内容简介:前两个月把公司生产服务器迁移云服务商的时候,对新服务器模版做了不少优化,还编译了 nginx 加入了 http2 等诸多酷炫的特性,然而当时没做笔记过几天就忘记了具体做了什么。前些天发现自己的几台服务器年久失修,在修理的时候手滑把数据都删了……那就从头来过吧,辣鸡服务商最高只提供14.04的系统,那 DD 做个18.04,再重新加上各种优化,记笔记水几篇文章?由于 apt 即使引入了第三方源安装 Nginx 的版本也很低,为了实践最新的特性,只好从源码编译安装 Nginx。
前两个月把公司生产服务器迁移云服务商的时候,对新服务器模版做了不少优化,还编译了 nginx 加入了 http2 等诸多酷炫的特性,然而当时没做笔记过几天就忘记了具体做了什么。
前些天发现自己的几台服务器年久失修,在修理的时候手滑把数据都删了……那就从头来过吧,辣鸡服务商最高只提供14.04的系统,那 DD 做个18.04,再重新加上各种优化,记笔记水几篇文章?
Nginx 源码编译安装
由于 apt 即使引入了第三方源安装 Nginx 的版本也很低,为了实践最新的特性,只好从源码编译安装 Nginx。
Nginx 依赖 openssl
(SSL加密), pcre
(prel正则库)和 zlib
(压缩库)。其中 openssl
更新比较快,也采用源码方式引入。
安装依赖:
sudo apt install -y build-essential libpcre3 libpcre3-dev zlib1g-dev unzip git
第三方组件
openssl
wget https://www.openssl.org/source/openssl-1.1.1a.tar.gz tar zxf openssl-1.1.1a
ngx_brotli
Brotli 是 Google 开源的高效的压缩算法。 性能比 gzip 好很多
git clone https://github.com/google/ngx_brotli cd ngx_brotli git submodule update --init
下载 Nginx 源码
wget https://nginx.org/download/nginx-1.15.8.tar.gz tar zxf nginx-1.15.8.tar.gz
编译Nginx
为了保持习惯(apt 安装的 nginx)一致,我指定了 nginx 的配置,日志,pid 文件路径。加入了之前下载的 ngx_brotli
和 openssl
。启用了 http_v2
和 http_ssl
这两个HTTP/2相关模块, http_gzip_static
支持预编译压缩文件(抄Jerry Qu的,自己并没有用上), stream
支持 TCP/UDP转发
./configure \ --prefix=/etc/nginx \ --conf-path=/etc/nginx/nginx.conf \ --sbin-path=/usr/local/bin/nginx \ --pid-path=/run/nginx.pid \ --http-log-path=/var/log/nginx/access.log \ --error-log-path=/var/log/nginx/error.log \ --add-module=../ngx_brotli \ --with-openssl=../openssl-1.1.1a --with-openssl-opt='enable-tls1_3' \ --with-http_v2_module \ --with-http_ssl_module \ --with-http_gzip_static_module \ --with-stream make sudo make install
Nginx 服务管理脚本与自启动
都用18.04了,那就用 systemd
来管理吧,配置文件都是 Nginx 官网抄的
vim /etc/systemd/system/nginx.service
[Unit] Description=The NGINX HTTP and reverse proxy server After=syslog.target network.target remote-fs.target nss-lookup.target [Service] Type=forking PIDFile=/run/nginx.pid ExecStartPre=/usr/local/bin/nginx -t ExecStart=/usr/local/bin/nginx ExecReload=/usr/local/bin/nginx -s reload ExecStop=/bin/kill -s QUIT $MAINPID PrivateTmp=true [Install] WantedBy=multi-user.target
sudo systemctl daemon-reload sudo systemctl start nginx sudo systemctl status nginx # 启动后查看下服务是否正常 sudo systemctl enable nginx # 开机自启
Nginx 配置文件
nginx.conf
# user nobody; worker_processes auto; pid /run/nginx.pid; events { use epoll; worker_connections 809044; accept_mutex off; multi_accept off; } http { ## # Basic Settings ## include /etc/nginx/mime.types; default_type application/octet-stream; charset UTF-8; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; server_names_hash_max_size 4096; # server_tokens off; server_names_hash_bucket_size 128; client_max_body_size 2m; # server_name_in_redirect off; server_tokens off; ## # SSL Settings ## ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:DES-CBC3-SHA; ssl_prefer_server_ciphers on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ## # Logging Settings ## log_format kd_access_log '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" ' '$upstream_addr $upstream_response_time $request_time'; access_log /var/log/nginx/access.log kd_access_log; error_log /var/log/nginx/error.log; ## # Gzip Settings ## gzip on; gzip_vary on; gzip_comp_level 6; gzip_buffers 16 8k; gzip_min_length 1000; gzip_proxied any; gzip_disable "msie6"; gzip_http_version 1.0; gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript image/svg+xml; # 如果编译时添加了 ngx_brotli 模块,需要增加 brotli 相关配置 brotli on; brotli_comp_level 6; brotli_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript image/svg+xml; ## # Virtual Host Configs ## include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; }
sites-available/blog
server { listen 443 ssl http2 fastopen=3 reuseport; # 这里有个问额:第二个网站配置时只能写 listen 443; 否则会报错,但是 http2 特性也是能用的,还没找到原因 server_name blog.kdwycz.com; access_log /var/log/nginx/blog.access.log kd_access_log; error_log /var/log/nginx/blog.error.log; location / { alias /home/kdwycz/blog/; } ssl_session_cache shared:SSL:10m; ssl_session_timeout 60m; ssl_session_tickets on; # ssl_stapling on; # ssl_stapling_verify on; # ssl_trusted_certificate; ssl_certificate /home/kdwycz/certs/cert.pem; ssl_certificate_key /home/kdwycz/privkey.pem; } server { listen 80; server_name blog.kdwycz.com; if ($request_method = GET) { return 301 https://$server_name$request_uri; } return 308 https://$server_name$request_uri; }
以上就是本文的全部内容,希望本文的内容对大家的学习或者工作能带来一定的帮助,也希望大家多多支持 码农网
猜你喜欢:- Nginx 支持单域名多 Vue 服务配置备忘
- 重学 Java 设计模式:实战备忘录模式「模拟互联网系统上线过程中,配置文件回滚场景」
- 备忘录模式
- VIM用法总结(备忘)
- Git 备忘录
- InnoDB备忘录 - 逻辑存储
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
Building Web Reputation Systems
Randy Farmer、Bryce Glass / Yahoo Press / 2010 / GBP 31.99
What do Amazon's product reviews, eBay's feedback score system, Slashdot's Karma System, and Xbox Live's Achievements have in common? They're all examples of successful reputation systems that enable ......一起来看看 《Building Web Reputation Systems》 这本书的介绍吧!
RGB HSV 转换
RGB HSV 互转工具
HEX HSV 转换工具
HEX HSV 互换工具