建站不啰嗦,上手跟我做(九)nginx 下载和安装
下载
nginx 需要去官网下载
安装
1、解压 nginx
[root@localhost /]# cd /usr
[root@localhost usr]# ls
bin games java lib libexec nginx share tmp
etc include jdk lib64 local sbin src tomcat
[root@localhost usr]# cd nginx
[root@localhost nginx]# ls
nginx-1.13.12.tar.gz
[root@localhost nginx]# tar -zxvf nginx-1.13.12.tar.gz
2、安装依赖
下载模块依赖性 Nginx 需要依赖下面 3 个包
1).gzip 模块需要 zlib 库
2).rewrite 模块需要 pcre 库
3).ssl 功能需要 openssl 库
依赖包安装顺序依次为:openssl、zlib、pcre, 然后安装 Nginx 包
openssl 安装
[root@localhost] tar zxvf opensslfips2.0.9.tar.gz
[root@localhost] cd opensslfips2.0.9
[root@localhost] ./config --prefix=/usr/local/ssl && make && make install
pcre 安装
[root@localhost] tar zxvf pcre8.36.tar.gz
[root@localhost] cd pcre8.36
[root@localhost] ./configure --prefix=/usr/local/pcre && make && make install
zlib 安装
[root@localhost]tar zxvf zlib1.2.8.tar.gz
[root@localhost] cd zlib1.2.8
[root@localhost] ./configure --prefix=/usr/local/zlib && make && make install
3、安装 nginx
[root@localhost]tar zxvf nginx1.8.0.tar.gz
[root@localhost] cd nginx1.8.0
[root@localhost] ./configure && make && make install
启动命令:/usr/local/nginx/sbin/nginx
发现报错了:
error while loading shared libraries: libpcre.so.1: cannot open shared object file: No such file or
directory
经网上查询,这是 linux 的通病
先找到 libpcre.so.1 所在位置,然后做个软链接就可以了。
[root@localhost nginx]# sbin/nginx
sbin/nginx: error while loading shared libraries: libpcre.so.1: cannot open shared object file: No
such file or directory
[root@localhost nginx]# error while loading shared libraries: libpcre.so.1: cannot open shared
object file: No such file or directory
[root@localhost nginx]# whereis libpcre.so.1
libpcre.so: /lib64/libpcre.so.0 /usr/local/lib/libpcre.so /usr/local/lib/libpcre.so.1
[root@localhost nginx]# ln s /usr/local/lib/libpcre.so.1 /lib64
[root@localhost nginx]# sbin/nginx
ps:
启动:/usr/local/nginx/sbin/nginx
停止:/usr/local/nginx/sbin/nginx -s stop
停止:/usr/local/nginx/sbin/nginx -s quit
重新加载:/usr/local/nginx/sbin/nginx -s reload
验证配置文件是否合法:/usr/local/nginx/sbin/nginx -t
命令帮助:/usr/local/nginx/sbin/nginx -h
查看 nginx 运行情况
[root@localhost sbin]# ps -ef |grep nginx
root 23693 1 0 10:21 ? 00:00:00 nginx: master process ./ngin
nobody 23694 23693 0 10:21 ? 00:00:00 nginx: worker process
root 23702 3731 0 10:21 pts/0 00:00:00 grep --color=auto nginx
[root@localhost sbin]# ./nginx -s quit
[root@localhost sbin]# ps -ef |grep nginx
root 23741 3731 0 10:24 pts/0 00:00:00 grep --color=auto nginx
[root@localhost /]# whereis nginx.conf
nginx: /usr/local/nginx
4、可能会出现的问题
如果没有安装 c++ 编译环境,还得安装,通过 yum install gccc++ 完成安装
[root@localhost nginx-1.15.8]# yum install gccc++
问题:
./configure: error: the HTTP rewrite module requires the PCRE library.
[root@localhost nginx-1.15.8]# yum -y install pcre-devel
问题:
./configure: error: the HTTP gzip module requires the zlib library.
[root@localhost nginx-1.15.8]# yum install -y zlib-devel
问题:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
[root@localhost nginx-1.15.8]# yum install deltarpm
问题:
No Presto metadata available for base
[root@localhost nginx-1.15.8]# yum provides '*/applydeltarpm'
问题:
unknown directive "ssl" in /usr/local/nginx/conf/nginx.conf:38
[root@localhost nginx-1.15.8]# ./configure --with-http_ssl_module
问题:
./configure: error: SSL modules require the OpenSSL library.
[root@localhost nginx-1.15.8]# yum -y install openssl openssl-devel
[root@localhost nginx-1.15.8]# ./configure --with-http_ssl_module
[root@localhost nginx-1.15.8]#cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak
[root@localhost nginx-1.15.8]# cp -rfp objs/nginx /usr/local/nginx/sbin/nginx
cp: overwrite ‘/usr/local/nginx/sbin/nginx’? y
问题:
checking for C compiler ... not found
./configure: error: C compiler cc is not found
[root@VM_48_15_centos nginx-1.15.8]# yum install gcc gcc-c++ kernel-devel
5、tomcat 服务器部署项目:
[root@localhost apache-tomcat-8.5.31]# cd webapps
[root@localhost webapps]# ls
docs FirstMavenProject host-manager ROOT
examples FirstMavenProject.war manager
[root@localhost webapps]# pwd
/usr/tomcat/apache-tomcat-8.5.31/webapps
6、启动 tomcat 服务:
[root@localhost bin]# ./startup.sh
Using CATALINA_BASE: /usr/tomcat/apache-tomcat-8.5.31
Using CATALINA_HOME: /usr/tomcat/apache-tomcat-8.5.31
Using CATALINA_TMPDIR: /usr/tomcat/apache-tomcat-8.5.31/temp
Using JRE_HOME: /usr
Using CLASSPATH: /usr/tomcat/apache-tomcat-8.5.31/bin/bootstrap.jar:/usr/tomcat/apache-tomcat-8.5.31/bin/tomcat-juli.jar
Tomcat started.
[root@localhost bin]# pwd
/usr/tomcat/apache-tomcat-8.5.31/bin
7、配置 nginx
[root@localhost conf]# vi nginx.conf
7.1 代理模式
访问http://192.168.1.116:80/apache即为访问http://192.168.1.116:8080/;
访问:http://192.168.1.116:80/First 即为访问 http://192.168.1.116:8080/FirstMavenProject;
访问:http://192.168.1.116:80/Firstmaven 即为访问 http://192.168.1.119:8080/FirstMavenProject;
#user nobody;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
location /apache {
proxy_pass http://192.168.1.116:8080/;
proxy_redirect default;
#proxy_set_header Host $host;
proxy_set_header Host $host:$server_port;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /First{
proxy_pass http://192.168.1.116:8080/FirstMavenProject;
proxy_redirect default;
#proxy_set_header Host $host;
proxy_set_header Host $host:$server_port;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /Firstmaven {
proxy_pass http://192.168.1.119:8080/FirstMavenProject;
proxy_redirect default;
#proxy_set_header Host $host;
proxy_set_header Host $host:$server_port;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
error_page 500 502 503 504 /50x.html;
ocation = /50x.html {
root html;
}
}
}
通过访问
http://139.105.146.63:443/symphony
来访问本机
http://139.105.146.63/symphony
80 端口上的服务
#user nobody;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 443;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
location /symphony {
#proxy_pass http://localhost:80/symphony;
proxy_pass http://139.105.146.63:80/symphony;
proxy_redirect default;
#proxy_set_header Host $host;
proxy_set_header Host $host:$server_port;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
7.2 负载均衡模式
访问 nginx 地址http://192.168.1.116:80/maven/
会有多个服务器承担负载
多个服务器的路径会根据http://mavenProject/FirstMavenProject; 动态生成
根据 mavenProject 获取对应的负载均衡列表
upstream mavenProject{
server 192.168.1.119:8080 weight=1;
server 192.168.1.116:8080 weight=1;
}
#user nobody;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
location /apache {
proxy_pass http://192.168.1.116:8080/;
proxy_redirect default;
#proxy_set_header Host $host;
proxy_set_header Host $host:$server_port;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /First{
proxy_pass http://192.168.1.116:8080/FirstMavenProject;
proxy_redirect default;
#proxy_set_header Host $host;
proxy_set_header Host $host:$server_port;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /Firstmaven {
proxy_pass http://192.168.1.119:8080/FirstMavenProject;
proxy_redirect default;
#proxy_set_header Host $host;
proxy_set_header Host $host:$server_port;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /maven {
proxy_pass http://mavenProject/FirstMavenProject;
proxy_redirect default;
#proxy_set_header Host $host;
proxy_set_header Host $host:$server_port;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
upstream mavenProject{
server 192.168.1.119:8080 weight=1;
server 192.168.1.116:8080 weight=1;
}
}
7.3 通过域名访问
访问
转发到
http://39.105..:80/symphony
#user nobody;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 443;
server_name qiankunpingtai.cn;
location / {
#proxy_pass http://localhost:80/symphony;
proxy_pass http://39.105.146.63:80/symphony;
proxy_redirect default;
#proxy_set_header Host $host;
proxy_set_header Host $host:$server_port;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
7.4 带 ssl 证书访问
通过阿里云购买 ssl 证书需要先登录阿里云。
也可以通过其它渠道购买 ssl 云证书。
下载证书放到服务器上
下载 nginx 对应的
[root@iz2ze70zrtwzm9p0l3p86nz nginx]# pwd
/usr/local/nginx
[root@iz2ze70zrtwzm9p0l3p86nz nginx]# mkdir cert
[root@iz2ze70zrtwzm9p0l3p86nz nginx]# ls
cert client_body_temp conf fastcgi_temp html logs proxy_temp sbin scgi_temp uwsgi_temp
[root@iz2ze70zrtwzm9p0l3p86nz nginx]# cd cert
[root@iz2ze70zrtwzm9p0l3p86nz cert]# ls
[root@iz2ze70zrtwzm9p0l3p86nz cert]# ls
*_qiankunpingtai.cn.key *_qiankunpingtai.cn.pem
#user nobody;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
client_max_body_size 20M;
client_body_buffer_size 128k;
sendfile on;
keepalive_timeout 65;
server {
listen 443 ssl;
server_name qiankunpingtai.cn; # 你的域名
ssl_certificate /usr/local/nginx/cert/*_qiankunpingtai.cn.pem; # 改成你的证书的名字
ssl_certificate_key /usr/local/nginx/cert/*_qiankunpingtai.cn.key; # 你的证书的名字
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location /symphony {
proxy_pass http://localhost:8080/symphony;
proxy_redirect default;
proxy_set_header Host $host:$server_port;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location / {
proxy_pass https://qkpt.top/mnt;
proxy_redirect default;
proxy_set_header Host $host:$server_port;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 80;
server_name qiankunpingtai.cn;// 你的域名
rewrite ^(.*)$ https://$host$1 permanent;// 把http的域名请求转成https
}
}
缓存静态资源
server {
listen 80;
server_name erp.qkpt.top;
location / {
proxy_pass http://localhost:5555/;
proxy_redirect default;
proxy_set_header Host $host:$server_port;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|ttf)$
{
# 这里访问路径结尾不需要/
proxy_pass http://localhost:5555;
expires 30d;
}
location ~ .*\.(js|css)?$
{
# 这里访问路径结尾不需要/
proxy_pass http://localhost:5555;
expires 1h;
}
}
underscores_in_headers 默认为off,会忽略掉自定义的包含下划线的自定义请求头参数,
设置为on时,不忽略自定义的请求头参数,并进行转发