在安装Nginx前,需要确保系统已安装必要的依赖:
# Ubuntu/Debian系统
sudo apt update
sudo apt install -y curl gnupg2 ca-certificates lsb-release debian-archive-keyring
# CentOS/RHEL系统
sudo yum install -y yum-utils
# Ubuntu/Debian
sudo apt install -y nginx
# CentOS/RHEL
sudo yum install -y nginx
# Ubuntu/Debian
echo "deb http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list
curl -fsSL https://nginx.org/keys/nginx_signing.key | sudo apt-key add -
sudo apt update
sudo apt install -y nginx
# CentOS/RHEL
cat > /etc/yum.repos.d/nginx.repo << 'EOF'
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
EOF
sudo yum install -y nginx
# 安装编译依赖
sudo apt install -y build-essential libpcre3 libpcre3-dev zlib1g zlib1g-dev libssl-dev
# 下载源码
wget https://nginx.org/download/nginx-1.25.3.tar.gz
tar -zxvf nginx-1.25.3.tar.gz
cd nginx-1.25.3
# 配置编译选项
./configure \
--prefix=/usr/local/nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--pid-path=/var/run/nginx.pid \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_stub_status_module
# 编译并安装
make && sudo make install
# 启动Nginx
sudo systemctl start nginx
# 停止Nginx
sudo systemctl stop nginx
# 重启Nginx
sudo systemctl restart nginx
# 重新加载配置(不中断服务)
sudo systemctl reload nginx
# 查看Nginx状态
sudo systemctl status nginx
# 设置开机启动
sudo systemctl enable nginx
Nginx主要配置文件通常位于/etc/nginx/nginx.conf,其结构如下:
# 全局块:配置影响nginx全局的指令
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
# events块:配置影响nginx服务器与用户的网络连接
events {
worker_connections 1024;
# 使用epoll模型提高性能(Linux)
use epoll;
}
# http块:配置代理、缓存、日志等绝大多数功能
http {
# 包含MIME类型定义
include /etc/nginx/mime.types;
default_type application/octet-stream;
# 日志格式
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
# 开启高效文件传输模式
sendfile on;
tcp_nopush on;
tcp_nodelay on;
# 连接超时时间
keepalive_timeout 65;
# gzip压缩设置
gzip on;
gzip_min_length 1k;
gzip_comp_level 2;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
# 包含其他配置文件
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
server {
listen 80;
server_name example.com www.example.com;
root /var/www/example.com;
index index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
# 禁止访问.htaccess文件
location ~ /\.ht {
deny all;
}
# 静态资源缓存设置
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
expires 30d;
access_log off;
}
# 错误页面配置
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
}
server {
listen 80;
server_name phpapp.example.com;
root /var/www/phpapp;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# 禁止访问敏感文件
location ~ /(\.|conf|config|env|git|svn) {
deny all;
}
}
server {
listen 80;
server_name proxy.example.com;
location / {
proxy_pass http://localhost:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket支持
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
隐藏Nginx版本信息:
server_tokens off;
限制HTTP方法:
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
return 405;
}
防止点击劫持:
add_header X-Frame-Options "SAMEORIGIN";
启用XSS保护:
add_header X-XSS-Protection "1; mode=block";
内容安全策略:
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.example.com; img-src 'self' https://*.example.com data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com";
调整worker进程数:
worker_processes auto; # 自动设置为CPU核心数
调整连接数:
events {
worker_connections 4096;
multi_accept on;
}
启用Gzip压缩:
gzip on;
gzip_min_length 1k;
gzip_comp_level 5;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
启用缓存:
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=my_cache:10m inactive=60m use_temp_path=off;
server {
location / {
proxy_cache my_cache;
proxy_pass http://backend;
proxy_cache_valid 200 302 10m;
proxy_cache_valid 404 1m;
}
}
检查配置文件语法:
sudo nginx -t
查看错误日志:
tail -f /var/log/nginx/error.log
检查端口占用:
sudo netstat -tulnp | grep :80
检查Nginx进程:
ps aux | grep nginx
检查文件权限:
namei -l /var/www/example.com/index.html
通过以上步骤和配置示例,您应该能够在Linux系统上成功安装和配置Nginx服务器。根据实际需求调整配置参数,以达到最佳性能和安全性。