nginx练习
1、编译安装LNMP,配置自定义404页面,配置访问日志为json格式。
编译准备工作
编译安装
配置404页面
配置日志格式为json
验证
时间仓促,有待完善
1 #!/bin/bash 2 3 # 准备编译安装的基础环境 4 yum install -y vim lrzsz tree screen psmisc lsof tcpdump wget ntpdate gcc gcc-c++ glibc glibc-devel pcre pcre-devel openssl openssl-devel systemd-devel net-tools iotop bc zip unzip zlib-devel bash-completion nfs-utils automake libxml2 libxml2-devel libxslt libxslt-devel perl perl-ExtUtils-Embed 5 6 # 下载编译用的源码包 7 cd /usr/local/src 8 wget https://nginx.org/download/nginx-1.17.10.tar.gz 9 tar xf nginx-1.17.10.tar.gz 10 cd nginx-1.17.10 11 12 # 编译安装nginx 13 ./configure --prefix=/apps/nginx \ 14 --user=nginx \ 15 --group=nginx \ 16 --with-http_ssl_module \ 17 --with-http_v2_module \ 18 --with-http_realip_module \ 19 --with-http_stub_status_module \ 20 --with-http_gzip_static_module \ 21 --with-pcre \ 22 --with-stream \ 23 --with-stream_ssl_module \ 24 --with-stream_realip_module 25 make && make install 26 useradd nginx -s /sbin/nologin -u 2000 27 chown nginx.nginx -R /apps/nginx 28 29 # 配置nginx服务,并设置开机自启动 30 echo '[Unit] 31 Description=The nginx HTTP and reverse proxy server 32 After=network.target remote-fs.target nss-lookup.target 33 [Service] 34 Type=forking 35 PIDFile=/apps/nginx/logs/nginx.pid 36 # Nginx will fail to start if /run/nginx.pid already exists but has the wrong 37 # SELinux context. This might happen when running `nginx -t` from the cmdline. 38 # https://bugzilla.redhat.com/show_bug.cgi?id=1268621 39 ExecStartPre=/usr/bin/rm -f /apps/nginx/logs/nginx.pid 40 ExecStartPre=/apps/nginx/sbin/nginx -t 41 ExecStart=/apps/nginx/sbin/nginx 42 ExecReload=/bin/kill -s HUP $MAINPID 43 #KillSignal=SIGQUIT 44 #TimeoutStopSec=5 45 KillMode=process 46 PrivateTmp=true 47 [Install] 48 WantedBy=multi-user.target ' > /usr/lib/systemd/system/nginx.service 49 systemctl daemon-reload 50 systemctl start nginx 51 systemctl enable nginx 52 53 # 检查nginx服务运行状态,并访问nginx测试页面 54 systemctl status nginx 55 curl http://127.0.0.1 56 57 # 设置404错误页面 58 sed -i 's/500 502 503 504/500 502 503 504 404/' /apps/nginx/conf/nginx.conf 59 60 # 重启nginx服务 61 systemctl start nginx 62 63 # 验证404错误页设置成功 64 curl http://127.0.0.1/notfile 65 66 # 设置日志格式为json 67 # 在http配置中添加 access_json 日志模板,并应用该日志模板 68 69 #http { 70 # log_format access_json '{"@timestamp":"$time_iso8601","host":"$server_addr","clientip":"$remote_addr","size":$body_bytes_sent,"responsetime":$request_time,"upstreamtime":"$upstream_response_time","upstreamhost":"$upstream_addr","http_host":"$host","uri":"$uri","domain":"$host","xff":"$http_x_forwarded_for","referer":"$http_referer","tcp_xff":"$proxy_protocol_addr","http_user_agent":"$http_user_agent","status":"$status"}'; 71 # access_log logs/access_json.log access_json; 72 # ... 73 #} 74 75 # 重启nginx服务 76 systemctl start nginx 77 78 # 验证日志格式 79 cat /apps/nginx/logs/access_json.log 80 81 # 切换到nginx配置目录 82 cd /apps/nginx/conf 83 84 # 自签名CA证书,一路回车,所有问题均采用默认值 85 openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 3650 -out ca.crt 86 87 # 自制key和csr文件,一路回车,所有问题均采用默认值 88 openssl req -newkey rsa:4096 -nodes -sha256 -keyout nginx.key -out nginx.csr 89 90 # 签发证书,hostname设置为 www.linux10.com ,其他都是用默认值 91 openssl x509 -req -days 3650 -in nginx.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out nginx.crt 92 93 # 查看证书 94 openssl x509 -in nginx.crt -noout -text 95 96 # 配置https,nginx.conf 配置文件末尾的HTTPS server部分取消注释,修改证书和key对应的文件路,设置server_name同证书中的hostname 97 98 # HTTPS server 99 # 100 #server { 101 # listen 443 ssl; 102 # server_name www.linux10.com; 103 104 # ssl_certificate nginx.crt; 105 # ssl_certificate_key nginx.key; 106 107 # ssl_session_cache shared:SSL:1m; 108 # ssl_session_timeout 5m; 109 110 # ssl_ciphers HIGH:!aNULL:!MD5; 111 # ssl_prefer_server_ciphers on; 112 113 # location / { 114 # root html; 115 # index index.html index.htm; 116 # } 117 #} 118 119 # 重启nginx,使https server生效 120 systemctl restart nginx 121 122 # 配置域名解析 123 echo '127.0.0.1 www.linux10.com' >> /etc/hosts 124 125 # 验证https配置,因为CA是自签发的,所以验证的时候要指定一下ca的证书路径 126 curl --cacert /apps/nginx/conf/ca.crt https://www.linux10.com
