在开始安装Nginx前,请确保系统已安装必要的编译工具和依赖库:
# CentOS/RHEL系统
yum -y install gcc gcc-c++ make automake autoconf libtool pcre pcre-devel zlib zlib-devel openssl openssl-devel
# Ubuntu/Debian系统
apt-get -y install gcc g++ make automake autoconf libtool pkg-config libpcre3 libpcre3-dev zlib1g-dev libssl-dev
cd /usr/local/src
wget http://nginx.org/download/nginx-1.25.3.tar.gz
tar zxvf nginx-1.25.3.tar.gz
cd nginx-1.25.3
注意:版本号请替换为最新的稳定版本
./configure \
--prefix=/usr/local/nginx \
--user=www \
--group=www \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_stub_status_module \
--with-http_gzip_static_module \
--with-pcre \
--with-stream \
--with-stream_ssl_module
常用编译选项说明:
- --prefix:指定安装目录
- --user/--group:指定运行用户和组
- --with-http_ssl_module:启用SSL支持
- --with-http_v2_module:启用HTTP/2支持
- --with-http_stub_status_module:启用状态监控模块
make && make install
创建systemd服务文件/usr/lib/systemd/system/nginx.service:
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
然后执行:
systemctl daemon-reload
systemctl enable nginx
systemctl start nginx
主配置文件位于/usr/local/nginx/conf/nginx.conf,基本配置如下:
user www www;
worker_processes auto;
error_log /usr/local/nginx/logs/error.log warn;
pid /usr/local/nginx/logs/nginx.pid;
events {
worker_connections 1024;
use epoll;
multi_accept on;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /usr/local/nginx/logs/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
server_tokens off;
gzip on;
gzip_min_length 1k;
gzip_comp_level 2;
gzip_types text/plain text/css text/xml text/javascript application/json application/javascript application/x-javascript application/xml;
gzip_vary on;
include /usr/local/nginx/conf/vhost/*.conf;
}
创建虚拟主机目录并添加一个示例配置:
mkdir -p /usr/local/nginx/conf/vhost
示例虚拟主机配置/usr/local/nginx/conf/vhost/example.com.conf:
server {
listen 80;
server_name example.com www.example.com;
access_log /usr/local/nginx/logs/example.com.access.log main;
error_log /usr/local/nginx/logs/example.com.error.log;
root /data/www/example.com;
index index.html index.htm index.php;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
# 测试配置文件
/usr/local/nginx/sbin/nginx -t
# 启动Nginx
/usr/local/nginx/sbin/nginx
# 停止Nginx
/usr/local/nginx/sbin/nginx -s stop
# 平滑重启
/usr/local/nginx/sbin/nginx -s reload
# 查看版本信息
/usr/local/nginx/sbin/nginx -V
隐藏Nginx版本信息:
server_tokens off;
限制HTTP请求方法:
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
return 444;
}
防止图片盗链:
location ~* \.(jpg|jpeg|png|gif)$ {
valid_referers none blocked example.com *.example.com;
if ($invalid_referer) {
return 403;
}
}
设置文件上传大小限制:
client_max_body_size 20m;
配置SSL证书(推荐使用Let's Encrypt免费证书)
通过以上步骤,您已经成功编译安装了Nginx并进行了基本配置。接下来可以继续安装MySQL和PHP完成LNMP环境的搭建。