前言
Nginx作为高性能的HTTP和反向代理服务器,在现代Web架构中扮演着核心角色。本文将提供包管理器安装、源码编译安装、Docker部署三种主流安装方案,涵盖虚拟主机配置、SSL证书部署、负载均衡设置等生产环境必备技能,助你快速搭建稳定高效的Web服务器环境。
一、安装前准备与方案选择
- 方案对比表
安装方法 优点 缺点 适用场景
包管理器 简单快捷,自动管理依赖 版本可能较旧 快速部署,生产环境
源码编译 最新版本,高度可定制 步骤复杂,需手动更新 开发测试,特定需求
Docker 环境隔离,快速部署 性能略有损耗 容器化,微服务架构 - 环境检查
bash
检查系统信息
cat /etc/os-release
uname -m # 确认架构(x86_64/arm64)
检查端口占用(80/443)
sudo netstat -tulnp | grep -E ‘:(80|443)’
或
sudo ss -tulnp | grep -E ‘:(80|443)’
检查防火墙状态
sudo ufw status # Ubuntu
sudo firewall-cmd --state # CentOS
二、方法一:包管理器安装(推荐新手)
- Ubuntu/Debian 安装最新稳定版
bash
更新包列表
sudo apt update
sudo apt upgrade -y
安装依赖
sudo apt install curl gnupg2 ca-certificates lsb-release ubuntu-keyring -y
导入Nginx官方签名密钥
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
添加Nginx稳定版仓库
echo “deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/ubuntu $(lsb_release -cs) nginx” | sudo tee /etc/apt/sources.list.d/nginx.list
安装Nginx
sudo apt update
sudo apt install nginx -y
验证安装
nginx -v
输出:nginx version: nginx/1.24.0
- CentOS/RHEL 安装
bash
CentOS 8/RHEL 8
sudo dnf install epel-release -y
sudo dnf install nginx -y
或使用Nginx官方仓库(最新版本)
cat > /etc/yum.repos.d/nginx.repo << EOF
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
EOF
sudo dnf install nginx -y
3. 基础服务管理
bash
启动Nginx
sudo systemctl start nginx
设置开机自启
sudo systemctl enable nginx
查看状态
sudo systemctl status nginx
重启服务
sudo systemctl restart nginx
重新加载配置(不中断服务)
sudo systemctl reload nginx
停止服务
sudo systemctl stop nginx
三、方法二:源码编译安装(最新特性)
- 安装编译依赖
bash
Ubuntu/Debian
sudo apt install build-essential libpcre3 libpcre3-dev zlib1g zlib1g-dev libssl-dev -y
CentOS/RHEL
sudo yum install gcc make pcre-devel zlib-devel openssl-devel -y
2. 下载与解压源码
bash
创建安装目录
sudo mkdir -p /opt/nginx
cd /opt/nginx
下载最新稳定版(查看官网获取最新版本号)
wget https://nginx.org/download/nginx-1.24.0.tar.gz
tar -zxvf nginx-1.24.0.tar.gz
cd nginx-1.24.0
3. 配置编译选项
bash
查看所有配置选项
./configure --help
常用配置示例
./configure
–prefix=/usr/local/nginx
–sbin-path=/usr/sbin/nginx
–conf-path=/etc/nginx/nginx.conf
–pid-path=/var/run/nginx.pid
–http-log-path=/var/log/nginx/access.log
–error-log-path=/var/log/nginx/error.log
–with-http_ssl_module
–with-http_v2_module
–with-http_realip_module
–with-http_gzip_static_module
–with-http_stub_status_module
–with-threads
–with-file-aio
–with-pcre
配置成功输出:
Configuration summary
+ using system PCRE library
+ using system OpenSSL library
…
nginx path prefix: “/usr/local/nginx”
- 编译与安装
bash
编译(使用所有CPU核心加速)
make -j$(nproc)
安装
sudo make install
创建软链接
sudo ln -s /usr/local/nginx/sbin/nginx /usr/sbin/nginx
5. 创建Systemd服务
bash
创建服务文件
sudo nano /etc/systemd/system/nginx.service
添加以下内容:
ini
[Unit]
Description=nginx - high performance web server
Documentation=https://nginx.org/en/docs/
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/var/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t -c /etc/nginx/nginx.conf
ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s TERM $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
bash
重载systemd并启动服务
sudo systemctl daemon-reload
sudo systemctl start nginx
sudo systemctl enable nginx
四、方法三:Docker快速部署
- 安装Docker(如未安装)
bash
Ubuntu/Debian
sudo apt install docker.io docker-compose -y
sudo systemctl start docker
sudo systemctl enable docker
添加用户到docker组(避免每次sudo)
sudo usermod -aG docker $USER
newgrp docker
2. 拉取并运行Nginx
bash
拉取官方镜像
docker pull nginx:alpine # 轻量版
或
docker pull nginx:latest # 完整版
运行临时容器测试
docker run --name nginx-test -p 80:80 -d nginx:alpine
访问测试
curl http://localhost
3. 持久化配置与数据
bash
创建本地目录
mkdir -p ~/nginx-docker/{conf,html,logs,certs}
复制默认配置
docker run --name nginx-temp -d nginx:alpine
docker cp nginx-temp:/etc/nginx/nginx.conf ~/nginx-docker/conf/
docker cp nginx-temp:/etc/nginx/conf.d ~/nginx-docker/
docker stop nginx-temp && docker rm nginx-temp
创建自定义配置文件
cat > ~/nginx-docker/conf.d/default.conf << ‘EOF’
server {
listen 80;
server_name localhost;
location / { root /usr/share/nginx/html; index index.html; }}
EOF
创建测试页面
echo “
Nginx Docker Test
” > ~/nginx-docker/html/index.html4. 使用Docker Compose部署
yaml
docker-compose.yml
version: ‘3.8’
services:
nginx:
image: nginx:alpine
container_name: nginx-web
ports:
- “80:80”
- “443:443”
volumes:
- ./conf/nginx.conf:/etc/nginx/nginx.conf
- ./conf.d:/etc/nginx/conf.d
- ./html:/usr/share/nginx/html
- ./logs:/var/log/nginx
- ./certs:/etc/nginx/certs
restart: unless-stopped
networks:
- web-network
networks:
web-network:
driver: bridge
bash
启动服务
docker-compose up -d
查看日志
docker-compose logs -f
五、基础配置与优化
- 配置文件结构
bash
Nginx配置文件结构
/etc/nginx/
├── nginx.conf # 主配置文件
├── conf.d/ # 额外配置文件
├── sites-available/ # 可用站点配置(Ubuntu)
├── sites-enabled/ # 启用站点配置(Ubuntu)
├── modules-available/ # 模块配置
└── modules-enabled/ # 启用模块
查看配置语法
sudo nginx -t
输出:nginx: configuration file /etc/nginx/nginx.conf test is successful
- 主配置文件优化
nginx
/etc/nginx/nginx.conf 关键优化
user nginx; # 运行用户
worker_processes auto; # 自动根据CPU核心设置
pid /run/nginx.pid;
events {
worker_connections 1024; # 每个worker最大连接数
multi_accept on; # 同时接受多个连接
use epoll; # Linux高性能事件模型
}
http {
# 基础设置
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off; # 隐藏Nginx版本号
# MIME类型 include /etc/nginx/mime.types; default_type application/octet-stream; # 日志格式 log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; error_log /var/log/nginx/error.log warn; # Gzip压缩 gzip on; gzip_vary on; gzip_min_length 1024; gzip_types text/plain text/css application/json application/javascript text/xml; # 包含其他配置 include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; # Ubuntu}
3. 创建虚拟主机
bash
创建站点配置
sudo nano /etc/nginx/conf.d/mysite.conf
nginx
server {
listen 80;
server_name mysite.com www.mysite.com;
# 网站根目录 root /var/www/mysite; index index.html index.php; # 日志 access_log /var/log/nginx/mysite.access.log; error_log /var/log/nginx/mysite.error.log; # 静态文件缓存 location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ { expires 30d; add_header Cache-Control "public, immutable"; } # PHP处理(如需要) location ~ \.php$ { fastcgi_pass unix:/var/run/php/php-fpm.sock; fastcgi_index index.php; include fastcgi_params; } # 禁止访问隐藏文件 location ~ /\. { deny all; } # 错误页面 error_page 404 /404.html; error_page 500 502 503 504 /50x.html;}
bash
创建网站目录
sudo mkdir -p /var/www/mysite
sudo chown -RU S E R : USER:USER:USER /var/www/mysite
创建测试页面
echo “
MySite is Running!
” > /var/www/mysite/index.html测试并重载配置
sudo nginx -t
sudo systemctl reload nginx
六、SSL证书配置(HTTPS)
- 安装SSL证书(Let’s Encrypt)
bash
安装Certbot
sudo apt install certbot python3-certbot-nginx -y # Ubuntu
sudo dnf install certbot python3-certbot-nginx -y # CentOS 8
获取证书(自动配置Nginx)
sudo certbot --nginx -d mysite.com -d www.mysite.com
测试自动续期
sudo certbot renew --dry-run
2. 手动配置SSL
bash
创建证书目录
sudo mkdir -p /etc/nginx/ssl/mysite
cd /etc/nginx/ssl/mysite
生成自签名证书(测试用)
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048
-keyout mysite.key -out mysite.crt
-subj “/C=CN/ST=Beijing/L=Beijing/O=MyCompany/CN=mysite.com”
nginx
SSL站点配置
server {
listen 443 ssl http2;
server_name mysite.com www.mysite.com;
# SSL证书 ssl_certificate /etc/nginx/ssl/mysite/mysite.crt; ssl_certificate_key /etc/nginx/ssl/mysite/mysite.key; # SSL优化 ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512; ssl_prefer_server_ciphers off; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; # HSTS头(强制HTTPS) add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; root /var/www/mysite; index index.html;}
HTTP重定向到HTTPS
server {
listen 80;
server_name mysite.com www.mysite.com;
return 301 https://s e r v e r n a m e server_nameservernamerequest_uri;
}
七、负载均衡配置
基础负载均衡
nginx
upstream backend {负载均衡算法:轮询(默认)、最少连接、IP哈希
least_conn; # 最少连接算法
server backend1.example.com:8080 weight=3; # 权重3
server backend2.example.com:8080; # 权重1
server backend3.example.com:8080 backup; # 备份服务器
}
server {
listen 80;
server_name mysite.com;
location / { proxy_pass http://backend; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # 健康检查 proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; }}
2. 高级负载均衡策略
nginx
upstream app_servers {
zone backend 64k; # 共享内存区域
# 会话保持(IP哈希) ip_hash; server 192.168.1.101:8080 max_fails=3 fail_timeout=30s; server 192.168.1.102:8080 max_fails=3 fail_timeout=30s; server 192.168.1.103:8080 max_fails=3 fail_timeout=30s; # 健康检查(需要nginx-plus或第三方模块) # health_check interval=5 fails=3 passes=2;}
八、性能优化调优
- 系统层优化
bash
调整文件描述符限制
echo “nginx soft nofile 65535” | sudo tee -a /etc/security/limits.conf
echo “nginx hard nofile 65535” | sudo tee -a /etc/security/limits.conf
调整内核参数
cat >> /etc/sysctl.conf << EOF
Nginx优化
net.core.somaxconn = 65535
net.ipv4.tcp_max_syn_backlog = 65535
net.core.netdev_max_backlog = 32768
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
EOF
sudo sysctl -p
2. Nginx配置优化
nginx
工作进程优化
worker_processes auto; # 自动设置为CPU核心数
worker_rlimit_nofile 65535; # 每个worker文件描述符限制
events {
worker_connections 65535; # 增加连接数
use epoll; # Linux高性能事件模型
multi_accept on;
}
http {
# 缓冲优化
client_body_buffer_size 128k;
client_max_body_size 20m;
client_header_buffer_size 1k;
large_client_header_buffers 4 4k;
# 超时设置 client_body_timeout 12; client_header_timeout 12; send_timeout 10; # 静态文件缓存 open_file_cache max=1000 inactive=20s; open_file_cache_valid 30s; open_file_cache_min_uses 2; open_file_cache_errors on;}
九、监控与日志分析
- 启用状态监控
nginx
状态监控页面
server {
listen 8080;
server_name localhost;
location /nginx_status { stub_status on; access_log off; allow 127.0.0.1; # 只允许本地访问 deny all; }}
bash
访问状态页面
curl http://localhost:8080/nginx_status
输出:
Active connections: 1
server accepts handled requests
10 10 20
Reading: 0 Writing: 1 Waiting: 0
- 日志分析
bash
实时查看访问日志
sudo tail -f /var/log/nginx/access.log
统计访问量前10的IP
awk ‘{print $1}’ /var/log/nginx/access.log | sort | uniq -c | sort -nr | head -10
统计状态码
awk ‘{print $9}’ /var/log/nginx/access.log | sort | uniq -c | sort -nr
使用goaccess进行可视化分析
sudo apt install goaccess -y
goaccess /var/log/nginx/access.log -o /var/www/html/report.html --log-format=COMBINED
十、故障排除与维护
- 常见问题解决
bash
问题1:端口被占用
sudo netstat -tulnp | grep :80
sudo kill -9 # 或修改Nginx端口
问题2:配置文件错误
sudo nginx -t # 测试配置语法
sudo nginx -T # 显示完整配置并测试
问题3:权限问题
sudo chown -R nginx:nginx /var/www/mysite
sudo chmod -R 755 /var/www/mysite
问题4:无法启动
sudo journalctl -u nginx -f # 查看详细日志
sudo dmesg | grep nginx # 查看内核日志
2. 性能测试
bash
安装压力测试工具
sudo apt install apache2-utils -y # Ubuntu
sudo yum install httpd-tools -y # CentOS
压力测试
ab -n 1000 -c 100 http://localhost/ # 1000请求,100并发
或使用wrk(更强大)
sudo apt install wrk -y
wrk -t4 -c100 -d10s http://localhost/
3. 安全加固
bash
隐藏Nginx版本
sed -i ‘s/# server_tokens off;/server_tokens off;/g’ /etc/nginx/nginx.conf
限制请求方法
location / {
limit_except GET POST {
deny all;
}
}
防止DDoS
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
location / {
limit_req zone=one burst=5;
}
安装验证清单
✅ 基础检查:
Nginx服务正常运行:systemctl status nginx
配置文件语法正确:nginx -t
端口监听正常:ss -tuln | grep :80
✅ 网站访问:
HTTP访问正常:curl -I http://localhost
自定义站点可访问
错误页面正常显示
✅ 安全配置:
版本信息已隐藏
防火墙已配置
SSL证书已安装(如需)
✅ 性能优化:
工作进程数设置合理
Gzip压缩已启用
静态文件缓存已配置
总结建议
安装方法选择:
生产环境 → 包管理器安装 + 官方仓库
开发测试 → Docker容器部署
特定需求 → 源码编译安装
版本选择:
稳定优先 → Nginx 1.24.x 稳定版
功能最新 → Nginx 1.25.x 主线版
资源受限 → Nginx Alpine Docker镜像
后续步骤:
配置防火墙规则
设置日志轮转
配置监控告警
定期安全更新
备份配置文件
记住黄金法则:每次修改配置前先备份,修改后先测试nginx -t,再重载服务。
