极速搭建Nginx文件服务器攻略
目录
下载及安装
源码编译安装
centos7.8 安装
centos7.8 安装
# 出现如下报错:
the HTTP rewrite module requires the PCRE library
# 解决方法
yum install pcre pcre-devel
# 日志
checking for uintptr_t ... uintptr_t found
checking for system byte ordering ... little endian
checking for size_t size ... 8 bytes
checking for off_t size ... 8 bytes
checking for time_t size ... 8 bytes
checking for AF_INET6 ... found
checking for setproctitle() ... not found
checking for pread() ... found
checking for pwrite() ... found
checking for pwritev() ... found
checking for strerrordesc_np() ... not found
checking for sys_nerr ... found
checking for localtime_r() ... found
checking for clock_gettime(CLOCK_MONOTONIC) ... found
checking for posix_memalign() ... found
checking for memalign() ... found
checking for mmap(MAP_ANON|MAP_SHARED) ... found
checking for mmap("/dev/zero", MAP_SHARED) ... found
checking for System V shared memory ... found
checking for POSIX semaphores ... not found
checking for POSIX semaphores in libpthread ... found
checking for struct msghdr.msg_control ... found
checking for ioctl(FIONBIO) ... found
checking for ioctl(FIONREAD) ... found
checking for struct tm.tm_gmtoff ... found
checking for struct dirent.d_namlen ... not found
checking for struct dirent.d_type ... found
checking for sysconf(_SC_NPROCESSORS_ONLN) ... found
checking for sysconf(_SC_LEVEL1_DCACHE_LINESIZE) ... found
checking for openat(), fstatat() ... found
checking for getaddrinfo() ... found
checking for PCRE2 library ... not found
checking for PCRE library ... found
checking for PCRE JIT support ... found
checking for zlib library ... found
creating objs/Makefile
Configuration summary
+ using system PCRE library
+ OpenSSL library is not used
+ using system zlib library
nginx path prefix: "/usr/sysinstallFile/nginx_home"
nginx binary file: "/usr/sysinstallFile/nginx_home/sbin/nginx"
nginx modules path: "/usr/sysinstallFile/nginx_home/modules"
nginx configuration prefix: "/usr/sysinstallFile/nginx_home/conf"
nginx configuration file: "/usr/sysinstallFile/nginx_home/conf/nginx.conf"
nginx pid file: "/usr/sysinstallFile/nginx_home/logs/nginx.pid"
nginx error log file: "/usr/sysinstallFile/nginx_home/logs/error.log"
nginx http access log file: "/usr/sysinstallFile/nginx_home/logs/access.log"
nginx http client request body temporary files: "client_body_temp"
nginx http proxy temporary files: "proxy_temp"
nginx http fastcgi temporary files: "fastcgi_temp"
nginx http uwsgi temporary files: "uwsgi_temp"
nginx http scgi temporary files: "scgi_temp"
[root@chongqing nginx-1.26.1]#
本地系统安装搭建
Nginx 安装包一般都存在于系统镜像中,直接挂本地源安装即可;
# Nginx 的默认根目录为
/usr/share/nginx/html
# 默认主配置文件为
/etc/nginx/nginx.conf
配置文件有效示例如下
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
# nginx 进程数
worker_processes 16;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 16;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 600;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
# 显示目录
autoindex on;
# 显示文件大小; # 关闭计算文件确切大小(单位bytes),只显示大概大小(单位kb、mb、gb)
autoindex_exact_size off;
# 显示文件时间
autoindex_localtime on;
# 避免中文乱码;
charset utf-8;
server {
listen 80;
server_name localhost;
# 本地文件路径;
root /var/www/html;
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
注意
报 403 forbien 时 , 可能是 nginx 后台进程不是 nginx , 或者 是文件的权限不足, 至少655
配置 nginx 本地认证
# 添加如下两行配置
auth_basic "admin";
auth_basic_user_file /etc/nginx/.passwd.db
# 可以是针对全局的 ---------放在 server 空间外
# 也可以是针对某一个区域的----------- 放在 location 空间内
# 创建秘钥文件
htpasswd -c <秘钥文件名> <用户名>
参考文档
问题百宝箱
在 selinux 开启时, 访问显示 403 Forbiden
# 原因
因为上下文的配置,导致不具备访问该目录文件的权限;
# 解决方法
# 方法 001 ---- 直接设置
chcon -R -t httpd_sys_content_t /data/html
# 方法 002 ---- 参考设置
chcon -R --reference=/var/www/html /data/html
# 方法 003 ---- 永久性设置 -- 更新配置文件的方式
semanage fcontext -a -t httpd_sys_content_t "/data(/.*)?" # 添加
semanage fcontext -d -t httpd_sys_content_t "/data(/.*)?" # 删除
-- 注意: 该方法需重启机器或执行如下命令 reload
restorecon -FRv /data/
--------------
Security-Enhanced Linux (SELinux) Notes:
Turn the samba_domain_controller Boolean on to allow a Samba PDC to use the
useradd and groupadd family of binaries. Run the following command as the
root user to turn this Boolean on:
setsebool -P samba_domain_controller on
Turn the samba_enable_home_dirs Boolean on if you want to share home
directories via Samba. Run the following command as the root user to turn this
Boolean on:
setsebool -P samba_enable_home_dirs on
If you create a new directory, such as a new top-level directory, label it
with samba_share_t so that SELinux allows Samba to read and write to it. Do
not label system directories, such as /etc/ and /home/, with samba_share_t, as
such directories should already have an SELinux label.
Run the "ls -ldZ /path/to/directory" command to view the current SELinux
label for a given directory.
Set SELinux labels only on files and directories you have created. Use the
chcon command to temporarily change a label:
chcon -t samba_share_t /path/to/directory
Changes made via chcon are lost when the file system is relabeled or commands
such as restorecon are run.
Use the samba_export_all_ro or samba_export_all_rw Boolean to share system
directories. To share such directories and only allow read-only permissions:
setsebool -P samba_export_all_ro on
To share such directories and allow read and write permissions:
setsebool -P samba_export_all_rw on
To run scripts (preexec/root prexec/print command/...), copy them to the
/var/lib/samba/scripts/ directory so that SELinux will allow smbd to run them.
Note that if you move the scripts to /var/lib/samba/scripts/, they retain
their existing SELinux labels, which may be labels that SELinux does not allow
smbd to run. Copying the scripts will result in the correct SELinux labels.
Run the "restorecon -R -v /var/lib/samba/scripts" command as the root user to
apply the correct SELinux labels to these files.
在做网络 Yum 源时,显示无法下载 repomd.xml 文件
# 原因
因为上下文的配置,导致不具备访问该类型文件的权限;,可能是 selinux 未关闭的问题
# 解决方法
cd 到 xml 文件所在目录
ausearch -c 'nginx' --raw | audit2allow -M my-nginx
semodule -i my-nginx.pp
利用 Docker 容器搭建 Nginx 文件服务器
# 1. 下拉 nginx 官方镜像 -- debian 12
docker pull nginx
# 2. 创建 容器; 命令如下:
#!/bin/bash echo "创建nginx容器" docker run \ -p 80:80 \ --name nginx_debian_12 \ -v /shiwei/dock-home/nginx.conf:/etc/nginx/nginx.conf \ -v /shiwei/dock-home/log:/var/log/nginx \ -v /shiwei/dock-home/html:/usr/share/nginx/html \ -v /shiwei/dock-home/sources.list:/etc/apt/sources.list \ -d nginx #-v /shiwei/dock-home/conf/nginx.conf:/etc/nginx/nginx.conf \ #-v /shiwei/dock-home/conf/conf.d:/etc/nginx/conf.d \
debian 12 的 apt 仓库配置如下
deb https://mirrors.aliyun.com/debian/ bookworm main non-free non-free-firmware contrib deb-src https://mirrors.aliyun.com/debian/ bookworm main non-free non-free-firmware contrib deb https://mirrors.aliyun.com/debian-security/ bookworm-security main deb-src https://mirrors.aliyun.com/debian-security/ bookworm-security main deb https://mirrors.aliyun.com/debian/ bookworm-updates main non-free non-free-firmware contrib deb-src https://mirrors.aliyun.com/debian/ bookworm-updates main non-free non-free-firmware contrib deb https://mirrors.aliyun.com/debian/ bookworm-backports main non-free non-free-firmware contrib deb-src https://mirrors.aliyun.com/debian/ bookworm-backports main non-free non-free-firmware contrib
在容器内执行如下命令
apt install iputils-ping # 可选
apt install iproute2 # 可选
apt install iptables # 可选
apt install ufw # 可选
systemctl start nginx
/etc/init.d/nginx status
其他
# 在宿主机内获取 docker 容器的 ip
docker inspect nginx_debian_12 | jq .[0].NetworkSettings.IPAddress | xargs
# 将容器中的nginx.conf文件以及conf.d文件夹复制到刚创建的目录中
# 生成容器 docker run --name nginx -p 9001:80 -d nginx # 将容器nginx.conf文件复制到宿主机 docker cp nginx:/etc/nginx/nginx.conf /home/nginx/conf/nginx.conf # 将容器conf.d文件夹下内容复制到宿主机 docker cp nginx:/etc/nginx/conf.d /home/nginx/conf/conf.d # 将容器中的html文件夹复制到宿主机 docker cp nginx:/usr/share/nginx/html /home/nginx/