Linux 软件包

Nginx 为各种 Linux 发行版提供预编译的软件包，方便快速安装和更新。

官方软件源

支持的发行版

• Ubuntu：20.04 LTS, 22.04 LTS, 23.10
• Debian：10 (buster), 11 (bullseye), 12 (bookworm)
• CentOS/RHEL：7, 8, 9
• Alpine：3.x

Ubuntu/Debian

导入签名密钥

# 安装依赖
sudo apt install curl gnupg2 ca-certificates lsb-release debian-archive-keyring

# 导入官方签名密钥
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
    | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null

# 验证密钥
gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg

输出应包含：

573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62
nginx signing key <signing-key@nginx.com>

设置软件源

Stable 版本：

echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/debian `lsb_release -cs` nginx" \
    | sudo tee /etc/apt/sources.list.d/nginx.list

echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" \
    | sudo tee /etc/apt/sources.list.d/nginx.list

Mainline 版本：

echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/mainline/debian `lsb_release -cs` nginx" \
    | sudo tee /etc/apt/sources.list.d/nginx.list

echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/mainline/ubuntu `lsb_release -cs` nginx" \
    | sudo tee /etc/apt/sources.list.d/nginx.list

安装

# 更新软件包索引
sudo apt update

# 安装 Nginx
sudo apt install nginx

# 启动 Nginx
sudo systemctl start nginx

# 设置开机自启
sudo systemctl enable nginx

CentOS/RHEL

安装依赖

sudo yum install yum-utils

设置软件源

创建 /etc/yum.repos.d/nginx.repo：

[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

安装

# 安装 Stable 版本（默认）
sudo yum install nginx

# 或安装 Mainline 版本
sudo yum-config-manager --enable nginx-mainline
sudo yum install nginx

# 启动 Nginx
sudo systemctl start nginx

# 设置开机自启
sudo systemctl enable nginx

Alpine Linux

# 更新软件包索引
sudo apk update

# 安装 Nginx
sudo apk add nginx

# 启动 Nginx
sudo rc-service nginx start

# 设置开机自启
sudo rc-update add nginx

软件包内容

安装的文件

包含的模块

官方软件包包含以下模块：

• HTTP 核心模块
• HTTP SSL 模块
• HTTP/2 模块
• HTTP RealIP 模块
• HTTP Gzip Static 模块
• HTTP Auth Request 模块
• HTTP Random Index 模块
• HTTP Secure Link 模块
• HTTP Slice 模块
• Mail 代理模块
• Stream TCP/UDP 代理模块

版本管理

查看版本

nginx -v

查看编译参数

nginx -V

更新 Nginx

Ubuntu/Debian

sudo apt update
sudo apt upgrade nginx

CentOS/RHEL

sudo yum update nginx

Alpine

sudo apk update
sudo apk upgrade nginx

锁定版本

Ubuntu/Debian

# 锁定当前版本
sudo apt-mark hold nginx

# 解锁版本
sudo apt-mark unhold nginx

CentOS/RHEL

# 编辑 yum.conf
sudo vim /etc/yum.conf

# 添加以下内容
exclude=nginx-*

配置文件

主配置文件

/etc/nginx/nginx.conf：

user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;
    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}

默认服务器配置

/etc/nginx/conf.d/default.conf：

server {
    listen       80;
    server_name  localhost;

    #charset koi8-r;

    #access_log  /var/log/nginx/host.access.log  main;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #location ~ \.php$ {
    #    root           html;
    #    fastcgi_pass   127.0.0.1:9000;
    #    fastcgi_index  index.php;
    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    #    include        fastcgi_params;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}
}

服务管理

systemd 命令

# 启动
sudo systemctl start nginx

# 停止
sudo systemctl stop nginx

# 重启
sudo systemctl restart nginx

# 重新加载配置
sudo systemctl reload nginx

# 查看状态
sudo systemctl status nginx

# 启用开机自启
sudo systemctl enable nginx

# 禁用开机自启
sudo systemctl disable nginx

直接命令

# 启动
sudo nginx

# 停止
sudo nginx -s stop

# 优雅退出
sudo nginx -s quit

# 重新加载配置
sudo nginx -s reload

# 重新打开日志
sudo nginx -s reopen

# 测试配置
sudo nginx -t

防火墙配置

firewalld

# 允许 HTTP
sudo firewall-cmd --permanent --add-service=http

# 允许 HTTPS
sudo firewall-cmd --permanent --add-service=https

# 重新加载防火墙
sudo firewall-cmd --reload

# 查看规则
sudo firewall-cmd --list-all

ufw

# 允许 HTTP 和 HTTPS
sudo ufw allow 'Nginx Full'

# 仅允许 HTTP
sudo ufw allow 'Nginx HTTP'

# 仅允许 HTTPS
sudo ufw allow 'Nginx HTTPS'

# 查看状态
sudo ufw status

iptables

# 允许 HTTP
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT

# 允许 HTTPS
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT

# 保存规则
sudo service iptables save

卸载

Ubuntu/Debian

# 停止服务
sudo systemctl stop nginx

# 卸载软件包
sudo apt remove nginx nginx-common nginx-full

# 删除配置文件
sudo apt purge nginx nginx-common nginx-full

# 删除依赖
sudo apt autoremove

# 手动删除残留文件
sudo rm -rf /etc/nginx
sudo rm -rf /var/log/nginx
sudo rm -rf /var/lib/nginx

CentOS/RHEL

# 停止服务
sudo systemctl stop nginx

# 卸载软件包
sudo yum remove nginx

# 删除残留文件
sudo rm -rf /etc/nginx
sudo rm -rf /var/log/nginx
sudo rm -rf /var/lib/nginx

Alpine

# 停止服务
sudo rc-service nginx stop

# 卸载软件包
sudo apk del nginx

# 删除残留文件
sudo rm -rf /etc/nginx
sudo rm -rf /var/log/nginx

故障排查

查看日志

# 错误日志
sudo tail -f /var/log/nginx/error.log

# 访问日志
sudo tail -f /var/log/nginx/access.log

检查配置

# 测试配置
sudo nginx -t

# 显示配置
sudo nginx -T

检查进程

# 查看 Nginx 进程
ps aux | grep nginx

# 查看端口占用
sudo netstat -tlnp | grep :80
# 或
sudo ss -tlnp | grep :80

检查权限

# 检查 Nginx 用户
ps aux | grep nginx | grep 'master process'

# 检查文件权限
ls -la /var/log/nginx/
ls -la /etc/nginx/

性能优化

调整 worker_processes

user  nginx;
worker_processes  auto;  # 自动检测 CPU 核心数

调整 worker_connections

events {
    worker_connections  2048;  # 增加连接数
}

启用 gzip

http {
    gzip  on;
    gzip_min_length  1000;
    gzip_types       text/plain text/css application/json application/javascript;
}

调整文件描述符

# 查看当前限制
ulimit -n

# 临时增加
ulimit -n 65535

# 永久增加
sudo vim /etc/security/limits.conf

# 添加以下内容
* soft nofile 65535
* hard nofile 65535