nginx 版本升级

最新版本下载

http://nginx.org/en/download.html

Nginx是美国Nginx公司的一款轻量级Web服务器/反向代理服务器及电子邮件(IMAP/POP3)代理服务器。
nginx存在安全漏洞,该漏洞源于一个离一错误在该漏洞允许远程攻击者可利用该漏洞在目标系统上执行任意代码。

厂商补丁:
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://www.nginx.com/blog/updating-nginx-dns-resolver-vulnerability-cve-2021-23017/

#备份配置
mkdir -p /home/soft/bak/nginx/
#rm -rf /home/soft/bak/nginx/*
cd /home/soft/bak/nginx/
cp /usr/local/nginx/sbin/nginx /home/soft/bak/nginx/
cp -r /usr/local/nginx/conf/nginx.conf /home/soft/bak/nginx/
cp -r /usr/local/nginx/conf/conf.d.start /home/soft/bak/nginx/
cp -r /usr/local/nginx/conf/conf.d.stop /home/soft/bak/nginx/


#查询nginx 安装配置
cd /usr/local/nginx/sbin

/usr/local/nginx/sbin/nginx -V



#重新安装
cd /usr/local/src/
tar -zxvf nginx-1.22.1.tar.gz

cd /usr/local/src/nginx-1.22.1


./configure --prefix=/usr/local/nginx  --with-http_stub_status_module --with-pcre --with-mail --with-stream --with-mail_ssl_module --with-http_ssl_module --with-openssl=../openssl-1.1.1d

make


/usr/local/nginx/sbin/nginx -s stop
\cp -rf /usr/local/src/nginx-1.22.1/objs/nginx /usr/local/nginx/sbin/nginx

/usr/local/nginx/sbin/nginx 

隐藏版本号

server_tokens off

在主配置文件nginx.conf加入

worker_processes  2;
error_log logs/error.log;
 
#配置Nginx worker进程最大打开文件数
worker_rlimit_nofile 65535;
 
user www www;
events {
    #单个进程允许的客户端最大连接数
    worker_connections  20480;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    #访问日志配置
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
 
 
    #虚拟主机
    include /application/nginx/conf/extra/www.conf;
    include /application/nginx/conf/extra/blog.conf;
    include /application/nginx/conf/extra/bbs.conf;
    include /application/nginx/conf/extra/edu.conf;
    include /application/nginx/conf/extra/phpmyadmin.conf;
    include /application/nginx/conf/extra/status.conf;
 
    #隐藏版本号
    server_tokens off;
}

在虚拟主机的配置文件中添加

server {
    listen  80;
    server_name www.abc.com;
    rewrite ^(.*)$  https://$host$1 permanent;
}
server {
    listen       443;
    server_name  www.abc.com;
 
    #https证书
    ssl on;
    ssl_certificate /application/nginx/conf/key/server.crt;
    ssl_certificate_key /application/nginx/conf/key/server.key;
 
    #访问日志
    access_log  logs/access_www.log  main buffer=32k flush=5s;
    location / {
        root   html/www;
        index  index.php index.html index.htm;
    }
    #隐藏版本号
    server_tokens off;
    #php解析
    location ~ .*\.(php|php5)?$ {
        root html/www;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        include fastcgi.conf;
    }
}

修改错误页面默认提示


# 默认错误页面
cd /usr/local/nginx/html/

vim 50x.html
```



Error



服务器报错

抱歉,您正在查找的页面不可用,请于管理员联系

``` vim index.html ``` Welcome

首页

```

你可能感兴趣的:(nginx,运维)