centos8安装nginx (1.21.6) 以及配置SSL模块

#首先安装依赖
yum -y install gcc gcc-c++ autoconf automake make pcre pcre-devel openssl openssl-devel

官网：https://nginx.org/en/download.html

选择安装包右键复制链接地址。执行wget -c "复制的链接地址"，例如：

wget -c https://nginx.org/download/nginx-1.21.6.tar.gz
tar -zxvf nginx-1.21.6.tar.gz
cd nginx-1.21.6
# 配置安装路径
./configure --prefix=/usr/local/nginx 
make
make install

查看安装路径：

whereis nginx

启动、停止nginx

cd /usr/local/nginx/sbin/
./nginx 
./nginx -s stop
./nginx -s quit
./nginx -s reload

./nginx -s quit:此方式停止步骤是待nginx进程处理任务完毕进行停止。
./nginx -s stop:此方式相当于先查出nginx进程id再使用kill命令强制杀掉进程。

查询nginx进程：

ps aux|grep nginx

开机自启动

1，创建nginx.service文件

vim /lib/systemd/system/nginx.service

书写内容如下

[Unit]
Description=nginx service
After=network.target

[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s quit
PrivateTmp=true

[Install]
WantedBy=multi-user.target

注意

[Service]的启动、重启、停止命令全部要求使用绝对路径
[Install]运行级别下服务安装的相关设置，可设置为多用户，即系统运行级别为3
对于nginx的位置可以使用find / -name nginx进行寻找

2，设置开机自启动

# 设置开机自启动

systemctl enable nginx

# 关闭开机自动启动

systemctl disable nginx

# 服务相关命令
# 启动nginx服务

systemctl start nginx.service

# 停止服务

systemctl stop nginx.service

# 重新启动服务

systemctl restart nginx.service

# 查看所有已启动的服务

systemctl list-units --type=service

# 查看服务当前状态

systemctl status nginx.service

# 设置开机自启动

systemctl enable nginx.service

# 停止开机自启动

systemctl disable nginx.service

访问测试

打开/usr/local/nginx/conf/nginx.conf可以看到nginx默认端口为80，防火墙开放80端口并重启：

# 阿里云等云服务器平台，在相关后台进行配置

firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --reload

在浏览器输入http://ip:80查看

配置Nginx的SSL模块

Nginx如果未开启SSL模块，配置Https时提示错误

1，cd到源码包

cd /data/nginx/

2，查看nginx原有模块

/usr/local/nginx/sbin/nginx -V

3，配置并编译

./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
make

4，这里不进行make install操作，否则会覆盖安装，可以先备份原来的nginx

cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak

5，将刚刚编译好的nginx覆盖掉原有的nginx（这个时候nginx要停止状态）

cp ./objs/nginx /usr/local/nginx/sbin/

6，然后启动nginx，仍可以通过第二步的命令查看是否已经加入成功

Nginx SSL性能调优

1 2 3 4 5

ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m;

最后附上部分nginx配置

    server {
        listen 80;
        server_name test.com;
        rewrite ^(.*)$ https://$server_name$1 permanent;
    }

    server {
        listen       443 ssl;
        server_name  test.com;

        ssl_certificate      ../cert/test.pem;
        ssl_certificate_key  ../cert/test.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

        location / {
            root   html;
            index  index.html index.htm;
        }
    }

    server {
        listen 80;
        server_name son.test.com;
        rewrite ^(.*)$ https://$server_name$1 permanent;
    }

    server {
        listen       443 ssl;
        server_name  son.test.com;

        ssl_certificate      ../cert/son.pem;
        ssl_certificate_key  ../cert/son.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

        location / {
            tcp_nodelay on;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_pass http://localhost:18001;
        }
    }