Installation of CentOS 7.6 Nginx

1. Install gcc environment, perl library, zlib, openssl, etc.

#nginx compilation depends on gcc environment
yum install -y gcc-c++

# pcre:(Perl Compatible Regular Expressions) is a perl library, including perl-compatible regular expression libraries. nginx's http module uses PCRE to parse regular expressions
yum install -y pcre pcre-devel

# The library provides many ways to compress and decompress. nginx uses zlib to gzip the contents of http packages
yum install -y zlib zlib-devel

# A powerful Secure Socket Layer Cryptographic Library, including the main cryptographic algorithms, commonly used key and certificate encapsulation management functions and SSL protocol, and provides a wealth of applications for testing or other purposes. nginx supports not only http protocol, but also https (i.e., HTTP over SSL protocol)
yum install -y openssl openssl-devel

# Restart
reboot

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14

2. Download the latest nginx source package on the official website nginx-1.14.2.tar.gz Upload to the / usr/local file in the Linux server. After decompressing the source code, it enters the folder.

tar -zxf nginx-1.14.2.tar.gz
cd nginx-1.14.2
  • 1
  • 2

III. Compilation Nginx

./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
make
make install
  • 1
  • 2
  • 3

IV. Inspection of the Effectiveness of Installation

#Display the path to install Nginx, and you will find that the installation directory is / usr/local/nginx
whereis nginx
cd /usr/local/nginx/
  • 1
  • 2
  • 3

5. Edit the configuration file of nginx and optimize it. Refer to the optimized configuration file as follows

#Edit nginx configuration file
vim /usr/local/nginx/conf/nginx.conf

# View the number of cores in each physical CPU (that is, the number of cores)
cat /proc/cpuinfo| grep "cpu cores"| uniq
# View the number of logical CPU s
cat /proc/cpuinfo| grep "processor"| wc -l

# References are as follows:
user root;
worker_processes 4;
worker_rlimit_nofile 102400;

events {
use epoll;
worker_connections 65535;
multi_accept on;
}

http {
access_log off;
error_log /dev/null;

server_tokens                 off;
open_file_cache               max=102400 inactive=20s;
open_file_cache_valid         30s;
open_file_cache_min_uses      1;
reset_timedout_connection     on;

gzip                          on;
gzip_min_length               2k;
gzip_buffers                  4 32k;
gzip_http_version             1.1;
gzip_comp_level               6;
gzip_types                    text/plain text/javascript text/xml text/css application/json application/javascript application/x-javascript application/xml;
gzip_disable                  "MSIE [1-6]\."
gzip_vary                     on;
gzip_proxied                  any;

tcp_nopush                    on;    
tcp_nodelay                   on;

include                       mime.types;
default_type                  application/octet-stream;
sendfile                      on;

keepalive_timeout             16;

proxy_connect_timeout         8s;
proxy_send_timeout            8s;
proxy_read_timeout            8s;
send_timeout                  3s;

upstream {name} {
           server 192.168.1.0:9001 max_fails=5 fail_timeout=30s weight=1; 
           server 192.168.1.1:9001 max_fails=5 fail_timeout=30s weight=1;
           server 192.168.1.2:9001 max_fails=5 fail_timeout=30s weight=1;
}

server {      
    listen       80;
    listen 443 ssl;
    server_name localhost;

    ssl_certificate   cert/214600202240691.pem;
    ssl_certificate_key  cert/214600202240691.key;
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;	
    
    proxy_set_header host                $host;
    proxy_set_header X-forwarded-for $proxy_add_x_forwarded_for;
    proxy_set_header   X-Real-IP   $remote_addr;
	
    location / {
        proxy_pass http://{name};
    }
}

server {         
    listen       8080;         
    server_name  localhost;         
    location / {
		root {path};         
	}     
}

}

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90

VI. Verify the validity of the Nginx configuration file

/usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf
#If the following prompt appears, the configuration file is valid.
#nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
#nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
  • 1
  • 2
  • 3
  • 4
  • 5

7. Enter the sbin directory of nginx and (start | reload | exit) Nginx.

cd /usr/local/nginx/sbin

# Start Nginx
./nginx -c /usr/local/nginx/conf/nginx.conf

# Stop Nginx
./nginx -s quit

# reload configuration file
./nginx -s reload

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10

Appendix:
I. Nginx's log is cut by sky

  1. Create split_nginx_log.sh in a directory you like
vim split_nginx_log.sh
  • 1
  1. Enter the following script and save the exit
#!/bin/bash

LOG_PATH=/usr/local/nginx/logs/
PID=/usr/local/nginx/logs/nginx.pid
YESTERDAY=$(date -d "yesterday" +%Y-%m-%d)

mv ${LOG_PATH}access.log LOGPATHaccess−{LOG_PATH}access-LOGP​ATHaccess−{YESTERDAY}.log
mv ${LOG_PATH}error.log LOGPATHerror−{LOG_PATH}error-LOGP​ATHerror−{YESTERDAY}.log

kill -USR1 cat ${PID}

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  1. Permissions to modify this file
chmod +x ./split_nginx_log.sh
  • 1
  1. Establish a timed task and enter a task script (e.g. execute it regularly at 00:00 a.m. every day)
# Editorial Timing Task
crontab -e
 # Input task script
00 00 * * * /bin/bash /usr/local/nginx/split_nginx_log.sh
  • 1
  • 2
  • 3
  • 4

2. Nginx Common Log Query

  1. Query the most frequently visited URL
awk '{print $7}' access.log|sort | uniq -c |sort -n -k 1 -r|more
  • 1
  1. View the visitor's IP and the total number of visits under that ip. Execute the following code under the logs folder. The results show that the first segment is the number of visits and the second segment is the corresponding ip.
awk '{print $1}' access.log |sort |uniq -c|sort -n
  • 1

Nginx Configuration Blacklist

  1. In the conf folder of nginx, create a new blacklist ip file named blacklist.conf. In the future, adding blacklist ip only needs to edit this file. Add the following
deny  120.27.XX.XX; 
  • 1
  1. Add the following configuration in nginx configuration file nginx.conf, which can be put into http, server, location, limit_except statement block.
include blacklist.conf; 
  • 1
  1. Reload nginx
./nginx -s reload
  • 1
                                </div>

Tags: Nginx zlib yum SSL

Posted on Mon, 26 Aug 2019 04:55:26 -0700 by Hiccup