1、安装依赖
yum -y install gcc gcc-c++ zlib zlib-devel openssl openssl-devel pcre pcre-devel libunwind gperftools
2、编译安装
cd /opt/ \
&& tar xf nginx-1.14.2.tar.gz \
&& cd nginx-1.14.2 \
&& ./configure --prefix=/opt/nginx \
--with-pcre \
--with-http_ssl_module \
--with-http_gzip_static_module \
--with-google_perftools_module \
&& make -j 2 && make install
3、启动并测试
/opt/nginx/sbin/nginx -t # 测试配置文件
/opt/nginx/sbin/nginx # 启动nginx
curl -I http://localhost # 测试
4、配置
# nginx.conf
worker_processes 8;
error_log /opt/nginx/logs/nginx_error.log crit;
pid /opt/nginx/nginx.pid;
google_perftools_profiles /dev/shm/tcmalloc;
worker_rlimit_nofile 65535;
events{
use epoll;
worker_connections 65535;
}
http {
include mime.types;
default_type application/octet-stream;
charset utf-8;
server_tokens off;
server_names_hash_bucket_size 128;
client_header_buffer_size 4k;
large_client_header_buffers 4 1m;
client_max_body_size 200m;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 360;
keepalive_requests 10000;
proxy_http_version 1.1;
open_file_cache max=204800 inactive=20s;
open_file_cache_min_uses 1;
open_file_cache_valid 30s;
proxy_connect_timeout 900;
proxy_send_timeout 900;
proxy_read_timeout 900;
proxy_buffer_size 16k;
proxy_buffers 4 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain text/xml application/x-javascript text/css application/xml;
gzip_vary on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 4k;
fastcgi_buffers 8 4k;
fastcgi_busy_buffers_size 8k;
fastcgi_temp_file_write_size 8k;
fastcgi_cache_valid 200 302 1h;
fastcgi_cache_valid 301 1d;
fastcgi_cache_valid any 1m;
fastcgi_cache_min_uses 1;
fastcgi_cache_use_stale error timeout invalid_header http_500;
fastcgi_param SERVER_NAME $host;
server_name_in_redirect off;
add_header "X-UA-Compatible" "IE=EmulateIE8";
limit_conn_zone $binary_remote_addr zone=dafylimit:10m;
upstream lnso {
server 192.168.100.5:8080 weight=3 max_fails=3 fail_timeout=10s;
server 192.168.100.6:8080 weight=3 max_fails=3 fail_timeout=10s;
}
log_format main '$remote_addr - $remote_user [$time_local] "$request"'
'$status $body_bytes_sent "$http_referer"'
'"$http_user_agent" $http_x_forwarded_for';
include vhosts/*;
server {
listen *:80 default;
server_name _;
return 500;
}
server {
listen *:443 default;
server_name _;
ssl on;
ssl_certificate server.crt;
ssl_certificate_key server.key;
return 500;
}
}
5、对外主机
# server-out.conf
server {
listen 80;
server_name www.lnso.com;
index index.htm index.html index.jsp login.htm main.htm foot.htm top.htm mobile.htm;
root /opt/nginx/html/lnso;
charset utf-8;
if (-d $request_filename){
rewrite ^/(.*)([^/])$ http://$host/$1$2/ permanent;
}
location ~ .(do|shtml|html|json|jsp|htm|svl|cdo|dld)?$ {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://lnso;
}
location ~ ^/(WEB-INF)/ {
deny all;
}
location ~ .(gif|jpg|jpeg|swf|png|bmp|ioc|rar|zip|txt|flv|mid|doc|ppt|pdf|xls|xlsx|mp3|wma)?$ {
expires 1d;
}
location ~ .(js|css)?$ {
expires 1h;
}
access_log /data/logs/lnso_access main;
error_log /data/logs/lnso_error ;
}
server {
listen 443;
server_name www.lnso.com;
index index.htm index.html index.jsp login.htm main.htm foot.htm top.htm mobile.htm;
root /opt/nginx/html/lnso;
charset utf-8;
ssl on;
ssl_certificate server.crt;
ssl_certificate_key server.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location ~ .(do|shtml|html|json|jsp|htm|svl|cdo|dld)?$ {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://lnso;
}
location ~ ^/(WEB-INF)/ {
deny all;
}
location ~ .(gif|jpg|jpeg|swf|png|bmp|ioc|rar|zip|txt|flv|mid|doc|ppt|pdf|xls|xlsx|mp3|wma)?$ {
expires 1d;
}
location ~ .(js|css)?$ {
expires 1h;
}
access_log /data/logs/lnso_access main;
error_log /data/logs/lnso_error ;
}
6、对内主机
# server-in.conf
server {
listen 80;
server_name www.lnso.service;
index index.jsp index.htm index.html index.do login.vm;
charset utf-8;
allow 127.0.0.1;
allow 192.168.0.0/24;
deny all;
location ~ / {
add_header Access-Control-Allow-Origin *
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://lnso;
}
access_log /data/logs/lnso_access main;
error_log /data/logs/lnso_error ;
}