建立服务管理组和用户
[root@localhost ~]#
groupadd nginx && useradd -s /sbin/nologin -g nginx -M nginx
建立相关目录
[root@localhost ~]# mkdir -p /inetpub/wwwroot/www.manong.life/
[root@localhost ~]# chown -R www:www /inetpub/
放行80端口,如果使用https记得还要放行443端口
[root@localhost ~]# firewall-cmd --zone=public --add-port=80/tcp --permanent
[root@localhost ~]# systemctl restart firewalld.service
开始安装NGINX
[root@localhost ~]# cd /src/
[root@localhost src]# rz -b
rz waiting to receive.
Starting zmodem transfer. Press Ctrl+C to cancel.
Transferring nginx-1.20.1.tar.gz...
100% 1036 KB 1036 KB/sec 00:00:01 0 Errors
[root@localhost src]# tar -xf nginx-1.20.1.tar.gz
[root@localhost src]# cd nginx-1.20.1
[root@localhost nginx-1.20.1]# vim src/http/ngx_http_header_filter_module.c # 伪装信息·第一步(非必须步骤,可跳过)
49 static u_char ngx_http_server_string[] = "Server: MaNongServer" CRLF; # 修改红色部分成想要伪装成的服务器软件,如:Microsoft-IIS
50 static u_char ngx_http_server_full_string[] = "Server: " NGINX_VER CRLF;
51 static u_char ngx_http_server_build_string[] = "Server: " NGINX_VER_BUILD CRLF;
[root@localhost nginx-1.20.1]# vim src/http/ngx_http_special_response.c # 伪装信息·第二步(非必须步骤,可跳过)
35 static u_char ngx_http_error_tail[] =
36 "<hr><center>MaNongServer</center>" CRLF # 修改红色部分成想要伪装成的服务器软件,如:Microsoft-IIS
37 "</body>" CRLF
38 "</html>" CRLF
[root@localhost nginx-1.20.1]# vim src/http/v2/ngx_http_v2_filter_module.c # 伪装信息·第三步(非必须步骤,可跳过)
151 static const u_char nginx[10] = "\x89\xd0\x3d\x27\xaa\x6d\xc5\xb3\xb9\x6c";
# 等号右边的字符串是原字符串“MaNongServer”的哈夫曼编码16进制表示,即先把原字符串进行哈夫曼编码再转为16进制,方括号里的数字并不是原字符串长度,可以简单将其理解为“\x”的数量。
# 常用服务器软件名称的16进制编码字符串:
# nginx <---> u_char nginx[5] = "\x84\xaa\x63\x55\xe7"
# Apache <---> u_char nginx[6] = "\x85\x86\xb1\x92\x72\xff"
# Microsoft-IIS <---> u_char nginx[11] = "\x8a\xd0\x62\x58\x74\x1e\x54\xad\x93\x26\xef"
480 "http2 output header: \"server: MaNongServer\""); # 修改红色部分成想要伪装成的服务器软件,如:Microsoft-IIS
[root@localhost nginx-1.20.1]#
./configure \
--prefix=/program/nginx \
--with-file-aio \
--with-http_addition_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_image_filter_module \
--with-http_random_index_module \
--with-http_ssl_module \
--with-http_xslt_module \
--with-http_v2_module \
--with-openssl=/src/openssl-3.0.4 # OpenSSL源码路径(不是安装路径),若没有升级OpenSSL可缺省该参数
&& make \
&& make install \
&& chown -R nginx:nginx /program/nginx/
[root@localhost nginx-1.20.1]# /program/nginx/sbin/nginx -V
nginx version: nginx/1.20.1 # 能查看到NGINX版本号,安装成功
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/program/nginx --with-file-aio --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_random_index_module --with-http_ssl_module --with-http_xslt_module --with-http_v2_module
[root@localhost nginx-1.20.1]#
修改NGINX的配置文件
[root@localhost ~]# vim /program/nginx/conf/nginx.conf
pid /dev/shm/nginx.pid;
[root@localhost ~]#
把NGINX加入系统服务方便管理
[root@localhost ~]# touch /etc/init.d/nginx && chmod 755 /etc/init.d/nginx
[root@localhost ~]# vim /etc/init.d/nginx
#!/bin/sh
#
# nginx - this script starts and stops the nginx daemon
#
# chkconfig: - 85 15
# description: Nginx is an HTTP(S) server, HTTP(S) reverse
# proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /program/nginx/conf/nginx.conf
# pidfile: /dev/shm/nginx.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
########## 以下内容需根据实际情况修改 ##########
nginx="/program/nginx/sbin/nginx"
NGINX_CONF_FILE="/program/nginx/conf/nginx.conf"
lockfile=/dev/shm/nginx.lock
prog=$(basename $nginx)
start() {
[ -x $nginx ] || exit 5
[ -f $NGINX_CONF_FILE ] || exit 6
echo -n $"Starting $prog: "
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
killproc $prog -QUIT
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
killall -9 nginx
}
restart() {
configtest || return $?
stop
sleep 1
start
}
reload() {
configtest || return $?
echo -n $"Reloading $prog: "
killproc $nginx -HUP
RETVAL=$?
echo
}
force_reload() {
restar
}
configtest() {
$nginx -t -c $NGINX_CONF_FILE
}
rh_status() {
status $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart|configtest)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
exit 2
esac
[root@localhost ~]#
管理命令汇总
[root@localhost ~]# chkconfig --add nginx
[root@localhost ~]# chkconfig nginx on
[root@localhost ~]# chkconfig nginx off
[root@localhost ~]# service nginx start
[root@localhost ~]# service nginx stop
[root@localhost ~]# service nginx status
[root@localhost ~]# service nginx restart
[root@localhost ~]# service nginx condrestart
[root@localhost ~]# service nginx try-restart
[root@localhost ~]# service nginx reload
[root@localhost ~]# service nginx force-reload
[root@localhost ~]# service nginx configtest