一、文档介绍

此文档旨在规范服务器上 Nginx 部署步骤，标准化操作步骤，为后续标准运维提供支撑。

二、部署说明

• 操作系统：Linux（CentOS 7.6）
• 安装包版本：Nginx 1.26.2

三、下载

官网下载地址：https://nginx.org/download/

cd /usr/local/src
wget https://nginx.org/download/nginx-1.26.2.tar.gz

四、安装依赖包

yum install -y openssl openssl-devel pcre pcre-devel libxml2 libxml2-devel libxslt libxslt-devel gd gd-devel pcre pcre-devel perl-ExtUtils-Embed

五、安装

cd /usr/local/src
tar zxf nginx-1.26.2.tar.gz
cd nginx-1.26.2
# 解决无法找到 openssl 问题
sed '/ngx_feature_libs/s#R/usr/local/lib #R/usr/local/lib64 #g' auto/lib/openssl/conf
# 编译
./configure --prefix=/usr/local/nginx --with-compat --with-debug --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_degradation_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_perl_module=dynamic --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-http_mp4_module --with-http_xslt_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-pcre --with-pcre-jit --with-stream=dynamic --with-stream_ssl_module --with-stream_ssl_preread_module --with-threads
make -j2
# 安装
make install

六、创建目录

mkdir -p /data/nginx_data/
mkdir -p /data/logs/nginx
cd /usr/local/nginx
mv conf /data/nginx_data/
ln -s /data/nginx_data/conf conf
mkdir -p conf/conf.d
rm -rf logs
ln -s /data/logs/nginx logs
mkdir -p /data/nginx_data/certs
ln -s /data/nginx_data/certs certs

七、配置环境变量

cat <<"EOF" | tee -a /etc/profile
# nginx
export NGINX_HOME=/usr/local/nginx
export PATH=$NGINX_HOME/sbin:$PATH
EOF

source /etc/profile

八、修改配置文件

cd /usr/local/nginx/conf
cat <<EOF | tee nginx.conf
user root ;
worker_processes auto;
worker_cpu_affinity auto;

events {
    use epoll;
    worker_connections  65535;
    accept_mutex on;
    multi_accept on;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    underscores_in_headers on;

    server_tokens off;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for" $request_time '
                      '$upstream_response_time $upstream_addr $upstream_status';

    access_log logs/access.log main;

    sendfile        on;
    #tcp_nopush     on;

    proxy_buffer_size  128k;
    proxy_buffers   32 32k;
    proxy_busy_buffers_size 128k;

    keepalive_timeout  65;

    gzip  on;
    gzip_proxied any;
    #gzip_min_length    1k;
    gzip_comp_level     6;
    #gzip_buffers     4 32k;
    gzip_http_version 1.1;
    gzip_types text/plain text/css text/xml text/javascript application/xml application/javascript application/json application/octet-stream image/jpeg image/gif image/png;

    include conf.d/*.conf;
}
EOF

九、创建服务

cd /data/nginx_data
cat <<EOF | tee nginx.service
[Unit]
Description=The nginx HTTP and reverse proxy server
After=network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target

[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
# Nginx will fail to start if /run/nginx.pid already exists but has the wrong
# SELinux context. This might happen when running `nginx -t` from the cmdline.
# https://bugzilla.redhat.com/show_bug.cgi?id=1268621
ExecStartPre=/usr/bin/rm -f /run/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf
ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
ExecReload=/usr/local/nginx/sbin/nginx -s reload -c /usr/local/nginx/conf/nginx.conf
ExecStop=/usr/local/nginx/sbin/nginx -s stop -c /usr/local/nginx/conf/nginx.conf
KillSignal=SIGQUIT
TimeoutStopSec=5
KillMode=process
PrivateTmp=true

[Install]
WantedBy=multi-user.target
EOF
cp nginx.service /usr/lib/systemd/system/

十、启动服务

systemctl daemon-reload
systemctl enable nginx --now
systemctl status nginx

十一、添加配置

代理或前端配置文件目录：/usr/local/nginx/conf/conf.d。例如：

(一) 前端

server {
  listen 80;

  location / {
    alias /usr/share/nginx/html/dist/;
    try_files $uri $uri/ /index.html;
    index index.html index.htm;
  }

}

(二) HTTP 代理

server {
  listen 443 ssl;
  listen 80;
  server_name api.rucjohn.tech;
  index index.html index.htm index.php;

  ssl_prefer_server_ciphers on;
  ssl_protocols TLSv1 TLSv1.1 TLSV1.2;
  ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
  ssl_certificate "/usr/local/nginx/certs/server.crt";
  ssl_certificate_key "/usr/local/nginx/certs/server.key";

  location ^~ /api/v1/simple {
    proxy_pass http://127.0.0.243;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }
}

(三) TCP 代理

upstream mysql {
    hash $remote_addr consistent;
    server 127.0.0.240:3306;
}

server {
    listen 13306 so_keepalive=on;
    proxy_pass mysql;
}