yum -y install gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel gd gd-devel curl curl-devel e2fsprogs e2fsprogs-devel  krb5-devel libidn libidn-devel openssl openssl-devel openldap openldap-devel nss_ldap openldap-clients openldap-servers pcre pcre-devel ImageMagick ImageMagick-devel git


wget  http://nginx.org/download/nginx-1.10.2.tar.gz
useradd -s /sbin/nologin   -M nginx
tar zxf nginx-1.10.2.tar.gz
cd nginx-1.10.2/


./configure --prefix=/etc/nginx  \
--sbin-path=/usr/sbin/nginx   \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--http-client-body-temp-path=/var/cache/nginx/client_temp \
--http-proxy-temp-path=/var/cache/nginx/proxy_temp \
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
--http-scgi-temp-path=/var/cache/nginx/scgi_temp \
--user=nginx \
--group=nginx \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_stub_status_module \
--with-http_auth_request_module \
--with-threads \
--with-stream \
--with-stream_ssl_module \
--with-http_slice_module \
--with-mail \
--with-mail_ssl_module \
--with-file-aio \
--with-http_v2_module \
--with-ipv6   \
--add-module=/hequan/ngx_log_if


make  &&  make install


mkdir -p /var/tmp/nginx/{client,proxy,fastcgi,uwsgi,scgi}
mkdir -p /var/cache/nginx/client_temp


vim /lib/systemd/system/nginx.service
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t
ExecStart=/usr/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
systemctl enable nginx.service
systemctl start  nginx.service
vim /usr/local/nginx/conf/nginx.conf
    server {
        listen       80;
        root         /data/web/www;
        server_name     www.hequan.lol;
        index index.html index.htm index.php;
        location / {
                try_files $uri $uri/ /index.php?$args;
        }
        location ~ .*\.(php)?$  {
                expires -1s;
                try_files $uri =404;
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                include fastcgi_params;
                fastcgi_param PATH_INFO $fastcgi_path_info;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_pass  127.0.0.1:9000;
                access_log_bypass_if ($uri = '/health.php');  #日志过滤模块
                access_log_bypass_if ($uri = '/health.html');
   }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
iptables -P INPUT DROP
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
/usr/libexec/iptables/iptables.init save