高性能网关 Nginx
Nginx 安装包下载地址
推荐使用最新版本 Stable version nginx-1.18.0
Centos Nginx 安装手册
cd /usr/local
下载wget工具
yum -y install wget
下载Nginx安装包
wget http://nginx.org/download/nginx-1.18.0.tar.gz
解压
tar -zxvf nginx-1.18.0.tar.gz
安装 gcc pcre zlib openssl
yum -y install gcc-c++ pcre pcre-devel zlib zlib-devel openssl openssl-devel
配置安装
./configure & make & make install
配置环境变量
echo 'export PATH=/usr/local/nginx/sbin:$PATH'>> /etc/profile
使环境变量生效
source /etc/profile
设置开机启动
echo '/usr/local/nginx/sbin/nginx'>>/etc/rc.local
chmod 755 /etc/rc.local
Nginx 常用使用命令
帮助命令:nginx -h
启动Nginx服务器 :sudo nginx
查看进程: ps aux | grep nginx
配置文件路径:/usr/local/nginx/conf/nginx.conf
检查配置文件:sudo nginx -t
指定启动配置文件:sudo nginx -c /usr/local/nginx/conf/nginx.conf
暴力停止服务:sudo nginx -s stop
优雅停止服务:sudo nginx -s quit
重新加载配置文件:sudo nginx -s reload
Nginx 推荐配置
推荐一个比较好用的Nginx自动配置地址
主配置文件
/usr/local/nginx/conf/nginx.conf
user root;
#进程文件
pid /run/nginx.pid;
# nginx进程数,建议设置为等于CPU总核心数
worker_processes 8;
# 一个nginx进程打开的最多文件描述符数目
worker_rlimit_nofile 65535;
# Load modules
include /usr/local/nginx/conf/modules-enabled/*.conf;
events {
# epoll模型是Linux 2.6以上版本内核中的高性能网络I/O模型
use epoll;
multi_accept on;
worker_connections 65535;
}
http {
charset utf-8;
#开启高效文件传输模式
sendfile on;
#防止网络阻塞
tcp_nopush on;
#防止网络阻塞
tcp_nodelay on;
server_tokens off;
types_hash_max_size 2048;
types_hash_bucket_size 64;
client_max_body_size 16M;
# MIME
include mime.types;
default_type application/octet-stream;
# 日志格式
log_format cloudflare '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $http_cf_ray $http_cf_connecting_ip $http_x_forwarded_for $http_x_forwarded_proto $http_true_client_ip $http_cf_ipcountry $http_cf_visitor $http_cdn_loop';
# 日志模块
access_log /var/log/nginx/access.log cloudflare;
error_log /var/log/nginx/error.log warn;
# 限流模块
limit_req_log_level warn;
limit_req_zone $binary_remote_addr zone=login:10m rate=10r/m;
# 外部配置
include /usr/local/nginx/conf/conf.d/*.conf;
include /usr/local/nginx/conf/sites-enabled/*;
}
反向代理配置文件地址
/usr/local/nginx/conf/sites-enabled/demo.com.conf
listen 80;
listen [::]:80;
root /opt/static/public;
# 安全配置
include nginxconfig.io/security.conf;
# 日志配置 自定义项目名称 project
access_log /var/log/nginx/project.access.log cloudflare;
error_log /var/log/nginx/project.error.log warn;
# 反向代理配置
location /api {
proxy_pass http://127.0.0.1:3000;
include nginxconfig.io/proxy.conf;
}
# 前端路由 index.html fallback
location / {
try_files $uri $uri/ /index.html;
}
# 其他配置
include nginxconfig.io/general.conf;
}
配置文件地址
/usr/local/nginx/conf/nginxconfig.io/general.conf
# gzip
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
反向代理相关配置
/usr/local/nginx/conf/nginxconfig.io/proxy.conf
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
# Proxy headers
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
# Proxy timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
安全相关配置
/usr/local/nginx/conf/nginxconfig.io/security.conf
# security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer" always;
add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
# . files
location ~ /\.(?!well-known) {
deny all;
}
OpenJDK 1.8 安装手册
yum -y install java-1.8.0-openjdk java-1.8.0-openjdk-devel
cat > /etc/profile.d/java8.sh <<EOF
export JAVA_HOME=$(dirname $(dirname $(readlink $(readlink $(which javac)))))
export PATH=\$PATH:\$JAVA_HOME/bin
export CLASSPATH=.:\$JAVA_HOME/jre/lib:\$JAVA_HOME/lib:\$JAVA_HOME/lib/tools.jar
EOF
source /etc/profile.d/java8.sh
java -version
javac -version
Redis 最新稳定版 6.0.6 安装手册
yum -y install centos-release-scl # 升级到GCC 9.1版本
yum -y install devtoolset-9-gcc devtoolset-9-gcc-c++ devtoolset-9-binutils
scl enable devtoolset-9 bash
echo "source /opt/rh/devtoolset-9/enable" >>/etc/profile
获取最新稳定版本安装包
cd /usr/local
wget http://download.redis.io/releases/redis-6.0.6.tar.gz
tar xzf redis-6.0.6.tar.gz
cd redis-6.0.6
make
