系统环境
- 系统: CentOS 7.9 (Mini 镜像最小化安装的系统)
- Node 版本: v18.18.2
- Hexo 版本: 6.3.0
- hexo-cli 版本: 4.3.1
- Nginx 版本: 1.24.0
系统初始化
安装系统常用软件
1
yum install -y net-tools vim wget lrzsz tree bash-completion epel-release ntpdate
关闭 Selinux
1
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
关闭防火墙
1
systemctl disable --now firewalld
更换 YUM 仓库
1
2
3
4
5
6
7
8
9
10
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
sed -i 's/mirrors.cloud.aliyuncs.com/url_tmp/g' /etc/yum.repos.d/CentOS-Base.repo && \
sed -i 's/mirrors.aliyun.com/mirrors.cloud.aliyuncs.com/g' /etc/yum.repos.d/CentOS-Base.repo && \
sed -i 's/url_tmp/mirrors.aliyun.com/g' /etc/yum.repos.d/CentOS-Base.repo
yum clean all && yum makecache修改醒目 PS1
1
2
3
4
5
6
7
8
9
10cat >> /etc/profile<<EOF
# 修改 PS1 样式
export PS1='\[\e[37;40m\][\[\e[32;40m\]\u\[\e[37;40m\]@\[\e[33;40m\]\h \[\e[35;40m\]\W\[\e[0m\]]\\$ '
# 修改历史命令格式
export HISTTIMEFORMAT="%Y-%m-%d %H:%M:%S \$(whoami) "
export PROMPT_COMMAND='{ msg=\$(history 1 | { read x y; echo \$y; }); logger "[euid=\$(whoami)]":\$(who am i):[\$(pwd)]"\$msg";}'
EOF配置服务器 limits 限制
1
2
3
4
5
6
7
8
9
10# 临时设置
ulimit -SHn 655350
# 永久设置
sed -i '/^# End/i\* soft nofile 655350' /etc/security/limits.conf
sed -i '/^# End/i\* hard nofile 131072' /etc/security/limits.conf
sed -i '/^# End/i\* soft nproc 655350' /etc/security/limits.conf
sed -i '/^# End/i\* hard nproc 655350' /etc/security/limits.conf
sed -i '/^# End/i\* soft memlock unlimited' /etc/security/limits.conf
sed -i '/^# End/i\* hard memlock unlimited' /etc/security/limits.conf配置时间同步
1
2
3
4
5
6
7
8
9# 设置服务器时区
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
echo 'Asia/Shanghai' > /etc/timezone
# 配置定时任务同步时间 每5分钟同步一次
echo '*/5 * * * * /usr/sbin/ntpdate time2.aliyun.com >/dev/null' >> /var/spool/cron/root
# 配置开机自动同步时间
echo '/usr/sbin/ntpdate time2.aliyun.com' >> /etc/rc.local关闭 SSH 配置中 UseDNS
1
sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
安装开发者工具
1
yum groupinstall -y "Development Tools"
更新系统软件
1
yum update
安装 nvm
nvm 是 Node.js 的版本管理器,设计为按用户安装并按 shell 调用。 nvm 可在任何兼容 POSIX 的 shell(sh、dash、ksh、zsh、bash)上运行,特别是在以下平台上:unix、macOS 和 windows WSL。
nvm 官方文档: nvm-sh/nvm
使用以下命令安装 nvm
1
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash
或者使用以下命令
1
wget -qO- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash
以上命令需要自己解决访问 GitHub 的问题
安装完成后,退出重新登录操作系统或执行
source ~/.bashrc
命令,然后查看 nvm 是否安装成功1
2
3
4
5
6
7
8# nvm -v
0.39.7
# nvm ls
N/A
iojs -> N/A (default)
node -> stable (-> N/A) (default)
unstable -> N/A (default)
安装 Node
使用以下命令安装 node v18.18.2
1
nvm install v18.18.2
查看本地 node 版本
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17# nvm ls
v18.18.2
default -> v18.18.2
iojs -> N/A (default)
unstable -> N/A (default)
node -> stable (-> v18.18.2) (default)
stable -> 18.18 (-> v18.18.2) (default)
lts/* -> lts/iron (-> N/A)
lts/argon -> v4.9.1 (-> N/A)
lts/boron -> v6.17.1 (-> N/A)
lts/carbon -> v8.17.0 (-> N/A)
lts/dubnium -> v10.24.1 (-> N/A)
lts/erbium -> v12.22.12 (-> N/A)
lts/fermium -> v14.21.3 (-> N/A)
lts/gallium -> v16.20.2 (-> N/A)
lts/hydrogen -> v18.19.0 (-> N/A)
lts/iron -> v20.10.0 (-> N/A)使用
node -v
命令查看 node 版本时,报以下错误,这是因为系统缺依赖导致1
2
3
4
5node: /lib64/libm.so.6: version `GLIBC_2.27' not found (required by node)
node: /lib64/libc.so.6: version `GLIBC_2.25' not found (required by node)
node: /lib64/libc.so.6: version `GLIBC_2.28' not found (required by node)
node: /lib64/libstdc++.so.6: version `CXXABI_1.3.9' not found (required by node)
node: /lib64/libstdc++.so.6: version `GLIBCXX_3.4.20' not found (required by node)
解决 node 命令错误问题
查看
ldd
版本1
2
3
4
5
6# ldd --version
ldd (GNU libc) 2.17
Copyright (C) 2012 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.检查二进制文件需要的依赖,缺少依赖包时后面会显示
not found
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84# ldd -v /root/.nvm/versions/node/v18.18.2/bin/node
/root/.nvm/versions/node/v18.18.2/bin/node: /lib64/libm.so.6: version `GLIBC_2.27' not found (required by /root/.nvm/versions/node/v18.18.2/bin/node)
/root/.nvm/versions/node/v18.18.2/bin/node: /lib64/libc.so.6: version `GLIBC_2.25' not found (required by /root/.nvm/versions/node/v18.18.2/bin/node)
/root/.nvm/versions/node/v18.18.2/bin/node: /lib64/libc.so.6: version `GLIBC_2.28' not found (required by /root/.nvm/versions/node/v18.18.2/bin/node)
/root/.nvm/versions/node/v18.18.2/bin/node: /lib64/libstdc++.so.6: version `CXXABI_1.3.9' not found (required by /root/.nvm/versions/node/v18.18.2/bin/node)
/root/.nvm/versions/node/v18.18.2/bin/node: /lib64/libstdc++.so.6: version `GLIBCXX_3.4.20' not found (required by /root/.nvm/versions/node/v18.18.2/bin/node)
/root/.nvm/versions/node/v18.18.2/bin/node: /lib64/libstdc++.so.6: version `GLIBCXX_3.4.21' not found (required by /root/.nvm/versions/node/v18.18.2/bin/node)
linux-vdso.so.1 => (0x00007ffd9e9d0000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007fbaef72e000)
libstdc++.so.6 => /lib64/libstdc++.so.6 (0x00007fbaef426000)
libm.so.6 => /lib64/libm.so.6 (0x00007fbaef124000)
libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007fbaeef0e000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fbaeecf2000)
libc.so.6 => /lib64/libc.so.6 (0x00007fbaee924000)
/lib64/ld-linux-x86-64.so.2 (0x00007fbaef932000)
Version information:
/root/.nvm/versions/node/v18.18.2/bin/node:
ld-linux-x86-64.so.2 (GLIBC_2.2.5) => /lib64/ld-linux-x86-64.so.2
libgcc_s.so.1 (GCC_3.4) => /lib64/libgcc_s.so.1
libm.so.6 (GLIBC_2.27) => not found
libm.so.6 (GLIBC_2.2.5) => /lib64/libm.so.6
libpthread.so.0 (GLIBC_2.3.3) => /lib64/libpthread.so.0
libpthread.so.0 (GLIBC_2.3.2) => /lib64/libpthread.so.0
libpthread.so.0 (GLIBC_2.2.5) => /lib64/libpthread.so.0
libc.so.6 (GLIBC_2.25) => not found
libc.so.6 (GLIBC_2.16) => /lib64/libc.so.6
libc.so.6 (GLIBC_2.9) => /lib64/libc.so.6
libc.so.6 (GLIBC_2.10) => /lib64/libc.so.6
libc.so.6 (GLIBC_2.17) => /lib64/libc.so.6
libc.so.6 (GLIBC_2.6) => /lib64/libc.so.6
libc.so.6 (GLIBC_2.3.4) => /lib64/libc.so.6
libc.so.6 (GLIBC_2.28) => not found
libc.so.6 (GLIBC_2.3) => /lib64/libc.so.6
libc.so.6 (GLIBC_2.4) => /lib64/libc.so.6
libc.so.6 (GLIBC_2.7) => /lib64/libc.so.6
libc.so.6 (GLIBC_2.14) => /lib64/libc.so.6
libc.so.6 (GLIBC_2.3.2) => /lib64/libc.so.6
libc.so.6 (GLIBC_2.2.5) => /lib64/libc.so.6
libstdc++.so.6 (GLIBCXX_3.4.14) => /lib64/libstdc++.so.6
libstdc++.so.6 (GLIBCXX_3.4.18) => /lib64/libstdc++.so.6
libstdc++.so.6 (CXXABI_1.3.5) => /lib64/libstdc++.so.6
libstdc++.so.6 (CXXABI_1.3) => /lib64/libstdc++.so.6
libstdc++.so.6 (GLIBCXX_3.4.15) => /lib64/libstdc++.so.6
libstdc++.so.6 (CXXABI_1.3.9) => not found
libstdc++.so.6 (GLIBCXX_3.4.9) => /lib64/libstdc++.so.6
libstdc++.so.6 (GLIBCXX_3.4.11) => /lib64/libstdc++.so.6
libstdc++.so.6 (GLIBCXX_3.4.20) => not found
libstdc++.so.6 (GLIBCXX_3.4) => /lib64/libstdc++.so.6
libstdc++.so.6 (GLIBCXX_3.4.21) => not found
libdl.so.2 (GLIBC_2.2.5) => /lib64/libdl.so.2
/lib64/libdl.so.2:
ld-linux-x86-64.so.2 (GLIBC_PRIVATE) => /lib64/ld-linux-x86-64.so.2
libc.so.6 (GLIBC_PRIVATE) => /lib64/libc.so.6
libc.so.6 (GLIBC_2.2.5) => /lib64/libc.so.6
/lib64/libstdc++.so.6:
ld-linux-x86-64.so.2 (GLIBC_2.3) => /lib64/ld-linux-x86-64.so.2
libm.so.6 (GLIBC_2.2.5) => /lib64/libm.so.6
libgcc_s.so.1 (GCC_4.2.0) => /lib64/libgcc_s.so.1
libgcc_s.so.1 (GCC_3.3) => /lib64/libgcc_s.so.1
libgcc_s.so.1 (GCC_3.0) => /lib64/libgcc_s.so.1
libc.so.6 (GLIBC_2.14) => /lib64/libc.so.6
libc.so.6 (GLIBC_2.4) => /lib64/libc.so.6
libc.so.6 (GLIBC_2.3) => /lib64/libc.so.6
libc.so.6 (GLIBC_2.3.2) => /lib64/libc.so.6
libc.so.6 (GLIBC_2.2.5) => /lib64/libc.so.6
/lib64/libm.so.6:
ld-linux-x86-64.so.2 (GLIBC_PRIVATE) => /lib64/ld-linux-x86-64.so.2
libc.so.6 (GLIBC_2.2.5) => /lib64/libc.so.6
libc.so.6 (GLIBC_PRIVATE) => /lib64/libc.so.6
/lib64/libgcc_s.so.1:
libc.so.6 (GLIBC_2.14) => /lib64/libc.so.6
libc.so.6 (GLIBC_2.2.5) => /lib64/libc.so.6
/lib64/libpthread.so.0:
ld-linux-x86-64.so.2 (GLIBC_2.2.5) => /lib64/ld-linux-x86-64.so.2
ld-linux-x86-64.so.2 (GLIBC_2.3) => /lib64/ld-linux-x86-64.so.2
ld-linux-x86-64.so.2 (GLIBC_PRIVATE) => /lib64/ld-linux-x86-64.so.2
libc.so.6 (GLIBC_2.14) => /lib64/libc.so.6
libc.so.6 (GLIBC_2.3.2) => /lib64/libc.so.6
libc.so.6 (GLIBC_PRIVATE) => /lib64/libc.so.6
libc.so.6 (GLIBC_2.2.5) => /lib64/libc.so.6
/lib64/libc.so.6:
ld-linux-x86-64.so.2 (GLIBC_2.3) => /lib64/ld-linux-x86-64.so.2
ld-linux-x86-64.so.2 (GLIBC_PRIVATE) => /lib64/ld-linux-x86-64.so.2查看系统内安装的
glibc
版本,根据分析可得知,新版的 node v18 开始,都需要GLIBC_2.27
支持,目前系统没有那么高的版本。1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33# strings /lib64/libc.so.6 |grep "^GLIBC_"
GLIBC_2.2.5
GLIBC_2.2.6
GLIBC_2.3
GLIBC_2.3.2
GLIBC_2.3.3
GLIBC_2.3.4
GLIBC_2.4
GLIBC_2.5
GLIBC_2.6
GLIBC_2.7
GLIBC_2.8
GLIBC_2.9
GLIBC_2.10
GLIBC_2.11
GLIBC_2.12
GLIBC_2.13
GLIBC_2.14
GLIBC_2.15
GLIBC_2.16
GLIBC_2.17
GLIBC_PRIVATE
GLIBC_2.8
GLIBC_2.5
GLIBC_2.9
GLIBC_2.7
GLIBC_2.6
GLIBC_2.11
GLIBC_2.16
GLIBC_2.10
GLIBC_2.17
GLIBC_2.13
GLIBC_2.2.6解决办法,更新 glibc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26wget http://ftp.gnu.org/gnu/glibc/glibc-2.28.tar.gz
tar xf glibc-2.28.tar.gz
cd glibc-2.28/
# 修改 test-installation.pl 文件, 如果不修改此文件,make install 过程中会出现ldd:找不到 nss_test2。
vim scripts/test-installation.pl
# 在文件的128行新增$name ne “nss_test2”,修改后如下所示:
&& $name ne "nss_test1" && $name ne "nss_test2" && $name ne "libgcc_s")
# 编译 glibc
mkdir build && cd build
../configure \
--prefix=/usr \
--disable-profile \
--enable-add-ons \
--with-headers=/usr/include \
--with-binutils=/usr/bin \
--enable-obsolete-nsl
make -j2
make localedata/install-locales -j2
make install -j2如果执行 configure 命令是不带
--enable-obsolete-nsl
参数,make install 过程会有出现报错:undefined reference to ‘_nsl_default_nss@GLIBC_PRIVATE’可能出现的错误————最后几行,mak 问题
1
2
3configure: error:
*** These critical programs are missing or too old: make bison compiler
*** Check the INSTALL file for required versions.解决办法:升级 gcc 与 make
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15# 升级GCC(默认为4 升级为8)
yum install -y centos-release-scl
yum install -y devtoolset-8-gcc*
mv /usr/bin/gcc /usr/bin/gcc-4.8.5
ln -s /opt/rh/devtoolset-8/root/bin/gcc /usr/bin/gcc
mv /usr/bin/g++ /usr/bin/g++-4.8.5
ln -s /opt/rh/devtoolset-8/root/bin/g++ /usr/bin/g++
# 升级 make(默认为3 升级为4)
wget http://ftp.gnu.org/gnu/make/make-4.3.tar.gz
tar -xzvf make-4.3.tar.gz && cd make-4.3/
./configure --prefix=/usr/local/make
make && make install
cd /usr/bin/ && mv make make.bak
ln -sv /usr/local/make/bin/make /usr/bin/make这时所有的问题都已经解决完毕,再重新执行上面第4步,更新
glibc
即可。但此时查看
node -v
时还有报错1
2
3node: /lib64/libstdc++.so.6: version `CXXABI_1.3.9' not found (required by node)
node: /lib64/libstdc++.so.6: version `GLIBCXX_3.4.20' not found (required by node)
node: /lib64/libstdc++.so.6: version `GLIBCXX_3.4.21' not found (required by node)通过
strings
命令查看判断是缺少GLIBCXX_3.4.20
,解决方法是升级libstdc++
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45# strings /usr/lib64/libstdc++.so.6 | grep "GLIBCXX"
GLIBCXX_3.4
GLIBCXX_3.4.1
GLIBCXX_3.4.2
GLIBCXX_3.4.3
GLIBCXX_3.4.4
GLIBCXX_3.4.5
GLIBCXX_3.4.6
GLIBCXX_3.4.7
GLIBCXX_3.4.8
GLIBCXX_3.4.9
GLIBCXX_3.4.10
GLIBCXX_3.4.11
GLIBCXX_3.4.12
GLIBCXX_3.4.13
GLIBCXX_3.4.14
GLIBCXX_3.4.15
GLIBCXX_3.4.16
GLIBCXX_3.4.17
GLIBCXX_3.4.18
GLIBCXX_3.4.19
GLIBCXX_DEBUG_MESSAGE_LENGTH
# strings /lib64/libstdc++.so.6 | grep "GLIBCXX"
GLIBCXX_3.4
GLIBCXX_3.4.1
GLIBCXX_3.4.2
GLIBCXX_3.4.3
GLIBCXX_3.4.4
GLIBCXX_3.4.5
GLIBCXX_3.4.6
GLIBCXX_3.4.7
GLIBCXX_3.4.8
GLIBCXX_3.4.9
GLIBCXX_3.4.10
GLIBCXX_3.4.11
GLIBCXX_3.4.12
GLIBCXX_3.4.13
GLIBCXX_3.4.14
GLIBCXX_3.4.15
GLIBCXX_3.4.16
GLIBCXX_3.4.17
GLIBCXX_3.4.18
GLIBCXX_3.4.19
GLIBCXX_DEBUG_MESSAGE_LENGTH升级libstdc++
1
2
3
4
5
6
7
8wget http://www.vuln.cn/wp-content/uploads/2019/08/libstdc.so_.6.0.26.zip
unzip libstdc.so_.6.0.26.zip
cp libstdc++.so.6.0.26 /lib64/ && cd /lib64
mv libstdc++.so.6 libstdc++.so.6.bak
ln -s libstdc++.so.6.0.26 libstdc++.so.6此时再次通过 strings 查看有没有 GLIBCXX_3.4.20
1
strings /usr/lib64/libstdc++.so.6 | grep ^GLIBCXX
再次验证
node -v
命令1
2# node -v
v18.18.2
安装 Hexo
使用以下命令安装 Hexo 指定版本
1
npm install -g hexo@6.3.0
安装
hexo-algolia
以及hexo-generator-json-content
模块1
2npm install -g hexo-algolia
npm install -g hexo-generator-json-content安装 Hexo 完成后,执行下列命令,初始化博客目录
1
hexo init /data/59izt.github.io
以上命令会在创建
/data/59izt.github.io
目录并在该目录下生成一些基础的文件1
2
3
4
5
6
7
8
9
10
11
12tree -L 1
.
├── _config.landscape.yml
├── _config.yml
├── node_modules
├── package.json
├── package-lock.json
├── scaffolds
├── source
└── themes
4 directories, 4 files- _config.yml: 网站的配置文件
- package.json: 应用程序的信息。EJS, Stylus 和 Markdown 渲染引擎 已默认安装,您可以自由移除。
- scaffolds: 模版 文件夹。当您新建文章时,Hexo 会根据 scaffold 来创建文件。
- source: 资源文件夹是存放用户资源的地方。除
_posts
文件夹之外,开头命名为_
(下划线)的文件 / 文件夹和隐藏的文件将会被忽略。Markdown 和 HTML 文件会被解析并放到 public 文件夹,而其他文件会被拷贝过去。 - themes: 主题 文件夹。Hexo 会根据主题来生成静态页面。
后台启动 hexo 服务
根据官方的方式使用 hexo server & 时发现,当我关闭终端时博客也就关闭了,并不能一直在后台运行,查阅资料发现可以通过 pm2 来托管。
安装 pm2
1
npm install -g pm2
在博客根目录写一个名为 hexo_run.js 的脚本
1
2
3
4
5
6
7
8
9
10
11
12//将hexo保持后台运行
const { exec } = require('child_process')
exec('hexo server -i 0.0.0.0',(error, stdout, stderr) => {
if(error){
console.log('exec error: ${error}')
return
}
console.log('stdout: ${stdout}');
console.log('stderr: ${stderr}');
})启动服务
1
pm2 start hexo_run.js
查看服务运行
1
pm2 ls
安装 Nginx
下载源码
1
2
3
4
5
6
7
8
9
10
11# 下载 nginx 源码
wget https://nginx.org/download/nginx-1.24.0.tar.gz
# 下载 openssl 源码
wget https://www.openssl.org/source/openssl-1.1.1w.tar.gz
# 下载 pcre 源码
wget https://sourceforge.net/projects/pcre/files/pcre/8.45/pcre-8.45.tar.gz
# 下载 jemalloc
wget https://github.com/jemalloc/jemalloc/releases/download/5.3.0/jemalloc-5.3.0.tar.bz2解压源码
1
2
3
4tar xf nginx-1.24.0.tar.gz
tar xf openssl-1.1.1w.tar.gz
tar xf pcre-8.45.tar.gz
tar xf jemalloc-5.3.0.tar.bz2编译安装 jemalloc
1
2
3
4
5
6
7
8
9
10
11
12
13
14cd jemalloc-5.3.0
# 预编译
./configure
# 编译安装 jemalloc
make -j2 && make install -j2
# 创建软连接
ln -s /usr/local/lib/libjemalloc.so.2 /usr/lib64/libjemalloc.so.1
echo '/usr/local/lib' > /etc/ld.so.conf.d/local.conf
# 重新加载模块
ldconfig安装依赖库
1
yum install -y zlib-devel
编译 Nginx
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25cd nginx-1.24.0/
# 预编译
./configure \
--prefix=/usr/local/nginx \
--user=www \
--group=www \
--with-http_stub_status_module \
--with-http_sub_module \
--with-http_v2_module \
--with-http_ssl_module \
--with-stream \
--with-stream_ssl_preread_module \
--with-stream_ssl_module \
--with-http_gzip_static_module \
--with-http_realip_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-openssl=../openssl-1.1.1w \
--with-pcre=../pcre-8.45 \
--with-pcre-jit \
--with-ld-opt='-ljemalloc'
# 编译安装
make -j2 && make install -j2创建 nginx 服务管理文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22cat > /usr/lib/systemd/system/nginx.service <<EOF
[Unit]
Description=nginx - high performance web server
Documentation=http://nginx.org/en/docs/
After=network.target
[Service]
Type=forking
PIDFile=/var/run/nginx.pid
ExecStartPost=/bin/sleep 0.1
ExecStartPre=/usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf
ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
ExecReload=/bin/kill -s HUP \$MAINPID
ExecStop=/bin/kill -s QUIT \$MAINPID
TimeoutStartSec=120
LimitNOFILE=1000000
LimitNPROC=1000000
LimitCORE=1000000
[Install]
WantedBy=multi-user.target
EOF配置 Nginx 主配置文件
/usr/local/nginx/conf/nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121user www www;
worker_processes auto;
error_log /data/wwwlogs/error_nginx.log crit;
pid /var/run/nginx.pid;
worker_rlimit_nofile 51200;
events {
use epoll;
worker_connections 51200;
multi_accept on;
}
http {
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 1024m;
client_body_buffer_size 10m;
sendfile on;
tcp_nopush on;
keepalive_timeout 120;
server_tokens off;
tcp_nodelay on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
fastcgi_intercept_errors on;
#Gzip Compression
gzip on;
gzip_buffers 16 8k;
gzip_comp_level 6;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_proxied any;
gzip_vary on;
gzip_types
text/xml application/xml application/atom+xml application/rss+xml application/xhtml+xml image/svg+xml
text/javascript application/javascript application/x-javascript
text/x-json application/json application/x-web-app-manifest+json
text/css text/plain text/x-component
font/opentype application/x-font-ttf application/vnd.ms-fontobject
image/x-icon;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
##Brotli Compression
#brotli on;
#brotli_comp_level 6;
#brotli_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript image/svg+xml;
##If you have a lot of static files to serve through Nginx then caching of the files' metadata (not the actual files' contents) can save some latency.
#open_file_cache max=1000 inactive=20s;
#open_file_cache_valid 30s;
#open_file_cache_min_uses 2;
#open_file_cache_errors on;
log_format json escape=json '{"@timestamp":"$time_iso8601",'
'"server_addr":"$server_addr",'
'"remote_addr":"$remote_addr",'
'"scheme":"$scheme",'
'"request_method":"$request_method",'
'"request_uri": "$request_uri",'
'"request_length": "$request_length",'
'"uri": "$uri", '
'"request_time":$request_time,'
'"body_bytes_sent":$body_bytes_sent,'
'"bytes_sent":$bytes_sent,'
'"status":"$status",'
'"upstream_time":"$upstream_response_time",'
'"upstream_host":"$upstream_addr",'
'"upstream_status":"$upstream_status",'
'"host":"$host",'
'"http_referer":"$http_referer",'
'"http_user_agent":"$http_user_agent"'
'}';
######################## default ############################
server {
listen 80;
server_name _;
access_log /data/wwwlogs/access_nginx.log combined;
root /data/wwwroot/default;
index index.html index.htm index.php;
#error_page 404 /404.html;
#error_page 502 /502.html;
location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
expires 30d;
access_log off;
}
location ~ .*\.(js|css)?$ {
expires 7d;
access_log off;
}
location ~ ^/(\.user.ini|\.ht|\.git|\.svn|\.project|LICENSE|README.md) {
deny all;
}
location /.well-known {
allow all;
}
}
########################## vhost #############################
include vhost/*.conf;
}创建 nginx 运行用户以及日志目录
1
2
3
4
5
6# 创建用户
useradd -M -s /sbin/nologin www
# 创建目录
mkdir -p /data/wwwlogs/
chown -R www:www /data/wwwlogs检查 nginx 配置文件是否正确
1
2
3# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful配置 nginx 开机启动
1
systemctl enable --now nginx
查看 nginx 服务是否正常运行
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18# systemctl status nginx.service
● nginx.service - nginx - high performance web server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2023-12-27 17:46:44 CST; 4s ago
Docs: http://nginx.org/en/docs/
Process: 16975 ExecStartPost=/bin/sleep 0.1 (code=exited, status=0/SUCCESS)
Process: 16969 ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf (code=exited, status=0/SUCCESS)
Process: 16967 ExecStartPre=/usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf (code=exited, status=0/SUCCESS)
Main PID: 16972 (nginx)
CGroup: /system.slice/nginx.service
├─16972 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
├─16973 nginx: worker process
└─16974 nginx: worker process
Dec 27 17:46:44 hexo systemd[1]: Starting nginx - high performance web server...
Dec 27 17:46:44 hexo nginx[16967]: nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
Dec 27 17:46:44 hexo nginx[16967]: nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
Dec 27 17:46:44 hexo systemd[1]: Started nginx - high performance web server.
配置 nginx 虚拟主机
创建虚拟主机目录以及 ssl 证书存放目录
1
mkdir /usr/local/nginx/conf/{ssl,vhost}
创建虚拟主机配置文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33# cat vhost/www.59izt.com.conf
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /usr/local/nginx/conf/ssl/59izt.com.pem;
ssl_certificate_key /usr/local/nginx/conf/ssl/59izt.com.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256;
ssl_conf_command Ciphersuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256;
ssl_conf_command Options PrioritizeChaCha;
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_buffer_size 2k;
add_header Strict-Transport-Security max-age=15768000;
ssl_stapling on;
ssl_stapling_verify on;
server_name 59izt.com www.59izt.com;
access_log /data/wwwlogs/www.59izt.com_nginx.log combined;
if ($ssl_protocol = "") { return 301 https://$host$request_uri; }
location / {
proxy_pass http://localhost:4000/;
proxy_pass_header Server;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
}
}准备域名证书,然后重载 nginx 配置文件
1
/usr/local/nginx/sbin/nginx -s reload