環境:
CentOS7
安裝 nginx
一nginx安裝環境
1. gcc
安裝nginx需要先將官網下載的源碼進行編譯,編譯依賴gcc環境,如果沒有gcc環境,需要安裝gcc:
yum install gcc-c++
2.PCRE
PCRE(Perl Compatible Regular Expressions)是一個Perl庫,包括 perl 兼容的正則表達式庫。nginx的http模塊使用pcre來解析正則表達式,所以需要在linux上安裝pcre庫。
yum install -y pcre pcre-devel
注:pcre-devel是使用pcre開發的一個二次開發庫。nginx也需要此庫。
3. zlib
zlib庫提供了很多種壓縮和解壓縮的方式,nginx使用zlib對http包的內容進行gzip,所以需要在linux上安裝zlib庫。
yum install -y zlib zlib-devel
4.openssl
OpenSSL 是一個強大的安全套接字層密碼庫,囊括主要的密碼算法、常用的密鑰和證書封裝管理功能及SSL協議,並提供豐富的應用程序供測試或其它目的使用。
nginx不僅支持http協議,還支持https(即在ssl協議上傳輸http),所以需要在linux安裝openssl庫。
yum install -y openssl openssl-devel
二 編譯安裝
1.將nginx-1.8.0.tar.gz拷貝至linux服務器。
2.解壓:
tar -zxvf nginx-1.8.0.tar.gz
cd nginx-1.8.0
3.配置 configure
./configure --help查詢詳細參數(參考本教程附錄部分:nginx編譯參數)
參數設置如下:
./configure \
--prefix=/usr/local/nginx \
--pid-path=/var/run/nginx/nginx.pid \
--lock-path=/var/lock/nginx.lock \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--with-http_gzip_static_module \
--http-client-body-temp-path=/var/temp/nginx/client \
--http-proxy-temp-path=/var/temp/nginx/proxy \
--http-fastcgi-temp-path=/var/temp/nginx/fastcgi \
--http-uwsgi-temp-path=/var/temp/nginx/uwsgi \
--http-scgi-temp-path=/var/temp/nginx/scgi
注意:上邊將臨時文件目錄指定為/var/temp/nginx,需要在/var下創建temp及nginx目錄
三 啟動運行測試
1編譯安裝
make
make install
安裝成功查看安裝目錄 :whereis nginx
2 啟動nginx
cd /usr/local/nginx/sbin/
./nginx
注意:執行./nginx啟動nginx,這里可以-c指定加載的nginx配置文件,如下:
./nginx -c /usr/local/nginx/conf/nginx.conf
如果不指定-c,nginx在啟動時默認加載conf/nginx.conf文件,此文件的地址也可以在編譯安裝nginx時指定./configure的參數(--conf-path= 指向配置文件(nginx.conf))
3 停止nginx
方式1,快速停止:
cd /usr/local/nginx/sbin
./nginx -s stop
此方式相當於先查出nginx進程id再使用kill命令強制殺掉進程。
方式2,完整停止(建議使用):
cd /usr/local/nginx/sbin
./nginx -s quit
此方式停止步驟是待nginx進程處理任務完畢進行停止。
4 重啟nginx
方式1,先停止再啟動(建議使用):
對nginx進行重啟相當於先停止nginx再啟動nginx,即先執行停止命令再執行啟動命令。
如下:
./nginx -s quit
./nginx
方式2,重新加載配置文件:
當nginx的配置文件nginx.conf修改后,要想讓配置生效需要重啟nginx,使用-s reload不用先停止nginx再啟動nginx即可將配置信息在nginx中生效,如下:
./nginx -s reload
5 測試
nginx安裝成功,啟動nginx,即可訪問虛擬機上的nginx:瀏覽器輸入服務器地址即可
安裝ftp組件
1.安裝vsftpd組件
安裝完后,有/etc/vsftpd/vsftpd.conf 文件,是vsftp的配置文件。
yum -y install vsftpd
2.添加一個ftp用戶
此用戶就是用來登錄ftp服務器用的。
useradd ftpuser
這樣一個用戶建完,可以用這個登錄,記得用普通登錄不要用匿名了。登錄后默認的路徑為 /home/ftpuser.
3.給ftp用戶添加密碼。
passwd ftpuser
輸入兩次密碼后修改密碼。
4 .防火牆開啟21端口
firewall-cmd --permanent --zone=public --add-port=21/tcp
firewall-cmd --permanent --zone=public --add-port=21/udp
還要運行下,重啟iptables
firewall-cmd --reload
5.修改selinux
外網是可以訪問上去了,可是發現沒法返回目錄(使用ftp的主動模式,被動模式還是無法訪問),也上傳不了,因為selinux作怪了。
修改selinux:
執行以下命令查看狀態:
getsebool -a | grep ftp
allow_ftpd_anon_write --> off
allow_ftpd_full_access --> off
allow_ftpd_use_cifs --> off
allow_ftpd_use_nfs --> off
ftp_home_dir --> off
ftpd_connect_db --> off
ftpd_use_passive_mode --> off
httpd_enable_ftp_server --> off
tftp_anon_write --> off
執行上面命令,再返回的結果看到兩行都是off,代表,沒有開啟外網的訪問
setsebool -P allow_ftpd_full_access on
setsebool -P ftp_home_dir on
這樣應該沒問題了(如果,還是不行,看看是不是用了ftp客戶端工具用了passive模式訪問了,如提示Entering Passive mode,就代表是passive模式,默認是不行的,因為ftp passive模式被iptables擋住了,下面會講怎么開啟,如果懶得開的話,就看看你客戶端ftp是否有port模式的選項,或者把passive模式的選項去掉。如果客戶端還是不行,看看客戶端上的主機的電腦是否開了防火牆,關吧)
FileZilla的主動、被動模式修改:
菜單:編輯→設置
6 關閉匿名訪問
修改/etc/vsftpd/vsftpd.conf文件:
重啟ftp服務:
service vsftpd restart
nginx配置文件
#user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; server { listen 80; server_name localhost; charset utf-8; #access_log logs/host.access.log main; location ~ .*\.(gif|jpg|jpeg|png)$ { expires 24h; root /home/ftpuser/picture/;#Ö¸¶¨Í¼Æ¬´æ·Å·¾¶ access_log /home/ftpuser/picture/images.log;#ÈÕÖ¾´æ·Å·¾¶ proxy_store on; proxy_store_access user:rw group:rw all:rw; proxy_temp_path /home/ftpuser/picture/;#ͼƬ·ÃÎÊ·¾¶ proxy_redirect off; proxy_set_header Host 127.0.0.1; client_max_body_size 10m; client_body_buffer_size 1280k; proxy_connect_timeout 900; proxy_send_timeout 900; proxy_read_timeout 900; proxy_buffer_size 40k; proxy_buffers 40 320k; proxy_busy_buffers_size 640k; proxy_temp_file_write_size 640k; if ( !-e $request_filename) { proxy_pass http://127.0.0.1;#ĬÈÏ80¶Ë¿Ú } } location / { root html; index index.html index.htm; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server # #server { # listen 443 ssl; # server_name localhost; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #} }
vsftpd配置
# Example config file /etc/vsftpd/vsftpd.conf # # The default compiled in settings are fairly paranoid. This sample file # loosens things up a bit, to make the ftp daemon more usable. # Please see vsftpd.conf.5 for all compiled in defaults. # # READ THIS: This example file is NOT an exhaustive list of vsftpd options. # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's # capabilities. # # Allow anonymous FTP? (Beware - allowed by default if you comment this out). anonymous_enable=NO # # Uncomment this to allow local users to log in. # When SELinux is enforcing check for SE bool ftp_home_dir local_enable=YES # # Uncomment this to enable any form of FTP write command. write_enable=YES # # Default umask for local users is 077. You may wish to change this to 022, # if your users expect that (022 is used by most other ftpd's) local_umask=022 # # Uncomment this to allow the anonymous FTP user to upload files. This only # has an effect if the above global write enable is activated. Also, you will # obviously need to create a directory writable by the FTP user. # When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access anon_upload_enable=YES # # Uncomment this if you want the anonymous FTP user to be able to create # new directories. anon_mkdir_write_enable=YES # # Activate directory messages - messages given to remote users when they # go into a certain directory. dirmessage_enable=YES # # Activate logging of uploads/downloads. xferlog_enable=YES # # Make sure PORT transfer connections originate from port 20 (ftp-data). connect_from_port_20=YES # # If you want, you can arrange for uploaded anonymous files to be owned by # a different user. Note! Using "root" for uploaded files is not # recommended! #chown_uploads=YES #chown_username=whoever # # You may override where the log file goes if you like. The default is shown # below. xferlog_file=/var/log/xferlog # # If you want, you can have your log file in standard ftpd xferlog format. # Note that the default log file location is /var/log/xferlog in this case. xferlog_std_format=YES # # You may change the default value for timing out an idle session. #idle_session_timeout=600 # # You may change the default value for timing out a data connection. #data_connection_timeout=120 # # It is recommended that you define on your system a unique user which the # ftp server can use as a totally isolated and unprivileged user. #nopriv_user=ftpsecure # # Enable this and the server will recognise asynchronous ABOR requests. Not # recommended for security (the code is non-trivial). Not enabling it, # however, may confuse older FTP clients. #async_abor_enable=YES # # By default the server will pretend to allow ASCII mode but in fact ignore # the request. Turn on the below options to have the server actually do ASCII # mangling on files when in ASCII mode. # Beware that on some FTP servers, ASCII support allows a denial of service # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd # predicted this attack and has always been safe, reporting the size of the # raw file. # ASCII mangling is a horrible feature of the protocol. #ascii_upload_enable=YES #ascii_download_enable=YES # # You may fully customise the login banner string: #ftpd_banner=Welcome to blah FTP service. # # You may specify a file of disallowed anonymous e-mail addresses. Apparently # useful for combatting certain DoS attacks. #deny_email_enable=YES # (default follows) #banned_email_file=/etc/vsftpd/banned_emails # # You may specify an explicit list of local users to chroot() to their home # directory. If chroot_local_user is YES, then this list becomes a list of # users to NOT chroot(). # (Warning! chroot'ing can be very dangerous. If using chroot, make sure that # the user does not have write access to the top level directory within the # chroot) #chroot_local_user=YES chroot_list_enable=NO # (default follows) #chroot_list_file=/etc/vsftpd/chroot_list # # You may activate the "-R" option to the builtin ls. This is disabled by # default to avoid remote users being able to cause excessive I/O on large # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume # the presence of the "-R" option, so there is a strong case for enabling it. #ls_recurse_enable=YES # # When "listen" directive is enabled, vsftpd runs in standalone mode and # listens on IPv4 sockets. This directive cannot be used in conjunction # with the listen_ipv6 directive. listen=no # # This directive enables listening on IPv6 sockets. By default, listening # on the IPv6 "any" address (::) will accept connections from both IPv6 # and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6 # sockets. If you want that (perhaps because you want to listen on specific # addresses) then you must run two copies of vsftpd with two configuration # files. # Make sure, that one of the listen options is commented !! listen_ipv6=YES pam_service_name=vsftpd userlist_enable=YES tcp_wrappers=YES #local_root=/home/image/ #chroot_local_user=YES #anon_root=/home/image/
最后一步修改ftpuser的文件權限
chown -R 755 /home/ftpuser/picture/