centos 6.5上編譯安裝nginx

平臺：Centos 6.5 x86_64
1，安裝基本庫
yum install -y gcc gcc-c++ autoconf automake
2，安裝支持模塊
yum install -y zlib zlib-devel openssl openssl-devel pcre pcre-devel
3，簡單編譯安裝nginx
wget http://nginx.org/download/nginx-1.12.0.tar.gz
tar zxvf nginx-1.12.0.tar.gz
cd nginx-1.12.0
./configure
make 
make install
編譯安裝默認二進制文件、配置文件目錄是/usr/local/nginx，編譯安裝可能是爲了定製安裝模塊或者添加第三方模塊，./configure --help便可看到模塊介紹，按需求選擇便可
默認配置文件 /usr/local/nginx/conf/nginx.conf
默認web根目錄/usr/local/nginx/html
默認日誌目錄/usr/local/nginx/logs/
啓動
/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
中止
kill - QUIT '/usr/local/webserver/nginx/logs/nginx.pid'
快速中止/usr/local/nginx/sbin/nginx -s stop
強制中止
pkill -9 nginx
ps -ef | grep nginx
kill -s SIGINT pid
4，特性配置
4.1 nginx壓縮輸出配置
nginx.conf下
http{...}中
gzip on;
gzip_min_length 1k;
gzip_buffers     4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
4.2自動列出目錄配置
在虛擬主機location / {
    autoindex on;
    autoindex_exact_size on;
    autoindex_localtime on;
}
4.3瀏覽器本地圖片、js、css文件緩存配置
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
    expires 7d;
}
location ~ .*\.(js|css)?$
{
    expires 1h;
}
4.4目錄自動加斜線
if (-d $request_filename){
       rewrite ^/(.*)([^/])$ http://$host/$1/$2/ permanent;
}
配置完nginx 後檢查語法正確與否
/usr/local/nginx/sbin/nginx -t
查看nginx主進程號
ps -ef | grep "nginx: master process" | grep -v "grep" | awk -F ' ' '{print $2}'
5.優化內核參數
vi /etc/sysctl.conf
net.ipv4.tcp_max_syn_backlog = 65536
net.core.netdev_max_backlog = 32768
net.core.somaxconn = 32768
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_tw_recycle =1
#net.ipv4.tcp_tw_len =1
net.ipv4.tcp_tw_reuse =1
#net.ipv4.tcp_fin_timeout = 30
#net.ipv4.tcp_keepalive_time = 120
net.ipv4.ip_local_port_range = 1024 65535
1)配置DDOS防護
nginx.conf裏的http段
limit_req_log_level warn;
limit_req_zone $bianry_remote_dir zone=ONLY_one:10m rate=1r/s;
default.conf的server段
limit_req zone=ONLY_one burst=5;
DDOS還能夠在nginx.conf設置最高鏈接數、減小keepalive_timeout值來限制
若是server段執行rewrite指令，那麼請求將在location肯定以前執行，若是在被選擇的location中仍然rewrite，那麼它一樣被執行，若是在這個location中又出發rewrite，那麼就會再次改變URI。這種週期爲10次，若10次以後仍然找不到具體的URI，則返回500錯誤。
2)對圖片、視頻及音樂文件設置防盜鏈
location ~* \. (gif|jpg|png|bmp|swf|flv|mp4|mp3)$ {
    valid_referers none blocked www.yonglibao.com;
    if ($invalid_referer) {
    rewrite ^/ http://www.yonglibao.com/403.html;
    }
}
3)https服務優化
nginx.conf配置http段添加
ssl_session_cacheshared:SSL:10m;
ssl_session_timeout 10m;
下降ssl握手：增長ssl會話緩存，延長緩存時間