CentOS7 Nginx 服务化、开机自启动

Scroll Down

1.安装

Nginx 支持 yum 安装,很方便。

从操作系统仓库安装

yum install epel-release
yum update
yum install nginx
nginx -v

从官方NGINX存储库安装

通过在/etc/yum.repos.d中创建文件nginx.repo来设置 CentOS 的存储库

vi /etc/yum.repos.d/nginx.repo

将以下行添加到 nginx.repo(安装稳定版本)

[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/7/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

保存编辑,
默认情况下,使用稳定的 nginx 软件包的存储库。如果要使用主线nginx软件包,运行以下命令:

yum-config-manager --enable nginx-mainline

开始安装:

yum update
yum install nginx
nginx -v

安装其他模块:
yum install nginx-module-image-filter

编译安装

如果想要编译安装,可以参考:
Nginx - Compiling and Installing from Source

  • PCRE
    正则表达式支持,Nginx core 和 Rewrite modules 依赖于此:
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.44.tar.gz
tar -zxf pcre-8.44.tar.gz
cd pcre-8.44
./configure
make
make install
  • zlib
wget http://zlib.net/zlib-1.2.11.tar.gz
tar -zxf zlib-1.2.11.tar.gz
cd zlib-1.2.11
./configure
make
make install
  • OpenSSL
wget http://www.openssl.org/source/openssl-1.1.1g.tar.gz
tar -zxf openssl-1.1.1g.tar.gz
cd openssl-1.1.1g
./config
make
make install
# 如果是升级,需要迁移旧版
mv /usr/bin/openssl /usr/bin/oldopenssl
ln -s /usr/local/bin/openssl /usr/bin/openssl

ln -s /usr/local/lib64/libssl.so.1.1 /usr/lib64/libssl.so.1.1
ln -s /usr/local/lib64/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1

openssl version

编译安装 Nginx

cd /tmp
wget http://nginx.org/download/nginx-1.18.0.tar.gz
tar -zxf nginx-1.18.0.tar.gz
cd nginx-1.18.0
wget https://www.openssl.org/source/openssl-1.1.1g.tar.gz
tar -zxf openssl-1.1.1g.tar.gz

./configure --prefix=/etc/nginx \
	--sbin-path=/usr/sbin/nginx \
	--modules-path=/usr/lib64/nginx/modules \
	--conf-path=/etc/nginx/nginx.conf \
	--error-log-path=/var/log/nginx/error.log \
	--http-log-path=/var/log/nginx/access.log \
	--pid-path=/var/run/nginx.pid \
	--lock-path=/var/run/nginx.lock \
	--http-client-body-temp-path=/var/cache/nginx/client_temp \
	--http-proxy-temp-path=/var/cache/nginx/proxy_temp \
	--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
	--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
	--http-scgi-temp-path=/var/cache/nginx/scgi_temp \
	--user=nginx \
	--group=nginx \
	--with-compat \
	--with-file-aio \
	--with-threads \
	--with-http_addition_module \
	--with-http_auth_request_module \
	--with-http_dav_module \
	--with-http_flv_module \
	--with-http_gunzip_module \
	--with-http_gzip_static_module \
	--with-http_mp4_module \
	--with-http_random_index_module \
	--with-http_realip_module \
	--with-http_secure_link_module \
	--with-http_slice_module \
	--with-http_ssl_module \
	--with-http_stub_status_module \
	--with-http_sub_module \
	--with-http_v2_module \
	--with-mail \
	--with-mail_ssl_module \
	--with-stream \
	--with-stream_realip_module \
	--with-stream_ssl_module \
	--with-stream_ssl_preread_module \
	--with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC' \
	--with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie' \
	--with-openssl=./openssl-1.1.1g \
	--with-openssl-opt='enable-tls1_3'
	
make
make install	

nginx -v

2.支持 TLS 1.3

注意第1节编译的时候,最后指定了--with-openssl=./openssl-1.1.1g,和--with-openssl-opt='enable-tls1_3'
这两个参数就是开启 openssl TLS 1.3的(需要 openssl 1.1.1+)。

验证方法可参考:本博客开始支持 TLS 1.3

3.服务化

如果使用 yum 安装 nginx 会自动生成 服务化脚本:
/usr/lib/systemd/system/nginx.service

[Unit]
Description=nginx - high performance web server
Documentation=http://nginx.org/en/docs/
After=network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target

[Service]
Type=forking
PIDFile=/var/run/nginx.pid
ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf
ExecReload=/bin/sh -c "/bin/kill -s HUP $(/bin/cat /var/run/nginx.pid)"
#ExecReload=/usr/sbin/nginx -s reload
ExecStop=/bin/sh -c "/bin/kill -s TERM $(/bin/cat /var/run/nginx.pid)"
#ExecStop=/usr/sbin/nginx -s quit

[Install]
WantedBy=multi-user.target

直接上命令:

vi /usr/lib/systemd/system/nginx.service

将上面的脚本内容填入,并保存。

之后的相关操作命令:

systemctl daemon-reload
systemctl enable nginx.service
systemctl start nginx.service