前提条件
- Rocky Linux 8 或更高版本
- root 权限或 sudo 权限
- 可用的互联网连接
安装步骤
1. 添加 Nginx 官方源
首先需要添加 Nginx 的官方源,以确保获取最新版本:
sudo yum install epel-release -y # 安装 epel 源
sudo yum makecache # 更新 yum 缓存
2. 安装 Nginx
sudo yum install nginx -y # 安装 Nginx
sudo nginx -v # 查看 Nginx 版本
3. 管理 Nginx 服务
sudo systemctl start nginx # 启动 Nginx
sudo systemctl enable nginx # 设置开机自启
sudo systemctl status nginx # 查看Nginx状态
4. 配置防火墙
防火墙开放
80和443端口。
sudo firewall-cmd --permanent --add-service=http # 开放80端口
sudo firewall-cmd --permanent --add-service=https # 开放443端口(如需配置HTTPS)
sudo firewall-cmd --reload # 重载防火墙配置
Nginx 配置
1. 主要配置文件位置
- 主配置文件:
/etc/nginx/nginx.conf - 网站配置目录:
/etc/nginx/conf.d/ - 默认网站目录:
/usr/share/nginx/html/ - 日志文件目录:
/var/log/nginx/
2. 创建网站配置
# 创建新的配置文件
sudo vim /etc/nginx/conf.d/mysite.conf
基础项目、Nuxt 项目和 PHP 项目配置示例
server {
listen 80;
server_name example.com;
root /var/www/mysite;
access_log /var/log/nginx/mysite_access.log;
error_log /var/log/nginx/mysite_error.log;
location / {
index index.html index.htm;
}
}map $sent_http_content_type $expires {
"text/html" epoch;
"text/html; charset=utf-8" epoch;
default off;
}
server {
listen 80;
server_name example.com;
gzip on;
gzip_types text/plain application/xml text/css application/javascript;
gzip_min_length 1000;
location / {
expires $expires;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 1m;
proxy_connect_timeout 1m;
proxy_pass http://127.0.0.1:3000;
}
}server {
listen 80;
server_name example.com;
return 301 $scheme://www.$host$request_uri;
}
server {
listen 443 ssl;
server_name www.example.com;
root /var/www/laravel;
ssl_certificate /etc/nginx/ssl/example.com.crt;
ssl_certificate_key /etc/nginx/ssl/example.com.key;
access_log /var/log/nginx/laravel_access.log;
error_log /var/log/nginx/laravel_error.log;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
try_files $uri /index.php =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}3. 测试和重载配置
# 测试配置是否正确
nginx -t
# 重载配置
systemctl reload nginx
常用维护命令
systemctl stop nginx # 停止 Nginx
systemctl restart nginx # 重启 Nginx
tail -f /var/log/nginx/error.log # 查看错误日志
tail -f /var/log/nginx/access.log # 查看访问日志
性能优化
- 开启 Gzip 压缩
gzip on;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
gzip_min_length 1000;
- 配置缓存
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
expires 30d;
add_header Cache-Control "public, no-transform";
}
安全配置
- 隐藏 Nginx 版本信息
server_tokens off;
- 配置 SSL/HTTPS
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /path/to/cert.pem;
ssl_certificate_key /path/to/key.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
}
故障排除
常见问题及解决方案:
-
无法启动 Nginx
- 检查端口占用:
netstat -tulpn | grep :80 - 查看错误日志:
journalctl -u nginx.service
- 检查端口占用:
-
403 Forbidden 错误
- 检查目录权限:
ls -la /var/www/mysite - 检查 SELinux 状态:
sestatus
- 检查目录权限:
-
502 Bad Gateway
- 检查后端服务是否运行
- 检查 upstream 配置