暂无图片
暂无图片
暂无图片
暂无图片
暂无图片
首页 / nginx在单用户下搭建

nginx在单用户下搭建

原创 平常心 2021-08-05
693

1 创建用户msapp
2 因为不是root用户所以访问端口不用用80 ,需要改成8080,或其他
3 编译准备
需要安装的软件
yum install -y pcre pcre-devel
yum install -y zlib zlib-devel gcc gcc-c++
su -msapp
tar xzvf nginx-1.20.1.tar.gz
cd nginx-1.20.1
创建这些文件
touch /home/msapp/nginx/log/error.log
touch /home/msapp/nginx/log/access.log
mkdir -p /home/msapp/nginx/client_body_temp
mkdir -p /home/msapp/nginx/proxy_temp
mkdir -p /home/msapp/nginx/fastcgi_temp
mkdir -p /home/msapp/nginx/uwsgi_temp
mkdir -p /home/msapp/nginx/scgi_temp
配置编译
./configure --prefix=/home/msapp/nginx
–conf-path=/home/msapp/nginx/nginx.conf
–error-log-path=/home/msapp/nginx/log/error.log
–http-log-path=/home/msapp/nginx/log/access.log
–pid-path=/home/msapp/nginx/nginx.pid
–lock-path=/home/msapp/nginx/nginx.lock
–http-client-body-temp-path=/home/msapp/nginx/client_body_temp/
–http-proxy-temp-path=/home/msapp/nginx/proxy_temp/
–http-fastcgi-temp-path=/home/msapp/nginx/fastcgi_temp/
–http-uwsgi-temp-path=/home/msapp/nginx/uwsgi_temp/
–http-scgi-temp-path=/home/msapp/nginx/scgi_temp/
–user=msapp
–group=msapp
make
make install
vi /home/msapp/nginx/nginx.conf文件中的80改成8080
配置启动
vi /home/msapp/nginx/start.sh
/home/msapp/nginx/sbin/nginx -c /home/msapp/nginx/nginx.conf
vi /home/msapp/nginx/stop.sh
/home/msapp/nginx/sbin/nginx -s stop
权限
chmod u+x stop.sh
chmod u+x start.sh
追加执行路径(可有可无)
vi ~/.bash_profile
path /home/msapp/nginx/sbin

如果需要访问的事https化就复杂一些
需要安装openssl
配置
vi /home/msapp/nginx-1.20.1/auto/lib/openssl/conf
修改 .openssl 和openssl 去掉
##原版配置文件
*)
have=NGX_OPENSSL . auto/have
have=NGX_SSL . auto/have

        CORE_INCS="$CORE_INCS $OPENSSL/.openssl/include"
        CORE_DEPS="$CORE_DEPS $OPENSSL/.openssl/include/openssl/ssl.h"
        CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libssl.a"
        CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libcrypto.a"
        CORE_LIBS="$CORE_LIBS $NGX_LIBDL"
        CORE_LIBS="$CORE_LIBS $NGX_LIBPTHREAD"

        if [ "$NGX_PLATFORM" = win32 ]; then
            CORE_LIBS="$CORE_LIBS -lgdi32 -lcrypt32 -lws2_32"
        fi
    ;;
esac

我们要修改
    *)
        have=NGX_OPENSSL . auto/have
        have=NGX_SSL . auto/have

        CORE_INCS="$CORE_INCS $OPENSSL/include"++
        CORE_DEPS="$CORE_DEPS $OPENSSL/include/openssl/ssl.h"
        CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libssl.a"
        CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libcrypto.a"
        CORE_LIBS="$CORE_LIBS $NGX_LIBDL"
        CORE_LIBS="$CORE_LIBS $NGX_LIBPTHREAD"

        if [ "$NGX_PLATFORM" = win32 ]; then
            CORE_LIBS="$CORE_LIBS -lgdi32 -lcrypt32 -lws2_32"
        fi
    ;;
esac

指定一些路径
export PKG_CONFIG_PATH=/usr/local/openssl-1.1.1k/lib/pkgconfig
export LD_LIBRARY_PATH=/usr/local/openssl-1.1.1k/lib
编译准备
touch /home/msapp/nginx/log/error.log
touch /home/msapp/nginx/log/access.log
mkdir -p /home/msapp/nginx/client_body_temp
mkdir -p /home/msapp/nginx/proxy_temp
mkdir -p /home/msapp/nginx/fastcgi_temp
mkdir -p /home/msapp/nginx/uwsgi_temp
mkdir -p /home/msapp/nginx/scgi_temp
./configure --prefix=/home/msapp/nginx
–conf-path=/home/msapp/nginx/nginx.conf
–error-log-path=/home/msapp/nginx/log/error.log
–http-log-path=/home/msapp/nginx/log/access.log
–pid-path=/home/msapp/nginx/nginx.pid
–lock-path=/home/msapp/nginx/nginx.lock
–http-client-body-temp-path=/home/msapp/nginx/client_body_temp/
–http-proxy-temp-path=/home/msapp/nginx/proxy_temp/
–http-fastcgi-temp-path=/home/msapp/nginx/fastcgi_temp/
–http-uwsgi-temp-path=/home/msapp/nginx/uwsgi_temp/
–http-scgi-temp-path=/home/msapp/nginx/scgi_temp/
–user=msapp
–group=msapp
–with-http_ssl_module
–with-openssl=/usr/local/openssl-1.1.1k/

make
make install

切换用户root
创建认证文件
mkdir -p /root/demoCA
mkdir -p /root/demoCA/private
mkdir -p /root/demoCA/crl
mkdir -p /root/demoCA/certs
mkdir -p /root/demoCA/newcerts
touch /root/demoCA/index.txt
touch /root/demoCA/serial
echo “01”>/root/demoCA/serial
openssl genrsa -out ./demoCA/private/cakey.pem 2048
openssl req -new -key /root/demoCA/private/cakey.pem -x509 -out /root/demoCA/cacert.pem -days 3650
cd /root/demoCA
openssl genrsa 2048 >/root/demoCA/nginx.key
openssl req -new -key /root/demoCA/nginx.key -out /root/demoCA/nginx.csr
cd /root
openssl ca -in /root/demoCA/nginx.csr -out /root/demoCA/nginx.cert
cp /root/demoCA/nginx.* /home/msapp/nginx/keys/
chown -R msapp.msapp /home/msapp/nginx/keys/
cat /home/msapp/nginx/nginx.conf

追加https 端口18080
# HTTPS server
#
server {
listen 18080 ssl;
server_name localhost;

    #ssl_certificate      cert.pem;
    #ssl_certificate_key  cert.key;
    ssl_certificate       keys/nginx.cert;
    ssl_certificate_key   keys/nginx.key;
    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;

    location / {
        root   html;
        index  index.html index.htm;
    }
    location ~ ^/favicon\.ico$ {
        root    /data/bdsite;
     }
}

}

nginx
「喜欢这篇文章,您的关注和赞赏是给作者最好的鼓励」
关注作者
【版权声明】本文为墨天轮用户原创内容,转载时必须标注文章的来源(墨天轮),文章链接,文章作者等基本信息,否则作者和墨天轮有权追究责任。如果您发现墨天轮中有涉嫌抄袭或者侵权的内容,欢迎发送邮件至:contact@modb.pro进行举报,并提供相关证据,一经查实,墨天轮将立刻删除相关内容。

评论