Centos7 生产环境安装 Nginx

发表于 阅读次数: 评论数: 本文字数: 104 阅读时长 ≈ 1 分钟

系统环境

1
2
CentOS Linux release 7.6.1810 (Core)
Linux centos7 3.10.0-957.5.1.el7.x86_64 #1 SMP Fri Feb 1 14:54:57 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

安装 Supervisor

1
2
3
4
5
6
7
8
9
10
11
12
13
# 提示:supervisor主要用于管理nginx的开机自启动(带守护进程)

# 安装
# yum install -y supervisor

# 开机自启动
# systemctl enable supervisord

# 启动服务
# systemctl start supervisord

# 查看服务状态
# systemctl status supervisord

更改系统的最大打开文件描述符数

创建 Nginx 用户和用户组

1
2
3
4
5
6
7
8
# 切换root用户
$ sudo -i

# 创建nginx用户组
# groupadd nginx

# 创建nginx用户(不允许远程登录)
# useradd -g nginx nginx -s /bin/false

下载 Nginx

1
2
3
4
5
6
7
8
9
# 创建下载目录
# mkdir -p /home/nginx/software

# 下载
# cd /home/nginx/software
# wget http://nginx.org/download/nginx-1.16.0.tar.gz

# 解压
# tar -xvf nginx-1.16.0.tar.gz

编译安装 Nginx

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
# 进入下载目录
# cd /home/nginx/software/nginx-1.16.0

# 安装依赖库
# yum install -y gcc gdb strace gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs patch e2fsprogs-devel krb5-devel libidn libidn-devel openldap-devel nss_ldap openldap-clients openldap-servers libevent-devel libevent uuid-devel uuid openssl openssl-devel pcre pcre-devel

# 配置
./configure \
  --user=nginx \
  --group=nginx \
  --prefix=/usr/local/nginx \
  --with-pcre \
  --with-http_v2_module \
  --with-http_ssl_module \
  --with-http_realip_module \
  --with-http_gzip_static_module \
  --with-http_stub_status_module

# 编译安装
# make && make install

# 备份默认的配置文件
# cd /usr/local/nginx/conf
# cp nginx.conf nginx.conf.default

# 文件授权
# chown -R nginx:nginx /usr/local/nginx

配置 Nginx

1
2
3
4
5
6
7
# 编辑nginx的配置文件
# vim /usr/local/nginx/conf/nginx.conf
worker_processes  4;
error_log  logs/error.log;

# 校验配置文件是否正确
# /usr/local/nginx/sbin/nginx -t

开机自启动 Nginx

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
# 创建nginx的supervistor配置文件
# touch /etc/supervisord.d/nginx.ini

# 编辑nginx的supervistor配置文件
# vim /etc/supervisord.d/nginx.ini
[program:nginx]
directory=/usr/local/nginx
command=/usr/local/nginx/sbin/nginx -g 'daemon off;' -c /usr/local/nginx/conf/nginx.conf
user=root
numprocs=1
autostart=true
autorestart=true
startretries=10
process_name=%(program_name)s
stdout_logfile_backups=5
stdout_logfile_maxbytes=10MB
stdout_logfile=/var/log/supervisor/nginx.log
stderr_logfile_backups=5
stderr_logfile_maxbytes=10MB
stderr_logfile=/var/log/supervisor/nginx-error.log

# 上面的配置,主进程会以root用户运行,worker进程会以nginx用户运行

# 重载nginx的supervistor配置文件,会自动启动nginx服务
# supervisorctl reload

# 查看nginx的运行状态
# supervisorctl status nginx
nginx RUNNING   pid 9451, uptime 0:00:56     #如果输出此日志信息,说明nginx启动成功,否则查看nginx的启动日志来排查问题

# 测试访问nginx
# curl -I -X GET 127.0.0.1:80

配置防火墙

1
2
3
4
5
6
7
8
# 开放端口
# firewall-cmd --zone=public --permanent --add-port=80/tcp

# 保存防火墙配置
# firewall-cmd --reload

# 查看已开放的端口
# firewall-cmd --list-ports

管理 Nginx 服务

1
2
3
4
5
6
7
8
9
10
11
12
13
14
# 关闭
# supervisorctl stop nginx

# 启动
# supervisorctl start nginx

# 重启
# supervisorctl restart nginx

# 查看状态
# supervisorctl status nginx

# 平滑更新nginx的配置文件
# /usr/local/nginx/sbin/nginx -s reload

Nginx 配置概述

1
2
3
4
5
安装目录:/usr/local/nginx
配置文件:/usr/local/nginx/conf/nginx.conf
错误日志:/usr/local/nginx/logs/error.log
访问日志:/usr/local/nginx/logs/access.log
nginx的supervistor配置文件:/etc/supervisord.d/nginx.ini