !!!197-test-196!!!'"
Include owasp-modsecurity-crs/crs-setup.conf
EOF
fi

Centos7 systemctl.service
# stat /usr/lib/systemd/system/nginx.service
文件:"/usr/lib/systemd/system/nginx.service"
权限:(0644/-rw-r--r--) Uid:( 0/ root) Gid:( 0/ root)

[Unit]
Description=nginx - high performance web server
Documentation=http://nginx.org/en/docs/
After=network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target

[Service]
Type=forking
PIDFile=/var/run/nginx.pid
ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s TERM $MAINPID

[Install]
WantedBy=multi-user.target

你可能感兴趣的:(Nginx记录1-基础安装相关)