CentOS 1810 安装使用 Nginx

本教程旨在安装最少的软件，最小程度的影响现有系统来安装 Nginx。

更新 CentOS：
```
yum -y update
```
安装常用软件：
```
yum -y install wget vim bash-completion
```
wget：用于下载 Nginx（可选），或者使用 Xftp 上传 Nginx（不推荐，本地上传运营商网速受限）。
vim：编辑软件（可选），或者使用 vim 编辑器（不推荐）。
bash-completion：可使用 Tab（可选），方便命令输入，有效防止输错命令（推荐）。
下载 Nginx：
```
 wget http://nginx.org/download/nginx-1.15.9.tar.gz
```
Nginx 官网：http://nginx.org
Nginx 下载页面：http://nginx.org/en/download.html
解压 Nginx：
```
tar -zxvf nginx-1.15.9.tar.gz
```
进入 Nginx 文件夹：
```
cd nginx-1.15.9
```

配置 Nginx：

./configure

如果显示：

checking for OS
 + Linux 3.10.0-957.5.1.el7.x86_64 x86_64
checking for C compiler ... not found

./configure: error: C compiler cc is not found

说明缺少 gcc，安装gcc：

yum -y install gcc

再次运行：

./configure

如果显示：

./configure: error: the HTTP rewrite module requires the PCRE library.
You can either disable the module by using --without-http_rewrite_module
option, or install the PCRE library into the system, or build the PCRE library
statically from the source with nginx by using --with-pcre=<path> option.

说明缺少 pcre-devel，安装pcre-devel：

yum -y install pcre-devel

再次运行：

./configure

如果显示：

./configure: error: the HTTP gzip module requires the zlib library.
You can either disable the module by using --without-http_gzip_module
option, or install the zlib library into the system, or build the zlib library
statically from the source with nginx by using --with-zlib=<path> option.

说明缺少 zlib-devel，安装zlib-devel：

yum -y install zlib-devel

再次运行：

./configure

如果显示：

Configuration summary
  + using system PCRE library
  + OpenSSL library is not used
  + using system zlib library

  nginx path prefix: "/usr/local/nginx"
  nginx binary file: "/usr/local/nginx/sbin/nginx"
  nginx modules path: "/usr/local/nginx/modules"
  nginx configuration prefix: "/usr/local/nginx/conf"
  nginx configuration file: "/usr/local/nginx/conf/nginx.conf"
  nginx pid file: "/usr/local/nginx/logs/nginx.pid"
  nginx error log file: "/usr/local/nginx/logs/error.log"
  nginx http access log file: "/usr/local/nginx/logs/access.log"
  nginx http client request body temporary files: "client_body_temp"
  nginx http proxy temporary files: "proxy_temp"
  nginx http fastcgi temporary files: "fastcgi_temp"
  nginx http uwsgi temporary files: "uwsgi_temp"
  nginx http scgi temporary files: "scgi_temp"

翻译：

配置摘要
   +使用系统PCRE库
   +未使用OpenSSL库
   +使用系统zlib库

   nginx路径前缀："/usr/local/nginx"
   nginx二进制文件："/usr/local/nginx/sbin/nginx"
   nginx模块路径："/usr/local/nginx/modules"
   nginx配置前缀："/usr/local/nginx/conf"
   nginx配置文件："/usr/local/nginx/conf/nginx.conf"
   nginx pid文件："/usr/local/nginx/logs/nginx.pid"
   nginx错误日志文件："/usr/local/nginx/logs/error.log"
   nginx http访问日志文件："/usr/local/nginx/logs/access.log"
   nginx http客户端请求正文临时文件："client_body_temp"
   nginx http代理临时文件："proxy_temp"
   nginx http fastcgi临时文件："fastcgi_temp"
   nginx http uwsgi临时文件："uwsgi_tem"
   nginx http scgi临时文件："scgi_temp"

由上可知，未启动 OpenSSL ，如果不启动，配置 SSL 或出现错误，启动方法：

./configure --with-http_ssl_module

如果出现：

./configure: error: SSL modules require the OpenSSL library.
You can either do not enable the modules, or install the OpenSSL library
into the system, or build the OpenSSL library statically from the source
with nginx by using --with-openssl=<path> option.

说明没有安装 openssl-devel，安装 openssl-devel：

yum -y install openssl-devel

重新运行：

./configure --with-http_ssl_module

如果出现：

Configuration summary
  + using system PCRE library
  + using system OpenSSL library
  + using system zlib library

  nginx path prefix: "/usr/local/nginx"
  nginx binary file: "/usr/local/nginx/sbin/nginx"
  nginx modules path: "/usr/local/nginx/modules"
  nginx configuration prefix: "/usr/local/nginx/conf"
  nginx configuration file: "/usr/local/nginx/conf/nginx.conf"
  nginx pid file: "/usr/local/nginx/logs/nginx.pid"
  nginx error log file: "/usr/local/nginx/logs/error.log"
  nginx http access log file: "/usr/local/nginx/logs/access.log"
  nginx http client request body temporary files: "client_body_temp"
  nginx http proxy temporary files: "proxy_temp"
  nginx http fastcgi temporary files: "fastcgi_temp"
  nginx http uwsgi temporary files: "uwsgi_temp"
  nginx http scgi temporary files: "scgi_temp"

翻译：

配置摘要
+使用系统PCRE库
+使用系统OpenSSL库
+使用系统zlib库

Nginx路径前缀："/usr/local/nginx"
Nginx二进制文件："/usr/local/nginx/sbin/nginx"
Nginx模块路径："/usr/local/nginx/modules"
Nginx配置前缀："/usr/local/nginx/conf"
Nginx配置文件："/usr/local/nginx/conf/nginx.conf"
Nginx pid文件："/usr/local/nginx/logs/nginx.pid"
Nginx错误日志文件："/usr/local/nginx/logs/error.log"
Nginx http访问日志文件："/usr/local/nginx/logs/access.log"
Nginx http客户端请求正文临时文件："client_body_temp"
Nginx http代理临时文件："proxy_temp"
Nginx http fastcgi临时文件："fastcgi_temp"
Nginx http uwsgi临时文件："uwsgi_temp"
Nginx http scgi临时文件："scgi_temp"

由上可知，安装前已无任何问题，安装路径等信息显示如上所示。

编译 Nginx：

make

如果显示：

objs/ngx_modules.o \
-ldl -lpthread -lcrypt -lpcre -lssl -lcrypto -ldl -lpthread -lz \
-Wl,-E
sed -e "s|%%PREFIX%%|/usr/local/nginx|" \
	-e "s|%%PID_PATH%%|/usr/local/nginx/logs/nginx.pid|" \
	-e "s|%%CONF_PATH%%|/usr/local/nginx/conf/nginx.conf|" \
	-e "s|%%ERROR_LOG_PATH%%|/usr/local/nginx/logs/error.log|" \
	< man/nginx.8 > objs/nginx.8
make[1]: Leaving directory `/root/nginx-1.15.9'

说明没有问题。

安装 Nginx：

make install

如果显示：

make -f objs/Makefile install
make[1]: Entering directory `/root/nginx-1.15.9'
test -d '/usr/local/nginx' || mkdir -p '/usr/local/nginx'
test -d '/usr/local/nginx/sbin' \
	|| mkdir -p '/usr/local/nginx/sbin'
test ! -f '/usr/local/nginx/sbin/nginx' \
	|| mv '/usr/local/nginx/sbin/nginx' \
		'/usr/local/nginx/sbin/nginx.old'
cp objs/nginx '/usr/local/nginx/sbin/nginx'
test -d '/usr/local/nginx/conf' \
	|| mkdir -p '/usr/local/nginx/conf'
cp conf/koi-win '/usr/local/nginx/conf'
cp conf/koi-utf '/usr/local/nginx/conf'
cp conf/win-utf '/usr/local/nginx/conf'
test -f '/usr/local/nginx/conf/mime.types' \
	|| cp conf/mime.types '/usr/local/nginx/conf'
cp conf/mime.types '/usr/local/nginx/conf/mime.types.default'
test -f '/usr/local/nginx/conf/fastcgi_params' \
	|| cp conf/fastcgi_params '/usr/local/nginx/conf'
cp conf/fastcgi_params \
	'/usr/local/nginx/conf/fastcgi_params.default'
test -f '/usr/local/nginx/conf/fastcgi.conf' \
	|| cp conf/fastcgi.conf '/usr/local/nginx/conf'
cp conf/fastcgi.conf '/usr/local/nginx/conf/fastcgi.conf.default'
test -f '/usr/local/nginx/conf/uwsgi_params' \
	|| cp conf/uwsgi_params '/usr/local/nginx/conf'
cp conf/uwsgi_params \
	'/usr/local/nginx/conf/uwsgi_params.default'
test -f '/usr/local/nginx/conf/scgi_params' \
	|| cp conf/scgi_params '/usr/local/nginx/conf'
cp conf/scgi_params \
	'/usr/local/nginx/conf/scgi_params.default'
test -f '/usr/local/nginx/conf/nginx.conf' \
	|| cp conf/nginx.conf '/usr/local/nginx/conf/nginx.conf'
cp conf/nginx.conf '/usr/local/nginx/conf/nginx.conf.default'
test -d '/usr/local/nginx/logs' \
	|| mkdir -p '/usr/local/nginx/logs'
test -d '/usr/local/nginx/logs' \
	|| mkdir -p '/usr/local/nginx/logs'
test -d '/usr/local/nginx/html' \
	|| cp -R html '/usr/local/nginx'
test -d '/usr/local/nginx/logs' \
	|| mkdir -p '/usr/local/nginx/logs'
make[1]: Leaving directory `/root/nginx-1.15.9'

说明没有问题。

查看 Nginx 版本：

/usr/local/nginx/sbin/nginx -v

显示为：

nginx version: nginx/1.15.9

测试 Nginx：

/usr/local/nginx/sbin/nginx -t

显示为：

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

启动 Nginx：

/usr/local/nginx/sbin/nginx

什么都不显示。说明正常启动了。
如果显示：

[[email protected] nginx-1.15.9]# /usr/local/nginx/sbin/nginx
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] still could not bind()

说明重复启动了。

停止 Nginx：

/usr/local/nginx/sbin/nginx -s stop

什么都不显示，说明已停止了。
如果显示：

nginx: [error] open() "/usr/local/nginx/logs/nginx.pid" failed (2: No such file or directory)

说明重复停止了。

强制停止：
```
pkill nginx
```

访问 Nginx：

打开防火墙：

查看防火墙状态：
```
systemctl status firewalld
```
打开防火墙：
```
systemctl start firewalld.service
```
关闭防火墙：
```
systemctl stop firewalld.service
```
防火墙开机自启：
```
systemctl enable firewalld.service
```
关闭防火墙开机自启：
```
systemctl disable firewalld.service 
```

查看防火墙开机自启：

systemctl list-unit-files |grep firewalld.service

打开 http 端口：

firewall-cmd --zone=public --add-service=http --permanent

或者为（打开 80 端口）：

firewall-cmd --zone=public --add-port=80/tcp --permanent

关闭将 add 换为 remove。

重新加载防火墙：
```
firewall-cmd --reload
```
或重启防火墙（不推荐，防火墙将终端）：
```
 systemctl restart firewalld.service
```

查看防火墙已启动的端口（服务）：

firewall-cmd --list-all

显示：

public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens33
  sources: 
  services: ssh dhcpv6-client http
  ports: 
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules:

访问 Nginx：

开机自启：
注意：设置开机自启前需要先将 Nginx 停止（命令：pkill nginx）。

创建并编辑开机启动文件：

vim /lib/systemd/system/nginx.service

按 i 输入以下内容：

[Unit]
Description=nginx
After=network.target

[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s quit
PrivateTmp=true

[Install]
WantedBy=multi-user.target

启动 Nginx：
```
systemctl start nginx.service
```
关闭 Nginx：
```
systemctl stop nginx.service
```
查看 Nginx：
```
systemctl status nginx.service
```
设置开机启动：
```
systemctl enable nginx.service
```

查看开机启动：

systemctl list-unit-files |grep nginx.service

配置 SSL：
采用腾讯云的 SSL（免费申请）。
参考文档（腾讯云）：证书安装指引

将腾讯云 Nginx 版 SSL 上传至 /usr/local/nginx/conf 目录，如：

[[email protected] conf]# ls
1_www.wimcom.cn_bundle.crt  fastcgi.conf.default    koi-utf     mime.types.default  scgi_params          uwsgi_params.default
2_www.wimcom.cn.key         fastcgi_params          koi-win     nginx.conf          scgi_params.default  win-utf
fastcgi.conf                fastcgi_params.default  mime.types  nginx.conf.default  uwsgi_params

编辑 Nginx 配置文件：

vim /usr/local/nginx/conf/nginx.conf

添加（注意位置，在倒数第二行添加，倒数第一行是一个后花括号 } ）：

    server {
        listen 443 ssl;
        server_name www.wimcom.cn;
        ssl on;
        ssl_certificate 1_www.wimcom.cn_bundle.crt;
        ssl_certificate_key 2_www.wimcom.cn.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
        ssl_prefer_server_ciphers on;
        location / {
            root   html;
            index  index.html index.htm;
        }
    }

测试：

/usr/local/nginx/sbin/nginx -t

出现：

nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /usr/local/nginx/conf/nginx.conf:122
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

说明配置成功，至于有警告，删除上面第2步中的 ssl on; 即可。

重启 Nginx：
```
systemctl restart nginx.service
```
修改本地Host（本人采用的是虚拟机，如果是服务器，需要修改解析）：
1. host所在的文件夹为 C:\Windows\System32\drivers\etc ；
2. 直接使用记事本打开并修改后，不能保存（没有权限）；
3. 域名（wimcom.cn）及域名前带www（www.wimcom.cn）的 SSL 为相同的文件。
4. 直接可使用 Dism++（官网：https://www.chuyu.me）软件进行修改；
访问 https：
https://www.wimcom.cn

https://wimcom.cn

HTTP 自动跳转 HTTPS：

编辑 Nginx 配置文件：
```
vim /usr/local/nginx/conf/nginx.conf
```

在 HTTP 的 server 里增加：

rewrite ^(.*) https://$host$1 permanent;

测试 Nginx：

/usr/local/nginx/sbin/nginx -t

显示：

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

说明没有问题了。

重启 Nginx：
```
 systemctl restart nginx.service
```
访问 HTTP 自动跳转 HTTPS：
http://www.wimcnm.cn
http://wimcom.cn

CentOS 1810 安装使用 Nginx

本教程旨在安装最少的软件，最小程度的影响现有系统来安装 Nginx。

相关推荐