静态资源服务器Nginx 搭建

1. 安装依赖

#pcre: 用来作地址重写的功能。
#zlib：nginx 的gzip模块,传输数据打包，省流量（但消耗资源）。
#openssl：提供ssl加密协议。

yum -y install gcc gcc-c++ autoconf automake
yum -y install zlib zlib-devel openssl openssl-devel pcre-devel

1. 下载解压转移

// 个人习惯放到这个目录
cd  /usr/local/src
// 下载的最新版
wget http://nginx.org/download/nginx-1.9.4.tar.gz
tar -zxvf nginx-1.9.4.tar.gz
mv nginx-1.9.4 /usr/local/nginx

1. 建立一个用户

groupadd www
useradd -s /sbin/nologin -g www www

1. 配置、编译、安装

   ./configure --prefix=/usr/local/nginx \
   --user=www \
   --group=www \
   --with-mail \
   --with-mail_ssl_module \
   --with-http_ssl_module \
   --with-http_flv_module \
   --with-http_dav_module \
   --with-http_sub_module \
   --with-http_spdy_module \
   --with-http_realip_module \
   --with-http_addition_module \
   --with-http_gzip_static_module \
   --with-http_stub_status_module \
   --with-pcre
   make && make install
   
   #这时候报了一个错，同一文件，是因为上面的 prefix配置错了
   ./configure --prefix=/usr/local/nginx --conf-path=/usr/local/nginx/nginx.conf 
   
   #最终应该为
   ./configure --conf-path=/usr/local/nginx/nginx.conf  \
   --user=www \
   --group=www \
   --with-mail \
   --with-mail_ssl_module \
   --with-http_ssl_module \
   --with-http_flv_module \
   --with-http_dav_module \
   --with-http_sub_module \
   --with-http_spdy_module \
   --with-http_realip_module \
   --with-http_addition_module \
   --with-http_gzip_static_module \
   --with-http_stub_status_module \
   --with-pcre
   make && make install

2. 修改config

   # 这个是我个人修改方法，很多不足，慢慢优化
   user www www;
   worker_processes  1;
   
   #error_log  logs/error.log;
   #error_log  logs/error.log  notice;
   #error_log  logs/error.log  info;
   
   #pid        logs/nginx.pid;
   
   
   events {
       worker_connections  1024;
       use epoll;
   }
   
   
   http {
       include       mime.types;
       default_type  application/octet-stream;
   
       log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                         '$status $body_bytes_sent "$http_referer" '
                         '"$http_user_agent" "$http_x_forwarded_for"';
   
       access_log  logs/access.log  main;
   
       sendfile        on;
       #tcp_nopush     on;
   
       #keepalive_timeout  0;
       keepalive_timeout  65;
   
       gzip_min_length 1k;
       gzip_buffers 4 16k;
       #gzip_http_version 1.0;
       gzip_comp_level 2;
       gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
       gzip_vary off;
       gzip_disable "MSIE [1-6]\.";
   
       server {
           listen       80;
           server_name  localhost;
           #access_log /home/zhkuang/log/access.log access;
           #error_log /home/zhkuang/log/error.log error;
   
           if ($http_user_agent ~* AhrefsBot|nws) {
               return 403;
           }
   
           #charset koi8-r;
   
           #access_log  logs/host.access.log  main;
   
           location / {
               root   /data/nginx_root;
               index  index.html index.htm;
           }
   
           #error_page  404              /404.html;
   
           # redirect server error pages to the static page /50x.html
           #
           error_page   500 502 503 504  /50x.html;
           location = /50x.html {
               root   html;
           }
   
           # proxy the PHP scripts to Apache listening on 127.0.0.1:80
           #
           #location ~ \.php$ {
           #    proxy_pass   http://127.0.0.1;
           #}
   
           # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
           #
           #location ~ \.php$ {
           #    root           html;
           #    fastcgi_pass   127.0.0.1:9000;
           #    fastcgi_index  index.php;
           #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
           #    include        fastcgi_params;
           #}
   
           # deny access to .htaccess files, if Apache's document root
           # concurs with nginx's one
           #
           #location ~ /\.ht {
           #    deny  all;
           #}
       }
   
   
       # another virtual host using mix of IP-, name-, and port-based configuration
       #
       #server {
       #    listen       8000;
       #    listen       somename:8080;
       #    server_name  somename  alias  another.alias;
   
       #    location / {
       #        root   html;
       #        index  index.html index.htm;
       #    }
       #}
   
   
       # HTTPS server
       #
       #server {
       #    listen       443 ssl;
       #    server_name  localhost;
   
       #    ssl_certificate      cert.pem;
       #    ssl_certificate_key  cert.key;
   
       #    ssl_session_cache    shared:SSL:1m;
       #    ssl_session_timeout  5m;
   
       #    ssl_ciphers  HIGH:!aNULL:!MD5;
       #    ssl_prefer_server_ciphers  on;
   
       #    location / {
       #        root   html;
       #        index  index.html index.htm;
       #    }
       #}
   
   }

3. 测试、启动nginx

   ln -s /usr/local/nginx/sbin/nginx /usr/bin/nginx
   nginx -t
   nginx -c /usr/local/nginx/conf/nginx.conf
   ps -aux | grep nginx
   netstat -anptu | grep 80

4. 设为开机启动

   vim /etc/init.d/nginx
   #!/bin/sh
   # chkconfig:        2345 80 20
   # Description:        Start and Stop Nginx
   # Provides:        nginx
   # Default-Start:    2 3 4 5
   # Default-Stop:        0 1 6
   PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
   NAME=nginx
   NGINX_BIN=/usr/local/nginx/sbin/$NAME
   CONFIGFILE=/usr/local/nginx/conf/$NAME.conf
   PIDFILE=/home/www/pid/$NAME.pid
   SCRIPTNAME=/etc/init.d/$NAME
   case "$1" in
   start)
   echo -n "Starting $NAME... "
   if netstat -tnpl | grep -q nginx;then
   echo "$NAME (pid `pidof $NAME`) already running."
   exit 1
   fi
   $NGINX_BIN -c $CONFIGFILE
   if [ "$?" != 0 ] ; then
   echo " failed"
   exit 1
   else
   echo " done"
   fi
   ;;
   stop)
   echo -n "Stoping $NAME... "
   if ! netstat -tnpl | grep -q nginx; then
   echo "$NAME is not running."
   exit 1
   fi
   $NGINX_BIN -s stop
   if [ "$?" != 0 ] ; then
   echo " failed. Use force-quit"
   exit 1
   else
   echo " done"
   fi
   ;;
   status)
   if netstat -tnpl | grep -q nginx; then
   PID=`pidof nginx`
   echo "$NAME (pid $PID) is running..."
   else
   echo "$NAME is stopped"
   exit 0       
   fi
   ;;
   force-quit)
   echo -n "Terminating $NAME... "
   if ! netstat -tnpl | grep -q nginx; then
   echo "$NAME is not running."
   exit 1
   fi
   kill `pidof $NAME`
   if [ "$?" != 0 ] ; then
   echo " failed"
   exit 1
   else
   echo " done"   
   fi
   ;;
   restart)
   $SCRIPTNAME stop
   sleep 1
   $SCRIPTNAME start
   ;;
   reload)                                                                                      
   echo -n "Reload service $NAME... "
   if netstat -tnpl | grep -q nginx; then
   $NGINX_BIN -s reload
   echo " done"
   else
   echo "$NAME is not running, can't reload."
   exit 1
   fi
   ;;
   configtest)
   echo -n "Test $NAME configure files... "
   $NGINX_BIN -t
   ;;
   *)
   echo "Usage: $SCRIPTNAME {start|stop|force-quit|restart|reload|status|configtest}"
   exit 1
   ;;
   esac

添加到系统服务

chmod a+x /etc/init.d/nginx
chkconfig --add nginx
chkconfig --level 2345 nginx on
chkconfig --list | grep nginx

1. 重启

   service nginx restart
   ps -aux | grep nginx
   netstat -anptu | grep 80

2. 端口

   iptables -A INPUT -p tcp --dport 80 -j ACCEPT

注意：上面弄好以后访问可能会forbidden，是因为指向的那个根目录没有index.html || index.php
添加一个空的就好了

上面的开通80防火墙不是很好用

这个给力

1.本机能ping通虚拟机 2.虚拟机也能ping通本机 3.虚拟机能访问自己的web 4.本机无法访问虚拟己的web

后来发现是防火墙将80端口屏蔽了的缘故。

检查是不是服务器的80端口被防火墙堵了，可以通过命令：

telnet {服务器ip}80 来测试。

解决方法如下： /sbin/iptables -I INPUT -p tcp –dport 80 -j ACCEPT 然后保存： /etc/rc.d/init.d/iptables save 重启防火墙 /etc/init.d/iptables restart
CentOS防火墙的关闭，关闭其服务即可：

查看CentOS防火墙信息：

/etc/init.d/iptables status

关闭CentOS防火墙服务：

/etc/init.d/iptables stop

永久关闭防火墙：

chkconfig –level 35 iptables off