CentOS8 源码编译安装Nginx及相应配置

一、编译安装

#给nginx集成echo模块
wget https://github.com/openresty/echo-nginx-module/archive/v0.62.tar.gz
tar -zxvf v0.62.tar.gz
yum -y install gcc gcc-c++ pcre pcre-devel zlib zlib-devel openssl openssl-devel --setopt=protected_multilib=false
wget http://nginx.org/download/nginx-1.18.0.tar.gz  (建议在下载下来之后先更改源码中nginx版本号及其它敏感信息 
解压tar -xzvf nginx-1.8.0.tar.gz
vim src/core/nginx.h   (10.0     Microsoft-IIS/)
groupadd www #添加www组
useradd -g www www -s /bin/false #创建nginx运行账户www并加入到www组,不允许www用户直接登录系统
创建目录:  mkdir -p /var/cache/nginx/client_temp/ /var/log/nginx/ /usr/local/nginx/tmp/proxy_temp /var/tmp/nginx/fcgi/ /var/tmp/nginx/proxy/
./configure --prefix=/usr/local/nginx --sbin-path=/usr/local/nginx/sbin/nginx --error-log-path=/var/log/nginx/error.log --pid-path=/usr/local/nginx/logs/nginx.pid --lock-path=/var/lock/nginx.lock --user=www --group=www --with-http_ssl_module --with-http_dav_module --with-http_realip_module --with-http_flv_module --with-http_gzip_static_module --with-http_stub_status_module --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/cache/nginx/client_temp/ --http-proxy-temp-path=/var/tmp/nginx/proxy/ --http-fastcgi-temp-path=/var/tmp/nginx/fcgi/ --add-module=/usr/local/soft/echo-nginx-module-0.62/

make && make install

二、nginx.conf

user  root;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    use epoll;
    worker_connections  2048;
}

http {
        ## 这里取得原始用户的IP地址
        map $http_x_forwarded_for $clientRealIp {
                ""      $remote_addr;
                ~^(?P[0-9\.]+),?.*$  $firstAddr;
        }
        #自定义日志格式
        log_format main   '$clientRealIp [$time_local] "$request" $status "$http_referer" "$http_user_agent" $ssl_protocol $ssl_cipher $upstream_addr $request_time $upstream_response_time';

        #针对原始用户 IP 地址做限制
        limit_conn_zone $clientRealIp zone=TotalConnLimitZone:10m;
        limit_conn TotalConnLimitZone 5;    #限制每个IP只能发起5个并发连接

        #每秒处理 10 个请求
        limit_req_zone $clientRealIp zone=ConnLimitZone:10m  rate=10r/s;


        include                  mime.types;
        include                  gzip.types;
        default_type          application/octet-stream;
        include                  vhosts/*.conf;
}

二、gzip.types

server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
keepalive_timeout 65;
client_body_temp_path /usr/local/nginx/client_body_temp;
proxy_temp_path /usr/local/nginx/tmp/proxy_temp;
#gzip模块设置
gzip on;
gzip_min_length  1k;
gzip_buffers     4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;  #压缩等级
#压缩类型,认已包含text/html,所以下面不用再写,写上去也不会有问题,但有一个警
gzip_types       text/plain application/x-javascript text/css application/xml;
gzip_vary on;
client_header_timeout  3m;
client_body_timeout    3m;
send_timeout          3m;
sendfile                on;
tcp_nopush              on;
tcp_nodelay            on;

三、vhosts/**1.conf

server {
        listen      443 ssl;
        #证书文件
        ssl_certificate /opt/web/ssl/***.com.pem;
        #私钥文件
        ssl_certificate_key     /opt/web/ssl/***.com.key;
        server_name     ***.com www.***.com *.***.com;
        root            /opt/web/***.com/;
        index  default.html index.html index.htm;

        #CDN IP 获取
        set $Real_IP $http_x_forwarded_for;
        #最多 5 个排队, 由于每秒处理 10 个请求 + 5个排队,你一秒最多发送 15 个请求过来,再多就直接返回 503 错误
        limit_req zone=ConnLimitZone burst=5 nodelay;

        #从系统时间中正则匹配出年月日
        if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})") {
                set $access_date $1-$2-$3;
        }
        access_log   /var/log/nginx/$access_date.access_www.***.com.log  main;
        error_log    /var/log/nginx/error_www.***.com.log   warn;
        error_page 401 404 /40x.html;
        error_page 500 504 /50x.html;
        location = /40x.html {
                root /usr/local/nginx/html;
        }
        location = /50x.html {
                root /usr/local/nginx/html;
        }
        if ($host != 'www.***.com') {
                rewrite ^/(.*)$ https://www.***.com/$1 permanent;
        }

        #测试获取当前真实IP
        location /realip {
                default_type text/plain;
                echo $clientRealIp;
        }

        #忽略js.map文件
        rewrite ^/(.*).js.map /resource/js/nullmap.txt permanent;
        #解决苹果设备发起的请求
        rewrite ^/apple-touch-(.*).png /resource/img/logo-ren.png permanent;

        #验证码
        location ^~ /auth/vCode {
                proxy_pass http://**.*****.com:82;
                proxy_set_header X-Real-IP  $Real_IP;
        }
        #统计阅读量
        location ^~ /cms/newsdoc/readcount/ {
                proxy_pass http://**.*****.com:82;
                proxy_set_header X-Real-IP  $Real_IP;
        }
        #执行指定搜索
        location ^~ /search/detail/ {
                proxy_pass http://**.*****.com:82;
                proxy_set_header X-Real-IP  $Real_IP;
        }
        #执行指定搜索(热门搜索)
        location ^~ /search/keySearchDetail/ {
                proxy_pass http://**.*****.com:82;
                proxy_set_header X-Real-IP  $Real_IP;
        }
        location ~ .*\.(js|css|html)$ {
                expires 7d;
        }
        location ~ .*\.(ico|gif|jpg|jpeg|png|bmp)$ {
                expires 30d;
        }
        location ~ ^/(WEB-INF|META-INF)/* {
                deny all;
        }
}

四、vhosts/**2.conf

server {
        listen      443 ssl;
        #证书文件
        ssl_certificate /opt/web/ssl/*****.com.pem;
        #私钥文件
        ssl_certificate_key     /opt/web/ssl/*****.com.key;
        server_name     **.*****.com;
        root            /opt/web/*****.com/;
        index  default.html index.html index.htm;
        access_log   /var/log/nginx/access_**.*****.com.log  main;
        error_log    /var/log/nginx/error_**.*****.com.log   warn;
        error_page 401 404 /40x.html;
        error_page 500 504 /50x.html;
        location = /40x.html {
                root /usr/local/nginx/html;
        }
        location = /50x.html {
                root /usr/local/nginx/html;
        }
        location ~ .*\.(js|css|html)$ {
                expires 7d;
        }
        location ~ .*\.(ico|gif|jpg|jpeg|png|bmp)$ {
                expires 30d;
        }
        location ^~ /file/ {
                root /opt/web/*****.com/;
        }
        location ^~ /html/ {
                root /opt/web/*****.com/;
        }
        location ^~ /resource/ {
                root /opt/web/*****.com/;
        }
        location ^~ / {
                root /opt/web/*****.com/;
                index  default.html index.html index.htm;
                proxy_pass http://**.*****.com:82;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP  $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_send_timeout 600;
                proxy_read_timeout 600;
                proxy_connect_timeout 600;
                client_max_body_size 20M;
        }
        location ~ ^/(WEB-INF|META-INF)/* {
                deny all;
        }
}

五、sbin/clearLogs.sh

#!/bin/bash
#find ./ -name “*date*” -mtime +2 当前目录下文件名包含access_www.*****.com.log,而且修改时间在24*10小时以上的
find /var/log/nginx/ -mtime +10 -name "*.access_www.******.com.log" -exec rm -rf {} \;

六、每天定时执行

终端执行:crontab -e
录入:

# 每日01时定时执行清理历史日志文件
00 1 * * * /usr/local/nginx/sbin/clearLogs.sh

你可能感兴趣的:(CentOS8 源码编译安装Nginx及相应配置)