tengine 安装和配置

安装：

cd /usr/local/src

wget http://tengine.taobao.org/download/tengine-2.3.3.tar.gz

tar -xzf tengine-2.3.3.tar.gz

cd tengine-2.3.3.tar.gz

./configure

make

make install

ln -s /usr/local/nginx/sbin/nginx /usr/bin/nginx

nginx -V #查看版本和编译时参数

nginx -m #查看已安装的模块

nginx -t #检查配置文件

systemctl enable nginx

systemctl start nginx

 

tengine 的配置语法与nginx完全兼容，可直接使用

 

开启 ngx_http_upstream_check_module 模块

Tengine-1.4.0 版本之前，编译时以指定依赖库的方式开启：./configure --with-http_upstream_check_module

Tengine-1.4.0 到 2.3.0 版本默认开启

Tengine-2.3.1 版本之后，编译时以增加第三方模块的方式添加：./configure --add-module=./modules/ngx_http_upstream_check_module/

 

增加第三方模块的方法：

比如增加 modules/ngx_http_upstream_check_module 和 ngx_http_upstream_consistent_hash_module 模块

./configure \
--add-module=./modules/ngx_http_upstream_check_module/ \
--add-module=./modules/ngx_http_upstream_consistent_hash_module

所有可增加的模块都在源码包的 modules 目录，可视自己需要加载

 

增加ssl模块，防止使用certbot时报错：The error was: PluginError('Nginx build is missing SSL module (--with-http_ssl_module).')

./configure \
--add-module=./modules/ngx_http_upstream_check_module/ \
--add-module=./modules/ngx_http_upstream_consistent_hash_module \
--with-http_ssl_module

 

修改Nginx的运行用户，统一为www

添加用户和用户组

useradd www -s /sbin/nologin -M

修改/etc/nginx/nginx.conf

user www;

 

 

Nginx+PHP配置示例

 

nginx.conf 必要参数，注意最好不要修改pid文件位置，否则可能导致启动出现各种问题

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 60;
    types_hash_max_size 4096;

    sendfile_max_chunk 512k;
    server_names_hash_bucket_size 128;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 32k;
    client_max_body_size 50m;
    client_body_buffer_size 20m;

    fastcgi_connect_timeout 300;
    fastcgi_send_timeout 300;
    fastcgi_read_timeout 300;
    fastcgi_buffer_size 64k;
    fastcgi_buffers 4 64k;
    fastcgi_busy_buffers_size 128k;
    fastcgi_temp_file_write_size 256k;

    gzip on;
    gzip_min_length  1k;
    gzip_buffers     4 16k;
    gzip_http_version 1.1;
    gzip_comp_level 2;
    gzip_types     text/plain application/javascript application/x-javascript text/javascript text/css application/xml application/xml+rss;
    gzip_vary on;
    gzip_proxied   expired no-cache no-store private auth;
    gzip_disable   "MSIE [1-6]\.";

站点配置

    server {
        listen       443 ssl http2 default_server;
        listen       [::]:443 ssl http2 default_server;
        server_name  _;
        root         /usr/share/nginx/html;
        index index.html index.htm index.php default.html default.htm default.php;

        ssl_certificate "/etc/pki/nginx/server.crt";
        ssl_certificate_key "/etc/pki/nginx/private/server.key";
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;

        if (!-e $request_filename) {
            rewrite ^/(.*)$ /index.php/$1 last;
            break;
        }

        location ~ /uploads/.*\.php$ { deny all; }

        location ~ [^/]\.php(/|$)
        {
            fastcgi_pass  127.0.0.1:9000;
            fastcgi_index index.php;
            include fastcgi.conf;
            fastcgi_param PHP_ADMIN_VALUE "open_basedir=/usr/share/nginx/html:/tmp/:/proc/";
            fastcgi_split_path_info ^(.+?\.php)(/.*)$;
            set $path_info $fastcgi_path_info;
            fastcgi_param PATH_INFO       $path_info;
        }


        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
        {
            expires      30d;
        }

        location ~ .*\.(js|css)?$
        {
            expires      12h;
        }

        location ~ /.well-known {
            allow all;
        }

        location ~ /\.
        {
            deny all;
        }

        access_log  /usr/share/nginx/html/access.log main;

    }