在CentOS上配置Nginx作為高性能Web服務器涉及多個步驟��,包括安裝���、基本配置�、性能優化和安全性加固�。以下是詳細的指南:
安裝Nginx
-
安裝依賴庫:
sudo yum install gcc gcc-c++ zlib pcre openssl openssl-devel -y
-
下載并安裝Nginx:
cd /usr/local
wget http://nginx.org/download/nginx-1.23.3.tar.gz
tar -zxvf nginx-1.23.3.tar.gz
cd nginx-1.23.3
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-pcre=/usr/local/pcre-8.45
make && make install
-
創建SSL軟鏈接:
ln -s /usr/local/lib64/libssl.so.1.1 /usr/lib64/libssl.so.1.1
ln -s /usr/local/lib64/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1
-
啟動并啟用Nginx:
sudo systemctl start nginx
sudo systemctl enable nginx
基本配置
-
配置文件:
Nginx的主配置文件位于/usr/local/nginx/conf/nginx.conf����。在該文件中���,進行全局配置����。
-
示例配置:
user nobody;
worker_processes auto;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
server {
listen 80;
server_name example.com;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
location /static/ {
alias /path/to/your/static/files/;
expires 30d;
access_log off;
}
}
}
性能優化
-
調整工作進程:
將worker_processes設置為與CPU核數相同����。
worker_processes auto;
-
啟用Gzip壓縮:
gzip on;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
gzip_vary on;
-
靜態文件緩存:
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
expires 30d;
log_not_found off;
}
安全性加固
-
隱藏版本號信息:
在配置文件中添加:
server_tokens off;
-
限制訪問敏感目錄:
location ~ /\.git {
deny all;
}
location ~ /\.ht {
deny all;
}
-
配置SSL/TLS加密:
ssl_certificate /path/to/your/certificate.crt;
ssl_certificate_key /path/to/your/private.key;
-
設置HSTS:
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
通過以上步驟����,你可以在CentOS上配置一個高性能且安全的Nginx Web服務器���。
