Nginx01-安装篇

RHEL/CentOS

Yum安装方式

安装依赖

sudo yum install yum-utils

sudo yum -y install gcc zlib zlib-devel pcre-devel openssl openssl-devel

配置Nginx官方Yum源

创建yum repository文件，/etc/yum.repos.d/nginx.repo，使用vim编辑器插入如下内容

[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

激活新增的yum源

sudo yum-config-manager --enable nginx-mainline

Loaded plugins: fastestmirror
======================= repo: nginx-mainline ================================
[nginx-mainline]
async = True
bandwidth = 0
base_persistdir = /var/lib/yum/repos/x86_64/7
baseurl = http://nginx.org/packages/mainline/centos/7/x86_64/
cache = 0
cachedir = /var/cache/yum/x86_64/7/nginx-mainline
check_config_file_age = True
compare_providers_priority = 80
cost = 1000
deltarpm_metadata_percentage = 100
deltarpm_percentage = 
enabled = 1
enablegroups = True
exclude = 
failovermethod = priority
ftp_disable_epsv = False
gpgcadir = /var/lib/yum/repos/x86_64/7/nginx-mainline/gpgcadir
gpgcakey = 
gpgcheck = True
gpgdir = /var/lib/yum/repos/x86_64/7/nginx-mainline/gpgdir
gpgkey = https://nginx.org/keys/nginx_signing.key
hdrdir = /var/cache/yum/x86_64/7/nginx-mainline/headers
http_caching = all
includepkgs = 
ip_resolve = 
keepalive = True
keepcache = False
mddownloadpolicy = sqlite
mdpolicy = group:small
mediaid = 
metadata_expire = 21600
metadata_expire_filter = read-only:present
metalink = 
minrate = 0
mirrorlist = 
mirrorlist_expire = 86400
name = nginx mainline repo
old_base_cache_dir = 
password = 
persistdir = /var/lib/yum/repos/x86_64/7/nginx-mainline
pkgdir = /var/cache/yum/x86_64/7/nginx-mainline/packages
proxy = False
proxy_dict = 
proxy_password = 
proxy_username = 
repo_gpgcheck = False
retries = 10
skip_if_unavailable = False
ssl_check_cert_permissions = True
sslcacert = 
sslclientcert = 
sslclientkey = 
sslverify = True
throttle = 0
timeout = 30.0
ui_id = nginx-mainline/7/x86_64
ui_repoid_vars = releasever,
   basearch
username =

使用yum命令安装nginx

sudo yum install nginx

Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
nginx-mainline                                                                                                                  | 2.9 kB  00:00:00     
nginx-stable                                                                                                                    | 2.9 kB  00:00:00     
nginx-mainline/7/x86_64/primary_db                                                                                              | 160 kB  00:00:02     
Resolving Dependencies
--> Running transaction check
---> Package nginx.x86_64 1:1.12.2-2.el7 will be updated
---> Package nginx.x86_64 1:1.17.6-1.el7.ngx will be an update
--> Finished Dependency Resolution

Dependencies Resolved

==================================================================================
 Package     Arch        Version              Repository                    Size
==================================================================================
Updating:
 nginx       x86_64      1:1.17.6-1.el7.ngx   nginx-mainline                770 k
 
Transaction Summary
==================================================================================
Upgrade  1 Package

Total download size: 770 k
Is this ok [y/d/N]: y
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
warning: /var/cache/yum/x86_64/7/nginx-mainline/packages/nginx-1.17.6-1.el7.ngx.x86_64.rpm: Header V4 RSA/SHA1 Signature, key ID 7bd9bf62: NOKEY03 ETA 
Public key for nginx-1.17.6-1.el7.ngx.x86_64.rpm is not installed
nginx-1.17.6-1.el7.ngx.x86_64.rpm                                                                                               | 770 kB  00:00:02     
Retrieving key from https://nginx.org/keys/nginx_signing.key
Importing GPG key 0x7BD9BF62:
 Userid     : "nginx signing key <signing-key@nginx.com>"
 Fingerprint: 573b fd6b 3d8f bc64 1079 a6ab abf5 bd82 7bd9 bf62
 From       : https://nginx.org/keys/nginx_signing.key
Is this ok [y/N]: y
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : 1:nginx-1.17.6-1.el7.ngx.x86_64                                                                                                     1/2 
warning: /etc/nginx/nginx.conf created as /etc/nginx/nginx.conf.rpmnew
  Cleanup    : 1:nginx-1.12.2-2.el7.x86_64                                                                                                         2/2 
  Verifying  : 1:nginx-1.17.6-1.el7.ngx.x86_64                                                                                                     1/2 
  Verifying  : 1:nginx-1.12.2-2.el7.x86_64                                                                                                         2/2 

Updated:
  nginx.x86_64 1:1.17.6-1.el7.ngx                                                                                                                      

Complete!

启动Nginx并配置Linux开机自启动

sudo systemctl start nginx.service
sudo systemctl enable nginx.service

查看Nginx运行状态

sudo systemctl status nginx.service

sudo systemctl status nginx.service

● nginx.service - nginx - high performance web server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)
   Active: active (running) since Mon 2019-12-02 14:31:27 CST; 4s ago
     Docs: http://nginx.org/en/docs/
  Process: 8959 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf (code=exited, status=0/SUCCESS)
 Main PID: 8960 (nginx)
   CGroup: /system.slice/nginx.service
           ├─8960 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
           └─8961 nginx: worker process

Dec 02 14:31:27 iz2ze17v57iioo4pdkby0yz systemd[1]: Starting nginx - high performance web server...
Dec 02 14:31:27 iz2ze17v57iioo4pdkby0yz systemd[1]: PID file /var/run/nginx.pid not readable (yet?) after start.
Dec 02 14:31:27 iz2ze17v57iioo4pdkby0yz systemd[1]: Started nginx - high performance web server.

查看Nginx监听状态

sudo netstat -ntlp

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address   Foreign Address  State   PID/Program name    
tcp        0      0 0.0.0.0:8848    0.0.0.0:*        LISTEN  8960/nginx: master  
tcp        0      0 0.0.0.0:80      0.0.0.0:*        LISTEN  8960/nginx: master  
tcp        0      0 0.0.0.0:8000    0.0.0.0:*        LISTEN  8960/nginx: master  
tcp6       0      0 :::80           :::*             LISTEN  8960/nginx: master

Error01

启动nginx时，启动失败，报如下错误

nginx: [emerg] module "/usr/lib64/nginx/modules/ngx_http_geoip_module.so" version 1012002 instead of 1014000 in /usr/share/nginx/modules/mod-http-geoip.conf:1

这个原因是因为以前nginx modules 和现在官方的modules 不匹配需要我们先将旧的modules 卸载安装新版官方的modules，使用下面的命令卸载不匹配Modules，重新安装新版Modules

sudo yum remove nginx-mod*
sudo yum install nginx-module-*

Nginx官方安装文档链接

Installation on Linux RHEL/CentOS

编译安装

安装依赖

Yum方式安装依赖

sudo yum -y install gcc gcc-c++
sudo yum -y install zlib zlib-devel openssl openssl-devel pcre-devel
 
gcc gcc-c++编译环境
gzip    模块需要 zlib 库
rewrite 模块需要 pcre 库
ssl     功能需要openssl库

源码包编译安装依赖

因为有的Nginx版本需要指定特定版本的Pcre、zlib和OpenSSL版本，例如我们的OpenResry 就需要特定的Pcre版本才能实现最新的功能，nginx 需要依赖3个库，分别是：PCRE, zlib and OpenSSL，接下来我们从源码进行安装：

• 安装Pcre

  # 指定安装目录，可随意指定，一般源码包均放置在这个目录
  $ cd /usr/local/src/
  
  # PCRE version 8.43
  $ sudo wget https://ftp.pcre.org/pub/pcre/pcre-8.43.tar.gz && sudo tar xzvf pcre-8.43.tar.gz
  $ cd pcre-8.43
  $ ./configure
  $ make
  $ make install

• 安装zlib

  # zlib version 1.2.11
  $ sudo wget https://www.zlib.net/zlib-1.2.11.tar.gz && sudo tar xzvf zlib-1.2.11.tar.gz
  $ cd zlib-1.2.11
  $ ./configure
  $ make
  $ make install

• 安装OpenSSL

  • 下载安装

    # OpenSSL version openssl-1.0.2t
    $ sudo wget https://www.openssl.org/source/	openssl-1.0.2t.tar.gz  && sudo tar xzvf openssl-1.0.2t.tar.gz
    $ cd openssl-1.0.2t/
    $ ./config --prefix=/usr/local/openssl-1.0.2t
    $ make && make install

  • 检查安装结果

    $ cd /usr/local/openssl-1.0.2t/
    $ ldd bin/openssl
      linux-vdso.so.1 =>  (0x00007ffc30ef0000)
      libssl.so.1.1 => not found
      libcrypto.so.1.1 => not found
      libdl.so.2 => /lib64/libdl.so.2 (0x00007f3d29a58000)
      libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f3d2983c000)
      libc.so.6 => /lib64/libc.so.6 (0x00007f3d2946f000)
      /lib64/ld-linux-x86-64.so.2 (0x00007f3d29c5c000)

    这里执行检查命令后，发现确实两个lib依赖库，可以执行version命令尝试一下是否可以正常使用，如果不能正常使用尝试进行修复

• 执行version命令检测是否正常

  $ ./bin/openssl version 
    ./bin/openssl: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory

  Good，果然不能正常使用，修复呼，只要在依赖库的配置文件中声明咱们OpenSSL的lib库文件位置即可。即，OpenSSL在编译安装时自带了其依赖的库文件，默认系统会到/usr/lib、/usr/lib64下寻找所有的库文件，系统中默认是没有上述两个库的，需要将OpenSSL自带的库加入到系统环境。

• 修复问题

  $ echo "/usr/local/openssl-1.0.2t/lib/" >> /etc/ld.so.conf
  $ ldconfig -v

• 再次执行vesion命令检测是否正常

  $ ./bin/openssl version
     OpenSSL 1.0.2t  10 Sep 2019

• 替换原有OpenSSL

  $ openssl version
    OpenSSL 1.0.2k-fips  26 Jan 2017
  $ which openssl
      /usr/bin/openssl
  $ mv /usr/bin/openssl /usr/bin/openssl.old
  $ ln -s /usr/local/openssl-1.0.2t/bin/openssl /usr/bin/openssl
  $ openssl version
    OpenSSL 1.0.2t  10 Sep 2019

编译安装Nginx

下载安装包

$ cd /usr/local/src/
$ sudo wget http://nginx.org/download/nginx-1.14.2.tar.gz && sudo tar zxvf nginx-1.14.2.tar.gz

编译安装

# 创建nginx用户
$ sudo useradd nginx -s /sbin/nologin
# 编译安装
cd /usr/local/src/nginx-1.14.2
./configure --user=nginx \
            --group=nginx \
            --prefix=/etc/nginx \
            --conf-path=/etc/nginx/nginx.conf \
            --error-log-path=/var/log/nginx/error.log \
            --pid-path=/var/run/nginx.pid \
            --lock-path=/var/run/nginx.lock \
            --with-http_stub_status_module \
            --with-http_ssl_module \
            --with-http_realip_module \
            --with-http_gzip_static_module \
            --with-http_geoip_module=dynamic \
# 如果你采用的源码包安装的pcre、zlib和openssl，那么请指定你的pcre、zlib和openssl的安装目录
            --with-pcre= /usr/local/pcre-8.43 \
            --with-zlib= /usr/local/zlib-1.2.11 \
            --with-openssl= /usr/local/openssl-1.0.2t/
            
# 查看是否配置成功（$? 是显示最后命令的退出状态，0表示没有错误，其他表示有错误）
$ sudo echo $?
0

# 编译安装
$ make && make install
# 以下为安装成功的显示结果反馈
Configuration summary
  + using system PCRE library
  + using system OpenSSL library
  + using system zlib library
 
  nginx path prefix: "/usr/local/nginx"
  nginx binary file: "/usr/local/nginx/sbin/nginx"
  nginx modules path: "/usr/local/nginx/modules"
  nginx configuration prefix: "/usr/local/nginx/conf"
  nginx configuration file: "/usr/local/nginx/conf/nginx.conf"
  nginx pid file: "/usr/local/nginx/logs/nginx.pid"
  nginx error log file: "/usr/local/nginx/logs/error.log"
  nginx http access log file: "/usr/local/nginx/logs/access.log"
  nginx http client request body temporary files: "client_body_temp"
  nginx http proxy temporary files: "proxy_temp"
  nginx http fastcgi temporary files: "fastcgi_temp"
  nginx http uwsgi temporary files: "uwsgi_temp"
  nginx http scgi temporary files: "scgi_temp
$ echo $?
0

# 查看nginx版本号
$ /usr/local/nginx/sbin/nginx -v
nginx version: nginx/1.14.2

# 检查配置文件语法是否正确
$ /usr/sbin/nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

# 启动Nginx
$ /usr/sbin/nginx
/usr/sbin/nginx -s reload                 重新载入配置文件
/usr/sbin/nginx -s stop                   快速关闭 Nginx
/usr/sbin/nginx -s quit                   关闭Nginx

# 启动脚本服务化
$ vim /usr/lib/systemd/system/nginx.service
 
[Unit]
Description=The nginx HTTP and reverse proxy server
After=syslog.target network.target remote-fs.target nss-lookup.target
 
[Service]
Type=forking
PIDFile=/var/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t
ExecStart=/usr/sbin/nginx
ExecReload=/bin/kill -s HUP /var/run/nginx.pid
ExecStop=/bin/kill -s QUIT /var/run/nginx.pid
PrivateTmp=true
 
[Install]
WantedBy=multi-user.target

# 加入开机自启动并启动Nginx
$ systemctl enable nginx.service
$ systemctl restart nginx.service

# 设置Firewalld防火墙
$ firewall-cmd --zone=public --add-port=80/tcp --permanent
$ firewall-cmd --reload

# 查看Nginx是否启动成功
$ ss -ntlp | grep nginx
tcp   0    0 0.0.0.0:80    0.0.0.0:*        LISTEN      44202/nginx: master

编译安装参数

--prefix=/etc/nginx \
--sbin-path=/usr/sbin/nginx \
--modules-path=/usr/lib64/nginx/modules \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--user=nginx \
--group=nginx \
--build=CentOS \
--builddir=nginx-1.14.2 \
--with-select_module \
--with-poll_module \
--with-threads \
--with-file-aio \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_xslt_module=dynamic \
--with-http_image_filter_module=dynamic \
--with-http_geoip_module=dynamic \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_auth_request_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_degradation_module \
--with-http_slice_module \
--with-http_stub_status_module \
--http-log-path=/var/log/nginx/access.log \
--http-client-body-temp-path=/var/cache/nginx/client_temp \
--http-proxy-temp-path=/var/cache/nginx/proxy_temp \
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
--http-scgi-temp-path=/var/cache/nginx/scgi_temp \
--with-mail=dynamic \
--with-mail_ssl_module \
--with-stream=dynamic \
--with-stream_ssl_module \
--with-stream_realip_module \
--with-stream_geoip_module=dynamic \
--with-stream_ssl_preread_module \
--with-compat \
--with-pcre=../pcre-8.40 \
--with-pcre-jit \
--with-zlib=../zlib-1.2.11 \
--with-openssl=../openssl-1.1.0h \
--with-openssl-opt=no-nextprotoneg \
--with-debug