概述
Nginx (engine x) 是一个高性能的HTTP和反向代理服务器,也是一个IMAP/POP3/SMTP服务器。
环境准备
gcc 安装
pcre安装( Nginx的http模块需要使用pcre来解析正则表达式)1 yum -y install pcre pcre-devel
openssl安装1 yum -y install openssl openssl-devel
下载nginx安装包1 wget http://nginx.org/download/nginx-1.12.2.tar.gz
安装 安装nginx 1 2 3 4 5 6 7 8 9 10 # 创建安装目录 mkdir -p /opt/software/nginx # 解压安装包 tar zxvf nginx-1.12.2.tar.gz -C /opt/software/ # 进入目录 cd /opt/software/nginx-1.12.2/ # 编译&&安装 ./configure --prefix=/opt/software/nginx --with-http_stub_status_module --with-stream --with-http_ssl_module --with-http_realip_module make make install
nginx添加系统服务
创建一个 nginx 文件,放到 /etc/init.d 目录中
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 # !/bin/bash # nginx Startup script for the Nginx HTTP Server # # description: Nginx is a high-performance web and proxy server. # It has a lot of features, but it's not for everyone. # processname: nginx # pidfile: /var/run/nginx.pid # config: /opt/software/nginx/conf/nginx.conf nginxd=/opt/software/nginx/sbin/nginx nginx_config=/opt/software/nginx/conf/nginx.conf nginx_pid=/var/run/nginx.pid RETVAL=0 prog="nginx" # Source function library. . /etc/rc.d/init.d/functions # Source networking configuration. . /etc/sysconfig/network # Check that networking is up. [ ${NETWORKING} = "no" ] && exit 0 [ -x $nginxd ] || exit 0 # Start nginx daemons functions. start() { if [ -e $nginx_pid ];then echo "nginx already running...." exit 1 fi echo -n $"Starting $prog: " daemon $nginxd -c ${nginx_config} RETVAL=$? echo [ $RETVAL = 0 ] && touch /var/lock/subsys/nginx return $RETVAL } # Stop nginx daemons functions. stop() { echo -n $"Stopping $prog: " killproc $nginxd RETVAL=$? echo [ $RETVAL = 0 ] && rm -f /var/lock/subsys/nginx /var/run/nginx.pid } # reload nginx service functions. reload() { echo -n $"Reloading $prog: " #kill -HUP `cat ${nginx_pid}` killproc $nginxd -HUP RETVAL=$? echo } # See how we were called. case "$1" in start) start ;; stop) stop ;; reload) reload ;; restart) stop start ;; status) status $prog RETVAL=$? ;; *) echo $"Usage: $prog {start|stop|restart|reload|status|help}" exit 1 esac exit $RETVAL
启动脚本赋权限和加入系统服务
1 2 chmod 755 /etc/init.d/nginx chkconfig --level 2345 nginx on
启动关闭nginx
1 2 3 4 5 6 7 8 # 启动 service nginx start # 关闭 service nginx stop # 重启 service nginx restart # 查看状态 service nginx status
常见问题 启动的时候提示Restarting nginx (via systemctl): Warning: nginx.service changed on disk. Run ‘systemctl daemon-reload’ to reload units.
这是一个警告,直接执行 systemctl daemon-reload 就可以了
启动的时候一直显示Restarting nginx (via systemctl):
centos7 需要增加nginx.service 创建一个 nginx.service 文件,增加好内容后,拷贝到 /usr/lib/systemd/system 目录中
1 2 3 4 5 6 7 8 9 10 11 12 13 [Unit] Description=nginx After=network.target [Service] Type=forking ExecStart=/opt/software/nginx/sbin/nginx ExecReload=/opt/software/nginx/sbin/nginx -s reload ExecStop=/opt/software/nginx/sbin/nginx -s quit PrivateTmp=true [Install] WantedBy=multi-user.target
隐藏nginx版本号 如果nginx没有隐藏版本号,是很危险的,可以争对这个版本做对应的攻击,最好隐藏版本号
修改nginx.conf中,找到“http”字段(如图)。
测试命令
1 curl http://127.0.0.1:80/s
修改前效果
1 2 3 4 5 6 7 <html > <head > <title > 404 Not Found</title > </head > <body bgcolor ="white" > <center > <h1 > 404 Not Found</h1 > </center > <hr > <center > nginx/1.12.2</center > </body > </html >
修改后效果
1 2 3 4 5 6 7 <html > <head > <title > 404 Not Found</title > </head > <body bgcolor ="white" > <center > <h1 > 404 Not Found</h1 > </center > <hr > <center > nginx</center > </body > </html >