安装配置Nginx
挂载远程源码包到本地
mount.cifs //192.168.100.10/LNMP-C7 /mnt //挂载到/mnt目录下解压源码包到/opt目录下
[root@localhost ~]# cd /abc //切换到挂载点目录
[root@localhost abc]# ls
discuz_X3.4_SC_UTF8.zip Nginx-1.12.2.tar.gz
mysql-boost-5.7.20.tar.gz PHP-7.1.10.tar.gz
[root@localhost abc]# tar zxvf Nginx-1.12.2.tar.gz -C /opt //解压Nginx源码包到/opt下
[root@localhost abc]# cd /opt/ //切换到解压的目录下
[root@localhost opt]# ls
Nginx-1.12.2 rh安装编译需要的环境组件包
[root@localhost opt]# yum -y install \
gcc \ //c语言
gcc-c++ \ //c++语言
pcre-devel \ //pcre语言工具
zlib-devel //数据压缩用的函式库[root@localhost opt]# useradd -M -s /sbin/nologin Nginx //创建程序用户,限定其
[root@localhost opt]# cd Nginx-1.12.2/ //切换到Nginx目录下
[root@localhost Nginx-1.12.2]# ./configure \ //配置Nginx
> --prefix=/usr/local/Nginx \ //安装路径
> --user=Nginx \ //用户名
> --group=Nginx \ //用户组
> --with-http_stub_status_module //访问状态统计模块编译和安装
[root@localhost Nginx-1.12.0]# make && make install //编译及安装制作Nginx管理脚本,便于管理使用
[root@localhost Nginx]# ln -s /usr/local/Nginx/sbin/Nginx /usr/local/sbin/
//创建软连接 [root@Nginx Nginx-1.12.2]# vim /etc/init.d/Nginx //编辑启动脚本
#!/bin/bash
# chkconfig: - 99 20
# description: Nginx Service Control Script
PROG="/usr/local/Nginx/sbin/Nginx"
PIDF="/usr/local/Nginx/logs/Nginx.pid"
case "$1" in
start)
$PROG
;;
stop)
kill -s QUIT $(cat $PIDF)
;;
restart)
$0 stop
$0 start
;;
reload)
kill -s HUP $(cat $PIDF)
;;
*)
echo "Usage: $0 {start|stop|restart|reload}"
exit 1
esac
exit 0
[root@Nginx Nginx-1.12.2]# chmod +x /etc/init.d/Nginx //给脚本执行权限
[root@Nginx Nginx-1.12.2]# chkconfig --add Nginx //添加到service管理器中
[root@Nginx Nginx-1.12.2]# yum install elinks -y //
[root@Nginx Nginx-1.12.2]# service Nginx start //启动Nginx服务
[root@Nginx Nginx-1.12.2]# netstat -ntap | grep 80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 42028/Nginx: master
[root@Nginx Nginx-1.12.2]# systemctl stop firewalld.service //关闭防火墙
[root@Nginx Nginx-1.12.2]# setenforce 0 //关闭增强型安全功能
[root@Nginx Nginx-1.12.2]# elinks http://192.168.131.133/ 配置Nginx网页缓存
[root@localhost Nginx-1.12.0]# ls /abc
discuz_X3.4_SC_UTF8.zip Nginx-1.12.2.tar.gz
tupian.png PHP-7.1.10.tar.bz2
MysqL-boost-5.7.20.tar.gz PHP-7.1.20.tar.gz
Nginx-1.12.0.tar.gz
[root@localhost Nginx-1.12.0]# cp /abc/game.jpg /usr/local/Nginx/html/
[root@localhost Nginx-1.12.0]# cd /usr/local/Nginx/html/
[root@localhost html]# ls
50x.html game.jpg index.html[root@localhost html]# vim index.html
<h2>Welcome to Nginx!</h2>
<img src="tupian.png"/> //添加图片路径[root@localhost html]# vim /usr/local/Nginx/conf/Nginx.conf //修改配置文件
events {
worker_connections 1024;
}
user Nginx Nginx; //修改Nginx用户和组
#deny access to .htaccess files, if Apache's document root
#concurs with Nginx's one
location ~\.(gif|jepg|jpg|ico|bmp|png)$ { //添加支持图片格式
root html; //站点
expires 1d; //缓存一天
}
[root@localhost html]# service Nginx stop //重启服务
[root@localhost html]# service Nginx start 使用虚拟机访问网页,并使用fiddler查看缓存
Nginx网页压缩
[root@localhost ~]# cd /usr/local/Nginx/conf/
[root@localhost conf]# vim Nginx.conf
gzip on; //使用x键删除此行前的井号注释
gzip_min_length 1k; //压缩阈值
gzip_buffers 4 16k; //buffers大小为4个16k缓冲区大小
gzip_http_version 1.1; //压缩版本号
gzip_comp_level 6;
//压缩比率,最小为1,处理快但传输慢;最大为9,处理慢,但传输快;此处设6,相对适中
gzip_types text/plain application/x-javascript text/css image/jpg image/jpegimage/png image/gif application/xml text/javascript application/x-httpd-PHP
application/javascript application/json; //支持的类型格式类型
gzip_disable "MSIE [1-6]\.";
//配置禁用gzip条件,支持正则表达式,表示ie6以下不启用gzip
gzip_vary on; //让前端的缓存服务器缓存经过gzip压缩的页面[root@localhost conf]# cd ../html/
[root@localhost html]# cp /abc/tupian.png/
[root@localhost html]# ls
50x.html tupian.png index.html[root@localhost html]# vim index.html
<h2>Welcome to Nginx!</h2>
<img src="tupian.png"/> //在h2标签下添加图片路径
[root@localhost html]# systemctl stop Nginx.service //重启服务
[root@localhost html]# systemctl start Nginx.service
[root@localhost html]# systemctl stop firewalld.service //关闭防火墙
[root@localhost html]# setenforce 0 //关闭增强型安全功能使用测试机访问网页,并使用fiddler查看压缩
Nginx版本隐藏
隐藏版本号
[root@localhost init.d]# curl -I http://192.168.131.133/ //查看Nginx信息
HTTP/1.1 200 OK
Server: Nginx/1.12.2 //显示版本号
Date: Tue, 12 Nov 2019 14:23:24 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 12 Nov 2019 13:46:35 GMT
Connection: keep-alive
ETag: "5dcab7bb-264"
Accept-Ranges: bytes
[root@localhost init.d]# vim /usr/local/Nginx/conf/Nginx.conf ##修改配置文件
http { //在http下添加
include mime.types;
default_type application/octet-stream;
server_tokens off; //关闭版本号
[root@localhost init.d]# service Nginx stop //关闭服务
[root@localhost init.d]# service Nginx start //开启服务
[root@localhost init.d]# curl -I http://192.168.131.133/ //查看Nginx信息
HTTP/1.1 200 OK
Server: Nginx //版本号被隐藏
Date: Tue, 12 Nov 2019 14:22:00 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 12 Nov 2019 13:46:35 GMT
Connection: keep-alive
ETag: "5dcab7bb-264"
Accept-Ranges: bytes伪造版本号
[root@localhost init.d]# vim /usr/local/Nginx/conf/Nginx.conf
http {
include mime.types;
default_type application/octet-stream;
server_tokens on; //开启版本号[root@localhost init.d]# cd /opt/Nginx-1.12.2/src/core/ //切换到src源码包目录
[root@localhost core]# vim Nginx.h //进入配置文件
#define Nginx_VERSION "1.1.1" //此处版本号伪造成1.1.1[root@localhost core]# cd /opt/Nginx-1.12.2/ //切换目录到Nginx下
[root@localhost Nginx-1.12.2]# ./configure \ //重新配置
> --prefix=/usr/local/Nginx \
> --user=Nginx \
> --group=Nginx \
> --with-http_stub_status_module
[root@localhost Nginx-1.12.0]# make && make install //重新编译及安装[root@localhost Nginx-1.12.2]# service Nginx stop //重启服务
[root@localhost Nginx-1.12.2]# service Nginx start
[root@localhost Nginx-1.12.2]# curl -I http://192.168.131.133/ //查看Nginx信息
HTTP/1.1 200 OK
Server: Nginx/1.1.1 //此时的版本号就是伪造的版本号
Date: Tue, 12 Nov 2019 14:34:02 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 12 Nov 2019 13:46:35 GMT
Connection: keep-alive
ETag: "5dcab7bb-264"
Accept-Ranges: bytes
