Nginx 安装与配置指南

Nginx是一个高性能的HTTP和反向代理服务器,也是一个IMAP/POP3/SMTP代理服务器。本文将详细介绍Nginx在不同操作系统上的安装方法、配置和管理。

1. 安装方法

1.1 Ubuntu/Debian 系统

使用包管理器安装

1
2
3
4
5
6
7
8
# 更新包索引
sudo apt update

# 安装Nginx
sudo apt install nginx

# 验证安装
sudo nginx -v

编译安装

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# 安装依赖
sudo apt update
sudo apt install build-essential libpcre3 libpcre3-dev zlib1g zlib1g-dev libssl-dev

# 下载Nginx源码
wget http://nginx.org/download/nginx-1.24.0.tar.gz

# 解压
tar -zxvf nginx-1.24.0.tar.gz
cd nginx-1.24.0

# 配置
./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_gzip_static_module

# 编译和安装
make
sudo make install

1.2 CentOS/RHEL 系统

使用包管理器安装

1
2
3
4
5
6
7
8
# 安装EPEL仓库
sudo yum install epel-release

# 安装Nginx
sudo yum install nginx

# 验证安装
sudo nginx -v

编译安装

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# 安装依赖
sudo yum groupinstall "Development Tools"
sudo yum install pcre-devel zlib-devel openssl-devel

# 下载Nginx源码
wget http://nginx.org/download/nginx-1.24.0.tar.gz

# 解压
tar -zxvf nginx-1.24.0.tar.gz
cd nginx-1.24.0

# 配置
./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_gzip_static_module

# 编译和安装
make
sudo make install

1.3 macOS 系统

使用Homebrew安装

1
2
3
4
5
6
7
8
# 安装Homebrew(如果未安装)
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

# 安装Nginx
brew install nginx

# 验证安装
nginx -v

1.4 Windows 系统

  1. Nginx官方网站 下载Windows版本
  2. 解压到指定目录,如 C:\nginx
  3. 打开命令提示符,进入Nginx目录
  4. 运行 nginx.exe 启动服务

2. 基本配置

2.1 配置文件结构

Nginx的主要配置文件位于:

  • Ubuntu/Debian: /etc/nginx/nginx.conf
  • CentOS/RHEL: /etc/nginx/nginx.conf
  • 编译安装: /usr/local/nginx/conf/nginx.conf
  • macOS (Homebrew): /usr/local/etc/nginx/nginx.conf

2.2 基本配置示例

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
# 工作进程数,通常设置为CPU核心数
worker_processes auto;

# 错误日志位置
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;

# 事件配置
events {
    worker_connections 1024;
}

# HTTP配置
http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;
    
    # 日志配置
    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log /var/log/nginx/access.log main;
    
    # 性能优化
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    
    # 虚拟主机配置
    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}

2.3 虚拟主机配置

创建一个简单的虚拟主机配置:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
# /etc/nginx/sites-available/example.com
server {
    listen 80;
    server_name example.com www.example.com;
    root /var/www/example.com;
    index index.html index.htm;
    
    location / {
        try_files $uri $uri/ =404;
    }
    
    error_page 404 /404.html;
    error_page 500 502 503 504 /50x.html;
    
    location = /50x.html {
        root /usr/share/nginx/html;
    }
}

在Ubuntu/Debian系统上,需要创建符号链接:

1
sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/

3. 服务管理

3.1 启动、停止、重启

systemd 系统(Ubuntu 16.04+, CentOS 7+)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# 启动
sudo systemctl start nginx

# 停止
sudo systemctl stop nginx

# 重启
sudo systemctl restart nginx

# 重载配置(不中断服务)
sudo systemctl reload nginx

# 查看状态
sudo systemctl status nginx

# 设置开机自启
sudo systemctl enable nginx

SysVinit 系统

1
2
3
4
5
6
7
8
9
10
11
# 启动
sudo service nginx start

# 停止
sudo service nginx stop

# 重启
sudo service nginx restart

# 重载配置
sudo service nginx reload

编译安装的Nginx

1
2
3
4
5
6
7
8
9
10
11
# 启动
/usr/local/nginx/sbin/nginx

# 停止
/usr/local/nginx/sbin/nginx -s stop

# 重启
/usr/local/nginx/sbin/nginx -s reload

# 测试配置
/usr/local/nginx/sbin/nginx -t

4. 验证安装

4.1 检查Nginx是否运行

1
2
3
4
5
6
7
8
# 检查进程
ps aux | grep nginx

# 检查端口
sudo netstat -tuln | grep 80

# 或使用ss命令
sudo ss -tuln | grep 80

4.2 访问测试

在浏览器中访问服务器IP地址或域名,应该能看到Nginx的默认欢迎页面。

5. 常见问题与解决方案

5.1 端口占用

问题:启动Nginx时提示端口80被占用。

解决方案

1
2
3
4
5
6
7
8
# 查找占用端口的进程
sudo lsof -i :80

# 停止占用端口的进程
sudo kill -9 <PID>

# 重新启动Nginx
sudo systemctl start nginx

5.2 权限问题

问题:Nginx无法访问网站目录。

解决方案

1
2
3
# 检查目录权限
sudo chown -R www-data:www-data /var/www/example.com
sudo chmod -R 755 /var/www/example.com

5.3 配置错误

问题:Nginx启动失败,提示配置错误。

解决方案

1
2
3
4
5
6
# 测试配置文件
sudo nginx -t

# 根据错误信息修复配置文件
# 修复后重载配置
sudo systemctl reload nginx

6. 安全配置

6.1 隐藏版本信息

在nginx.conf中添加:

1
2
3
4
http {
    server_tokens off;
    # 其他配置...
}

6.2 限制并发连接

1
2
3
4
events {
    worker_connections 1024;
    # 其他配置...
}

6.3 配置HTTPS

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
server {
    listen 443 ssl http2;
    server_name example.com;
    
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    
    # SSL配置
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    
    # 其他配置...
}

# 重定向HTTP到HTTPS
server {
    listen 80;
    server_name example.com;
    return 301 https://$host$request_uri;
}

7. 性能优化

7.1 工作进程配置

1
2
3
4
5
# 设置为CPU核心数
worker_processes auto;

# 绑定CPU核心
worker_cpu_affinity 0001 0010 0100 1000;

7.2 连接配置

1
2
3
4
5
events {
    worker_connections 10240;
    use epoll;
    multi_accept on;
}

7.3 缓冲区配置

1
2
3
4
5
6
http {
    client_body_buffer_size 16k;
    client_header_buffer_size 1k;
    large_client_header_buffers 4 8k;
    # 其他配置...
}

7.4 启用Gzip压缩

1
2
3
4
5
6
http {
    gzip on;
    gzip_comp_level 6;
    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
    # 其他配置...
}

8. 常用模块

8.1 反向代理模块

1
2
3
4
5
6
7
8
9
10
11
12
server {
    listen 80;
    server_name example.com;
    
    location / {
        proxy_pass http://localhost:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

8.2 负载均衡模块

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
upstream backend {
    server backend1.example.com weight=5;
    server backend2.example.com weight=5;
    server backend3.example.com backup;
}

server {
    listen 80;
    server_name example.com;
    
    location / {
        proxy_pass http://backend;
        # 其他代理配置...
    }
}

8.3 静态文件服务

1
2
3
4
5
6
7
8
9
10
11
12
13
14
server {
    listen 80;
    server_name example.com;
    root /var/www/example.com;
    
    location / {
        try_files $uri $uri/ =404;
    }
    
    location ~* \.(jpg|jpeg|png|gif|css|js|ico)$ {
        expires 30d;
        add_header Cache-Control "public, max-age=2592000";
    }
}

9. 参考资料