Linux Centos7安装nginx

概述

Nginx (engine x) 是一个高性能的HTTP和反向代理服务器,也是一个IMAP/POP3/SMTP服务器。

环境准备

  1. gcc 安装
    1
    yum -y install gcc-c++
  2. pcre安装( Nginx的http模块需要使用pcre来解析正则表达式)
    1
    yum -y install pcre pcre-devel
  3. openssl安装
    1
    yum -y install openssl openssl-devel
  4. 下载nginx安装包
    1
    wget http://nginx.org/download/nginx-1.12.2.tar.gz

安装

安装nginx

1
2
3
4
5
6
7
8
9
10
#创建安装目录
mkdir -p /opt/software/nginx
#解压安装包
tar zxvf nginx-1.12.2.tar.gz -C /opt/software/
#进入目录
cd /opt/software/nginx-1.12.2/
#编译&&安装
./configure --prefix=/opt/software/nginx --with-http_stub_status_module --with-stream --with-http_ssl_module --with-http_realip_module
make
make install

nginx添加系统服务

创建一个 nginx 文件,放到 /etc/init.d 目录中

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
#!/bin/bash


# nginx Startup script for the Nginx HTTP Server
#
# chkconfig: - 85 15
# description: Nginx is a high-performance web and proxy server.
# It has a lot of features, but it's not for everyone.
# processname: nginx
# pidfile: /var/run/nginx.pid
# config: /opt/software/nginx/conf/nginx.conf

nginxd=/opt/software/nginx/sbin/nginx
nginx_config=/opt/software/nginx/conf/nginx.conf
nginx_pid=/var/run/nginx.pid

RETVAL=0
prog="nginx"

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0

[ -x $nginxd ] || exit 0


# Start nginx daemons functions.
start() {

if [ -e $nginx_pid ];then
echo "nginx already running...."
exit 1
fi
echo -n $"Starting $prog: "
daemon $nginxd -c ${nginx_config}
RETVAL=$?
echo
[ $RETVAL = 0 ] && touch /var/lock/subsys/nginx
return $RETVAL

}


# Stop nginx daemons functions.
stop() {
echo -n $"Stopping $prog: "
killproc $nginxd
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f /var/lock/subsys/nginx /var/run/nginx.pid
}


# reload nginx service functions.
reload() {

echo -n $"Reloading $prog: "
#kill -HUP `cat ${nginx_pid}`
killproc $nginxd -HUP
RETVAL=$?
echo

}

# See how we were called.
case "$1" in
start)
start
;;

stop)
stop
;;

reload)
reload
;;

restart)
stop
start
;;

status)
status $prog
RETVAL=$?
;;
*)
echo $"Usage: $prog {start|stop|restart|reload|status|help}"
exit 1
esac

exit $RETVAL

启动脚本赋权限和加入系统服务

1
2
chmod 755 /etc/init.d/nginx
chkconfig --level 2345 nginx on

启动关闭nginx

1
2
3
4
5
6
7
8
#启动
service nginx start
#关闭
service nginx stop
#重启
service nginx restart
#查看状态
service nginx status

常见问题

启动的时候提示Restarting nginx (via systemctl): Warning: nginx.service changed on disk. Run ‘systemctl daemon-reload’ to reload units.

这是一个警告,直接执行 systemctl daemon-reload 就可以了

1
systemctl daemon-reload

启动的时候一直显示Restarting nginx (via systemctl):

centos7 需要增加nginx.service
创建一个 nginx.service 文件,增加好内容后,拷贝到 /usr/lib/systemd/system 目录中

1
2
3
4
5
6
7
8
9
10
11
12
13
[Unit]
Description=nginx
After=network.target

[Service]
Type=forking
ExecStart=/opt/software/nginx/sbin/nginx
ExecReload=/opt/software/nginx/sbin/nginx -s reload
ExecStop=/opt/software/nginx/sbin/nginx -s quit
PrivateTmp=true

[Install]
WantedBy=multi-user.target

隐藏nginx版本号

如果nginx没有隐藏版本号,是很危险的,可以争对这个版本做对应的攻击,最好隐藏版本号

修改nginx.conf中,找到“http”字段(如图)。

  • 测试命令

    1
    curl http://127.0.0.1:80/s
  • 修改前效果

    1
    2
    3
    4
    5
    6
    7
    <html>
    <head><title>404 Not Found</title></head>
    <body bgcolor="white">
    <center><h1>404 Not Found</h1></center>
    <hr><center>nginx/1.12.2</center>
    </body>
    </html>
  • 修改后效果

    1
    2
    3
    4
    5
    6
    7
    <html>
    <head><title>404 Not Found</title></head>
    <body bgcolor="white">
    <center><h1>404 Not Found</h1></center>
    <hr><center>nginx</center>
    </body>
    </html>