Linux安装Nginx(非Docker)
在安装nginx前首先要确认系统中安装了gcc、pcre-devel、zlib-devel、openssl-devel
yum list installed | grep gcc
yum list installed | grep pcre-devel
yum list installed | grep zlib-devel
yum list installed | grep openssl-devel
yum -y install gcc pcre-devel zlib-devel openssl-devel
下载安装Nginx
wget http://nginx.org/download/nginx-1.16.1.tar.gz
sftp...
tar -zxvf nginx-1.16.1.tar.gz
cd nginx-1.16.1
./configure --prefix=/usr/local/nginx
make
make install
cd /usr/local/nginx/
./sbin/nginx -t
nginx: [alert] could not open error log file: open() "/usr/local/nginx/logs/error.log" failed (2: No such file or directory)
2016/09/13 19:08:56 [emerg] 6996
原因分析:nginx/目录下没有logs文件夹
解决方法:mkdir logs
chmod 700 logs
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
cd /usr/local/nginx/sbin
./nginx
firewall-cmd --query-port=80/tcp
firewall-cmd --add-port=80/tcp --permanent
systemctl restart firewalld
vi /usr/lib/systemd/system/nginx.service
[Unit]
Description=nginx
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s quit
PrivateTmp=true
[Install]
WantedBy=multi-user.target
systemctl enable nginx.service
systemctl status nginx.service
pkill -9 nginx
ps aux | grep nginx
systemctl start nginx
reboot
优化配置Nginx
Nginx后端服务指定的Header隐藏状态(隐藏Nginx后端服务X-Powered-By头)
隐藏Nginx后端服务指定Header的状态: 1、打开conf/nginx.conf配置文件; 2、在http下配置proxy_hide_header项; 增加或修改为 proxy_hide_header X-Powered-By; proxy_hide_header Server;
隐藏Nginx服务的Banner(Nginx服务的Banner隐藏状态)
Nginx后端服务指定的Header隐藏状态隐藏Nginx服务Banner的状态: 1、打开conf/nginx.conf配置文件; 2、在server栏目下,配置server_tokens项 server_tokens off;
Nginx的WEB访问日志记录状态(Nginx后端服务指定的Header隐藏状态)
开启Nginx的WEB访问日志记录: 1、打开conf/nginx.conf配置文件; 2、在http下配置access_log项
access_log logs/host.access.log main; 3、 并删除off项
检查Nginx进程启动账号(Nginx进程启动账号状态,降低被攻击概率)
修改Nginx进程启动账号: 1、打开conf/nginx.conf配置文件; 2、查看配置文件的user配置项,确认是非root启动的; 3、如果是root启动,修改成nobody或者nginx账号; 备注: 4、修改完配置文件之后需要重新启动Nginx