centos 8.2 安装 nginx 1.19.4

环境

• 阿里云 ECS 服务器：2 核 4 GB
• 100G 云盘
• 5M 带宽
• 服务器操作系统 CentOS 8.2

uname -a
Linux refusea 4.18.0-193.14.2.el8_2.x86_64 #1 SMP Sun Jul 26 03:54:29 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

lsb_release -a
LSB Version:    :core-4.1-amd64:core-4.1-noarch
Distributor ID: CentOS
Description:    CentOS Linux release 8.2.2004 (Core)
Release:    8.2.2004
Codename:   Core

下载 nginx

wget http://nginx.org/download/nginx-1.19.4.tar.gz

创建用户

groupadd nginx
useradd nginx -g nginx -s /sbin/nologin -M

安装依赖

yum -y install pcre-devel
yum -y install openssl-devel
yum -y install gd gd-devel

解压缩后配置安装

./configure \
--prefix=/data/nginx \
--error-log-path=/data/logs/nginx/error.log \
--http-log-path=/data/logs/nginx/access.log \
--user=nginx \
--group=nginx \
--with-http_ssl_module \
--with-http_flv_module \
--with-http_stub_status_module \
--with-http_gzip_static_module \
--with-file-aio \
--with-http_image_filter_module

make
make install

配置 nginx.conf

user nginx nginx;
worker_processes 4;
worker_cpu_affinity 01 10 01 10;

error_log /data/logs/nginx/nginx_error.log crit;

# worker 最多打开文件数
worker_rlimit_nofile 10000;

events {
    use epoll;
    worker_connections 4096;
}

http {
    include mime.types;
    default_type application/octet-stream;
    underscores_in_headers on;
    access_log off;
    error_log off;
    charset  utf-8;
    server_names_hash_bucket_size 128;
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;

    log_format main '$time_iso8601 $status $connection $connection_requests    $remote_addr    $http_x_forwarded_for   $remote_user    $request_length $request_time   $request_method $server_protocol    $http_host  $server_port    $uri    $args   $http_referer   $body_bytes_sent    $http_user_agent    $ssl_protocol   $ssl_cipher $upstream_addr  $upstream_status    $upstream_response_time';

    keepalive_timeout 60;
    client_header_timeout 1m;    
    client_body_timeout 1m;    
    client_max_body_size 10m;

    connection_pool_size 256;
    client_header_buffer_size 64k;
    large_client_header_buffers 4 64k;
    request_pool_size 64k;
    output_buffers 4 64k;
    postpone_output 1460;
    client_body_buffer_size 256k;

    fastcgi_buffer_size 256k;
    fastcgi_buffers 8 256k;
    fastcgi_busy_buffers_size 256k;
    fastcgi_temp_file_write_size 256k;

    include vhosts/*.conf;

    # 隐藏nginx版本信息
    server_tokens off;

    # 禁用空主机头访问
    server {
        listen 80 default;
        return 403;
    }
}

虚拟主机 refusea.com 及 https 配置

在 conf 目录下创建 2 个子目录

mkdir cert
mkdir vhosts

将证书及私钥文件复制到 cert 目录，并在 vhosts 目录下编辑虚拟主机配置文件 refusea.conf

server {
    listen 80;
    server_name refusea.com www.refusea.com;
    rewrite ^(.*)$ https://$host$1 permanent;
    access_log /data/logs/nginx/refusea_access.log main;
}

# 以下属性中以ssl开头的属性代表与证书配置有关，其他属性请根据自己的需要进行配置。
server {

        listen 443 ssl;
        server_name refusea.com www.refusea.com;

        ssl_certificate cert/refusea.com.pem;
        ssl_certificate_key cert/refusea.com.key;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #使用此加密套件。
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #使用该协议进行配置。
        ssl_prefer_server_ciphers on;

        access_log /data/logs/nginx/refusea_ssl_access.log main;

        location ~* .*\.svn.* {
            return 404;
        }

        location / {
            root /var/www/wordpress;
            index index.php index.html index.htm;
        }

        location ~ \.php$ {
            # 注意这里，也要把root加进去
            root /var/www/wordpress;
            fastcgi_pass unix:/run/php-fpm/www.sock;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
        }
}