nginx实战(一) OpenResty 安装

原创

东凌阁 2018-10-15 22:36:51 博主文章分类：nginx ©著作权

©著作权归作者所有：来自51CTO博客作者东凌阁的原创作品，请联系作者获取转载授权，否则将追究法律责任

前言

系统环境是Centos 7，nginx选用的是openresty 版本

系统优化

systemctl disable firewalld
systemctl stop firewalld
setenforce 0
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
yum -y install iptables iptables-services net-tools vim
yum -y install epel-release 
echo "* soft nofile 65535 
* hard nofile 65535" >>/etc/security/limits.conf

编译OpenResty

下载

wget https://openresty.org/download/openresty-1.13.6.2.tar.gz tar zxmf openresty-1.13.6.2.tar.gz

编译

cd openresty-1.13.6.2/
yum -y install gcc gcc-c++  pcre pcre-devel  zlib zlib-devel openssl openssl-devel curl autoconf automake
./configure --with-http_gzip_static_module
gamke & gmake install

ln -s /usr/local/openresty/nginx/conf /etc/nginx

提示:上述命令默认编译参数：

参数	参数说明	详细说明
--prefix=/usr/local/openresty/nginx	安装目录
--with-cc-opt=-O2
--add-module=../ngx_devel_kit-0.3.0
--add-module=../echo-nginx-module-0.61	调试nginx.conf中的location时的模块	https://blog.csdn.net/rex_nie/article/details/79305097
--add-module=../xss-nginx-module-0.06	跨域 AJAX 支持.当前仅支持 GET .
--add-module=../ngx_coolkit-0.2rc3
--add-module=../set-misc-nginx-module-0.32	URI转义模块	http://www.ttlsa.com/nginx/nginx_set-misc-nginx-module-module-description/
--add-module=../form-input-nginx-module-0.12	解析post请求中的参数	https://www.cnblogs.com/linxiong945/p/4284434.html
--add-module=../encrypted-session-nginx-module-0.08		http://ju.outofmemory.cn/entry/35811
--add-module=../srcache-nginx-module-0.31	页面缓存	https://blog.csdn.net/caihaobin8023/article/details/56480092
--add-module=../ngx_lua-0.10.13	lua 脚本
--add-module=../ngx_lua_upstream-0.07
--add-module=../headers-more-nginx-module-0.33
--add-module=../array-var-nginx-module-0.05
--add-module=../memc-nginx-module-0.19
--add-module=../redis2-nginx-module-0.15
--add-module=../redis-nginx-module-0.3.7
--add-module=../rds-json-nginx-module-0.15
--add-module=../rds-csv-nginx-module-0.09
--add-module=../ngx_stream_lua-0.0.5
--with-ld-opt=-Wl,-rpath,/usr/local/openresty/luajit/lib
--with-stream
--with-stream_ssl_module
--with-http_ssl_module

configure 可以通过如下参数添加模块（http://openresty.org/cn/components.html）

参数	参数说明	使用说明
--with-http_iconv_module	enable ngx_http_iconv_module
--with-http_drizzle_module	enable ngx_http_drizzle_module
--with-http_postgres_module	enable ngx_http_postgres_module
--with-luajit	enable and build the bundled LuaJIT 2.1 (the default)
--with-select_module	enable select module
--with-poll_module	enable poll module
--with-threads	enable thread pool support
--with-file-aio	enable file AIO support
--with-ipv6	enable IPv6 support
--with-http_v2_module	enable ngx_http_v2_module
--with-http_realip_module	获取用户真实IP	https://blog.csdn.net/cscrazybing/article/details/50789234
--with-http_addition_module	enable ngx_http_addition_module
--with-http_xslt_module	enable ngx_http_xslt_module
--with-http_xslt_module=dynamic	enable dynamic ngx_http_xslt_module
--with-http_image_filter_module	enable ngx_http_image_filter_module
--with-http_image_filter_module=dynamic
--with-http_geoip_module	enable ngx_http_geoip_module
--with-http_geoip_module=dynamic	enable dynamic ngx_http_geoip_module
--with-http_sub_module	enable ngx_http_sub_module
--with-http_dav_module	enable ngx_http_dav_module	webdav 支持
--with-http_flv_module	enable ngx_http_flv_module
--with-http_mp4_module	enable ngx_http_mp4_module
--with-http_gunzip_module	enable ngx_http_gunzip_module
--with-http_gzip_static_module	enable ngx_http_gzip_static_module	https://blog.csdn.net/qq_36431213/article/details/78221189
--with-http_auth_request_module	enable ngx_http_auth_request_module	第三方认证支持
--with-http_random_index_module	enable ngx_http_random_index_module
--with-http_secure_link_module	enable ngx_http_secure_link_module
--with-http_degradation_module	enable ngx_http_degradation_module
--with-http_slice_module	enable ngx_http_slice_module
--with-http_stub_status_module	enable ngx_http_stub_status_module
--with-http_perl_module	enable ngx_http_perl_module
--with-http_perl_module=dynamic	enable dynamic ngx_http_perl_module
--with-mail	enable POP3/IMAP4/SMTP proxy module	mail 代理
--with-mail=dynamic	enable dynamic POP3/IMAP4/SMTP proxy module
--with-mail_ssl_module	enable ngx_mail_ssl_module
--with-stream	enable TCP/UDP proxy module
--with-stream=dynamic	enable dynamic TCP/UDP proxy module
--with-stream_ssl_module	enable ngx_stream_ssl_module
--with-stream_realip_module	enable ngx_stream_realip_module	获取访问者真实IP
--with-stream_geoip_module	enable ngx_stream_geoip_module
--with-stream_geoip_module=dynamic	enable dynamic ngx_stream_geoip_module
--with-stream_ssl_preread_module	enable ngx_stream_ssl_preread_module
--with-google_perftools_module	enable ngx_google_perftools_module
--with-cpp_test_module	enable ngx_cpp_test_module

https://blog.csdn.net/johnnycode/article/details/41847745

添加nginx用户

groupadd nginx
useradd -d /var/lib/nginx -m -s /sbin/nologin -g nginx -c "Nginx web server" nginx

nginx配置

cd /usr/local/openresty/nginx/conf
cat >/usr/local/openresty/nginx/conf/nginx.conf <<EOF
user nginx;
worker_processes auto;
worker_rlimit_nofile 65535;
pid /run/nginx.pid;
events {
    use epoll;
    worker_connections  65536;
    multi_accept on;
    accept_mutex on;
    accept_mutex_delay 500ms;
}
##--with-stream 这个模块tcp 代理支持
stream {
    include conf.d/*.ream;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" - $upstream_addr'
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  logs/access.log  main;
    charset  utf-8;
    server_names_hash_bucket_size 256;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 128k; #最大缓存为4个128KB
    client_max_body_size 20m;   #允许客户端请求的最大的单个文件字节数
    sendfile on;        #开启高效文件传输模式
    tcp_nopush on;      #用于防止网络阻塞
    tcp_nodelay on;     #用于防止网络阻塞
    keepalive_timeout  60;      #超过这个时间之后服务器会关闭该连接
	types_hash_max_size 2048;#值越大，越耗内存，索速度就更快。
    client_header_timeout 10;   #客户端请求头读取超时时间，超过这个时间客户端还没发数据NGINX就返回408错误
    client_body_timeout 10;     #客户端请求主体读取超时时间，超过这个时间客户端还没发数据NGINX就返回408错误
    server_tokens on;   #不显示nginx版本信息
    include gzip.conf;  #HttpGzip的配置文件
    include conf.d/*.conf;
}
EOF
cat >gzip.conf<<EOF
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
#gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
gzip_vary off;
gzip_disable "MSIE [1-6]\.";
EOF
mkdir conf.d
cat >default <<EOF
    server {
        listen       80;
        server_name  localhost;
        #charset koi8-r;
        #access_log  logs/host.access.log  main;
        location / {
            root   html;
            index  index.html index.htm;
        }
        #error_page  404              /404.html;
        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}
        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}
        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }
    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;
    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}
    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;
    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;
    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;
    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;
    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}
EOF

注册系统服务

cat >/usr/lib/systemd/system/nginx.service <<EOF
[Unit]
Description=The OpenResty HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/run/nginx.pid
# Nginx will fail to start if /run/nginx.pid already exists but has the wrong
# SELinux context. This might happen when running `nginx -t` from the cmdline.
# https://bugzilla.redhat.com/show_bug.cgi?id=1268621
ExecStartPre=/usr/bin/rm -f /run/nginx.pid
ExecStartPre=/usr/local/openresty/bin/openresty -t
ExecStart=/usr/local/openresty/bin/openresty
ExecReload=/bin/kill -s HUP $MAINPID
KillSignal=SIGQUIT
TimeoutStopSec=5
KillMode=process
PrivateTmp=true

[Install]
WantedBy=multi-user.target
EOF

systemctl enable nginx
systemctl start nginx