保存文件:deploy_nginx.sh
执行:chmod +x deploy_nginx.sh
执行:./deploy_nginx.sh
bash
#!/bin/bash
# Nginx 1.29.3自动化部署脚本 for CentOS 7 (修复版)
# 修复了GCC编译选项问题和其他已知问题
###当前文件只开放了80 8000端口 如果新增网站端口如8000端口,请手动执行下面2个命令,开放防火墙端口,并重载防火墙
# # 如果使用firewalld
# sudo firewall-cmd --permanent --add-port=8000/tcp
# sudo firewall-cmd --reload
# # 如果使用iptables(较少见)
# # sudo iptables -I INPUT -p tcp --dport 8000 -j ACCEPT
# # sudo service iptables save
set -e # 遇到错误时退出脚本
# 颜色定义
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# 日志函数
log_info() {
echo -e "${GREEN}[INFO]${NC} $(date '+%Y-%m-%d %H:%M:%S') - $1"
}
log_warn() {
echo -e "${YELLOW}[WARN]${NC} $(date '+%Y-%m-%d %H:%M:%S') - $1"
}
log_error() {
echo -e "${RED}[ERROR]${NC} $(date '+%Y-%m-%d %H:%M:%S') - $1"
}
# 检查是否以root用户运行
check_root() {
if [[ $EUID -ne 0 ]]; then
log_error "此脚本必须以root用户运行"
exit 1
fi
}
# 检查CentOS版本
check_centos_version() {
if ! grep -q "CentOS Linux release 7" /etc/redhat-release; then
log_error "此脚本仅支持CentOS 7"
exit 1
fi
}
# 检查并修复GCC版本
check_gcc_version() {
log_info "检查GCC版本..."
if command -v gcc &> /dev/null; then
GCC_VERSION=$(gcc --version | head -n1 | awk '{print $3}')
log_info "当前GCC版本: $GCC_VERSION"
# CentOS 7默认gcc为4.8.5,需要更新
if [[ "$(printf '%s\n' "5.0.0" "$GCC_VERSION" | sort -V | head -n1)" = "5.0.0" ]]; then
log_info "GCC版本满足要求"
else
log_warn "GCC版本较低,建议安装高版本GCC"
install_devtoolset
fi
else
log_warn "未找到GCC,将安装..."
yum install -y gcc
fi
}
# 安装devtoolset以获取高版本GCC
install_devtoolset() {
log_info "安装devtoolset-9 (包含GCC 9.3.1)..."
yum install -y centos-release-scl
yum install -y devtoolset-9-gcc devtoolset-9-gcc-c++ devtoolset-9-binutils
# 启用devtoolset-9
source /opt/rh/devtoolset-9/enable
# 添加到环境变量
echo 'source /opt/rh/devtoolset-9/enable' >> ~/.bashrc
echo 'export CC=/opt/rh/devtoolset-9/root/usr/bin/gcc' >> ~/.bashrc
echo 'export CXX=/opt/rh/devtoolset-9/root/usr/bin/g++' >> ~/.bashrc
log_info "devtoolset-9安装完成,GCC版本: $(gcc --version | head -n1)"
}
# 配置参数
NGINX_VERSION="1.29.3"
NGINX_TAR="nginx-${NGINX_VERSION}.tar.gz"
NGINX_DOWNLOAD_URL="https://nginx.org/download/${NGINX_TAR}"
# 修复版本号问题:使用可用的OpenSSL版本
OPENSSL_VERSION="1.1.1w"
OPENSSL_TAR="openssl-${OPENSSL_VERSION}.tar.gz"
OPENSSL_DOWNLOAD_URL="https://www.openssl.org/source/old/1.1.1/openssl-${OPENSSL_VERSION}.tar.gz"
# 检查OpenSSL下载链接是否有效,如果无效则使用GitHub镜像
if ! wget --spider "${OPENSSL_DOWNLOAD_URL}" 2>/dev/null; then
OPENSSL_VERSION="3.0.15" # 使用较新的稳定版本
OPENSSL_TAR="openssl-${OPENSSL_VERSION}.tar.gz"
OPENSSL_DOWNLOAD_URL="https://github.com/openssl/openssl/releases/download/openssl-${OPENSSL_VERSION}/openssl-${OPENSSL_VERSION}.tar.gz"
log_info "切换到OpenSSL ${OPENSSL_VERSION}"
fi
PCRE_VERSION="8.45"
PCRE_TAR="pcre-${PCRE_VERSION}.tar.gz"
PCRE_DOWNLOAD_URL="https://downloads.sourceforge.net/project/pcre/pcre/${PCRE_VERSION}/${PCRE_TAR}"
ZLIB_VERSION="1.3.1"
ZLIB_TAR="zlib-${ZLIB_VERSION}.tar.gz"
ZLIB_DOWNLOAD_URL="https://zlib.net/fossils/${ZLIB_TAR}" # 修复URL
INSTALL_DIR="/usr/local/nginx"
CONF_DIR="${INSTALL_DIR}/conf"
LOG_DIR="/var/log/nginx"
TMP_DIR="/tmp/nginx_build"
NGINX_USER="nginx"
NGINX_GROUP="nginx"
RUN_DIR="/var/run/nginx" # 使用nginx专用的运行目录
# 修复编译选项:使用nginx专用的运行目录
COMPILE_OPTIONS="
--user=${NGINX_USER}
--group=${NGINX_GROUP}
--prefix=${INSTALL_DIR}
--sbin-path=${INSTALL_DIR}/sbin/nginx
--conf-path=${CONF_DIR}/nginx.conf
--pid-path=${RUN_DIR}/nginx.pid
--lock-path=${RUN_DIR}/nginx.lock
--error-log-path=${LOG_DIR}/error.log
--http-log-path=${LOG_DIR}/access.log
--with-http_ssl_module
--with-http_v2_module
--with-http_realip_module
--with-http_addition_module
--with-http_sub_module
--with-http_dav_module
--with-http_flv_module
--with-http_mp4_module
--with-http_gunzip_module
--with-http_gzip_static_module
--with-http_random_index_module
--with-http_secure_link_module
--with-http_stub_status_module
--with-http_auth_request_module
--with-threads
--with-stream
--with-stream_ssl_module
--with-stream_realip_module
--with-http_slice_module
--with-mail
--with-mail_ssl_module
--with-file-aio
--with-http_v3_module
--with-openssl=${TMP_DIR}/openssl-${OPENSSL_VERSION}
--with-pcre=${TMP_DIR}/pcre-${PCRE_VERSION}
--with-zlib=${TMP_DIR}/zlib-${ZLIB_VERSION}
"
# 创建目录
create_directories() {
log_info "创建必要的目录..."
mkdir -p ${INSTALL_DIR}
mkdir -p ${CONF_DIR}
mkdir -p ${LOG_DIR}
mkdir -p ${TMP_DIR}
mkdir -p ${INSTALL_DIR}/conf.d
mkdir -p ${INSTALL_DIR}/stream.d
mkdir -p ${INSTALL_DIR}/ssl
mkdir -p /var/cache/nginx/{client_temp,proxy_temp,fastcgi_temp,uwsgi_temp,scgi_temp}
# 创建nginx专用运行目录
mkdir -p ${RUN_DIR}
# 设置权限
chmod 777 ${LOG_DIR}
chmod 777 /var/cache/nginx
chmod 777 /var/cache/nginx/*
chmod 777 ${RUN_DIR}
# 设置所有权
chown -R ${NGINX_USER}:${NGINX_GROUP} ${RUN_DIR}
chown -R ${NGINX_USER}:${NGINX_GROUP} ${LOG_DIR}
chown -R ${NGINX_USER}:${NGINX_GROUP} /var/cache/nginx
chown -R ${NGINX_USER}:${NGINX_GROUP} ${INSTALL_DIR}
}
# 创建nginx用户和组
create_nginx_user() {
log_info "创建nginx用户和组..."
if ! id -u ${NGINX_USER} >/dev/null 2>&1; then
groupadd ${NGINX_GROUP}
useradd -r -g ${NGINX_GROUP} -s /sbin/nologin ${NGINX_USER}
log_info "已创建用户: ${NGINX_USER}"
else
log_info "用户 ${NGINX_USER} 已存在"
fi
}
# 安装依赖
install_dependencies() {
log_info "安装编译依赖..."
yum install -y epel-release
yum groupinstall -y "Development Tools"
yum install -y \
wget \
curl \
git \
gcc \
gcc-c++ \
make \
automake \
autoconf \
libtool \
pcre-devel \
zlib-devel \
openssl-devel \
perl \
perl-devel \
perl-ExtUtils-Embed \
GeoIP-devel \
gd-devel \
libxslt-devel \
libxml2-devel \
mailx \
lua-devel \
readline-devel \
libmaxminddb-devel
log_info "依赖安装完成"
}
# 下载源码
download_sources() {
log_info "下载源码包..."
cd ${TMP_DIR}
# 清理旧的源码目录
# rm -rf openssl-* pcre-* zlib-* nginx-* 2>/dev/null || true
# 下载nginx
if [ ! -f "${NGINX_TAR}" ]; then
log_info "下载Nginx ${NGINX_VERSION}..."
wget --no-check-certificate ${NGINX_DOWNLOAD_URL} -O ${NGINX_TAR}
if [ $? -ne 0 ]; then
log_error "下载Nginx失败"
exit 1
fi
else
log_info "Nginx源码包已存在"
fi
# 下载openssl
if [ ! -f "${OPENSSL_TAR}" ]; then
log_error "${OPENSSL_TAR}文件不存在"
log_info "下载OpenSSL ${OPENSSL_VERSION}..."
wget --no-check-certificate ${OPENSSL_DOWNLOAD_URL} -O ${OPENSSL_TAR}
if [ $? -ne 0 ]; then
log_error "下载OpenSSL失败"
exit 1
fi
else
log_info "OpenSSL源码包已存在"
fi
# 下载pcre
if [ ! -f "${PCRE_TAR}" ]; then
log_error "${PCRE_TAR}文件不存在"
log_info "下载PCRE ${PCRE_VERSION}..."
wget --no-check-certificate ${PCRE_DOWNLOAD_URL} -O ${PCRE_TAR}
if [ $? -ne 0 ]; then
log_error "下载PCRE失败"
exit 1
fi
else
log_info "PCRE源码包已存在"
fi
# 下载zlib
if [ ! -f "${ZLIB_TAR}" ]; then
log_error "${ZLIB_TAR}文件不存在"
log_info "下载Zlib ${ZLIB_VERSION}..."
wget --no-check-certificate ${ZLIB_DOWNLOAD_URL} -O ${ZLIB_TAR}
if [ $? -ne 0 ]; then
log_error "下载Zlib失败"
exit 1
fi
else
log_info "Zlib源码包已存在"
fi
# 解压所有源码包
log_info "解压源码包..."
tar -xzf ${NGINX_TAR}
tar -xzf ${OPENSSL_TAR}
tar -xzf ${PCRE_TAR}
tar -xzf ${ZLIB_TAR}
# 检查解压是否成功
if [ ! -d "nginx-${NGINX_VERSION}" ] || [ ! -d "openssl-${OPENSSL_VERSION}" ] || [ ! -d "pcre-${PCRE_VERSION}" ] || [ ! -d "zlib-${ZLIB_VERSION}" ]; then
log_error "源码包解压失败"
exit 1
fi
log_info "源码下载和解压完成"
}
# 编译安装nginx
compile_nginx() {
log_info "编译安装Nginx..."
cd ${TMP_DIR}/nginx-${NGINX_VERSION}
log_info "配置编译选项..."
# 清理之前的编译
make clean 2>/dev/null || true
make distclean 2>/dev/null || true
# 执行configure(使用修复后的选项)
./configure ${COMPILE_OPTIONS}
if [ $? -ne 0 ]; then
log_error "配置失败,请检查上面的错误信息"
exit 1
fi
# 获取CPU核心数
CPU_CORES=$(nproc)
log_info "使用 ${CPU_CORES} 个CPU核心进行编译"
# 编译
log_info "开始编译..."
make -j${CPU_CORES}
if [ $? -ne 0 ]; then
log_error "编译失败"
exit 1
fi
# 安装
log_info "开始安装..."
make install
if [ $? -ne 0 ]; then
log_error "安装失败"
exit 1
fi
log_info "Nginx编译安装完成"
}
# 创建systemd服务文件
create_systemd_service() {
log_info "创建systemd服务文件..."
cat > /lib/systemd/system/nginx.service << EOF
[Unit]
Description=Nginx Web Server
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/var/run/nginx/nginx.pid
ExecStartPre=${INSTALL_DIR}/sbin/nginx -t
ExecStart=${INSTALL_DIR}/sbin/nginx
ExecReload=${INSTALL_DIR}/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT \$MAINPID
PrivateTmp=true
User=${NGINX_USER}
Group=${NGINX_GROUP}
# Security
NoNewPrivileges=true
ProtectSystem=strict
ProtectHome=true
ReadWritePaths=${LOG_DIR} /var/cache/nginx ${INSTALL_DIR} /var/run/nginx
ReadOnlyPaths=/
PrivateDevices=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
RestrictNamespaces=true
RestrictRealtime=true
SystemCallFilter=@system-service
SystemCallErrorNumber=EPERM
LockPersonality=true
MemoryDenyWriteExecute=true
# 添加以下行以允许绑定低端口
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
EOF
# 重新加载systemd配置
systemctl daemon-reload
log_info "systemd服务文件创建完成"
}
# 配置nginx
configure_nginx() {
log_info "配置Nginx..."
# 检查是否已有配置文件
if [ -f "${CONF_DIR}/nginx.conf" ]; then
cp ${CONF_DIR}/nginx.conf ${CONF_DIR}/nginx.conf.bak.$(date +%Y%m%d%H%M%S)
fi
# 生成优化配置
cat > ${CONF_DIR}/nginx.conf << 'EOF'
# Nginx 主配置文件
# Generated by AutoDeploy Script
user nginx nginx;
worker_processes auto;
worker_rlimit_nofile 65535;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx/nginx.pid;
events {
use epoll;
worker_connections 10240;
multi_accept on;
accept_mutex off;
}
http {
include mime.types;
default_type application/octet-stream;
# 日志格式
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
log_format json '{'
'"time_local":"$time_local",'
'"remote_addr":"$remote_addr",'
'"remote_user":"$remote_user",'
'"request":"$request",'
'"status":$status,'
'"body_bytes_sent":$body_bytes_sent,'
'"http_referer":"$http_referer",'
'"http_user_agent":"$http_user_agent",'
'"http_x_forwarded_for":"$http_x_forwarded_for",'
'"request_time":$request_time,'
'"upstream_response_time":"$upstream_response_time"'
'}';
access_log /var/log/nginx/access.log main;
# 基本设置
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
# 文件上传大小限制
client_max_body_size 100m;
# 缓冲区设置
client_body_buffer_size 128k;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
# 超时设置
client_body_timeout 12;
client_header_timeout 12;
send_timeout 10;
# Gzip压缩
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 1024;
gzip_types
text/plain
text/css
text/xml
text/javascript
application/json
application/javascript
application/xml+rss
application/atom+xml
image/svg+xml;
# MIME类型
include /usr/local/nginx/conf/mime.types;
# 虚拟主机配置
include /usr/local/nginx/conf.d/*.conf;
}
# Stream模块配置(TCP/UDP代理)
stream {
include /usr/local/nginx/stream.d/*.conf;
}
EOF
# 创建默认虚拟主机配置(使用非特权端口)
cat > ${INSTALL_DIR}/conf.d/8080.conf << 'EOF'
server {
listen 8080;
server_name localhost;
root /usr/share/nginx/html;
# 安全头部
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
# 默认首页
index index.html index.htm;
# 错误页面
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location = /404.html {
root /usr/share/nginx/html;
}
# 禁止访问隐藏文件
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# 状态页面
location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}
# 日志设置
access_log /var/log/nginx/localhost.access.log main;
error_log /var/log/nginx/localhost.error.log warn;
}
EOF
# 创建默认虚拟主机配置(使用特权80端口)
cat > ${INSTALL_DIR}/conf.d/default.conf << 'EOF'
server {
listen 80;
server_name localhost;
root /usr/share/nginx/html;
# 安全头部
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
# 默认首页
index index.html index.htm;
# 错误页面
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location = /404.html {
root /usr/share/nginx/html;
}
# 禁止访问隐藏文件
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# 状态页面
location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}
# 日志设置
access_log /var/log/nginx/localhost.access.log main;
error_log /var/log/nginx/localhost.error.log warn;
}
EOF
# 创建默认首页
mkdir -p /usr/share/nginx/html
cat > /usr/share/nginx/html/index.html << EOF
<!DOCTYPE html>
<html>
<head>
<title>Welcome to Nginx ${NGINX_VERSION}!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
h1 {
color: #333;
text-align: center;
}
</style>
</head>
<body>
<h1>Welcome to Nginx ${NGINX_VERSION}!</h1>
<p>If you see this page, the Nginx web server is successfully installed and working.</p>
<p>For online documentation and support please refer to
<a href="https://nginx.org/">nginx.org</a>.</p>
<p><em>Thank you for using Nginx.</em></p>
</body>
</html>
EOF
# 设置权限
chown -R ${NGINX_USER}:${NGINX_GROUP} /usr/share/nginx/html
chown -R ${NGINX_USER}:${NGINX_GROUP} ${CONF_DIR}
chmod -R 777 ${CONF_DIR}
log_info "Nginx配置完成"
}
# 配置防火墙
configure_firewall() {
log_info "配置防火墙..."
if systemctl is-active --quiet firewalld; then
log_info "防火墙正在运行,配置规则..."
firewall-cmd --permanent --add-port=80/tcp 2>/dev/null || true
firewall-cmd --permanent --add-port=443/tcp 2>/dev/null || true
firewall-cmd --permanent --add-port=8080/tcp 2>/dev/null || true
firewall-cmd --reload 2>/dev/null || true
log_info "防火墙规则已添加"
else
log_warn "防火墙未运行,跳过配置"
fi
}
# 配置SELinux
configure_selinux() {
log_info "配置SELinux..."
if command -v sestatus >/dev/null 2>&1 && sestatus | grep -q "enabled"; then
log_info "SELinux已启用,设置规则..."
# 安装SELinux工具
yum install -y policycoreutils-python 2>/dev/null || yum install -y policycoreutils-python3 2>/dev/null || true
# 设置Nginx相关目录的SELinux上下文
semanage fcontext -a -t httpd_exec_t "${INSTALL_DIR}/sbin/nginx" 2>/dev/null || true
semanage fcontext -a -t httpd_sys_content_t "${LOG_DIR}(/.*)?" 2>/dev/null || true
semanage fcontext -a -t httpd_sys_content_t "/usr/share/nginx/html(/.*)?" 2>/dev/null || true
semanage fcontext -a -t httpd_sys_content_t "${INSTALL_DIR}/conf(/.*)?" 2>/dev/null || true
semanage fcontext -a -t httpd_var_run_t "/var/run/nginx(/.*)?" 2>/dev/null || true
# 允许Nginx绑定到非标准端口
semanage port -a -t http_port_t -p tcp 8080 2>/dev/null || true
restorecon -Rv ${LOG_DIR} 2>/dev/null || true
restorecon -Rv /usr/share/nginx/html 2>/dev/null || true
restorecon -Rv ${INSTALL_DIR}/conf 2>/dev/null || true
restorecon -v ${INSTALL_DIR}/sbin/nginx 2>/dev/null || true
restorecon -Rv /var/run/nginx 2>/dev/null || true
# 允许Nginx访问网络
setsebool -P httpd_can_network_connect 1 2>/dev/null || true
setsebool -P httpd_can_network_bind 1 2>/dev/null || true
log_info "SELinux配置完成"
else
log_info "SELinux已禁用或未安装"
fi
}
# 启动nginx服务
start_nginx() {
log_info "启动Nginx服务..."
# 确保运行目录存在并有正确权限
mkdir -p ${RUN_DIR}
mkdir -p ${LOG_DIR}
chown -R ${NGINX_USER}:${NGINX_GROUP} ${RUN_DIR}
chown -R ${NGINX_USER}:${NGINX_GROUP} ${LOG_DIR}
log_info "创建运行目录和日志目录的相关文件,否则会导致Nginx启动失败,默认生成【root:root 644】的文件 ,..."
touch ${RUN_DIR}/nginx.pid
touch ${LOG_DIR}/access.log
touch ${LOG_DIR}/error.log
touch ${LOG_DIR}/localhost.access.log
touch ${LOG_DIR}/localhost.error.log
chmod 777 ${RUN_DIR}/*
chmod 777 ${LOG_DIR}/*
chown -R ${NGINX_USER}:${NGINX_GROUP} ${RUN_DIR}/*
chown -R ${NGINX_USER}:${NGINX_GROUP} ${LOG_DIR}/*
# 测试配置文件
log_info "测试Nginx配置文件..."
if ! ${INSTALL_DIR}/sbin/nginx -t; then
log_error "Nginx配置文件测试失败"
# 显示配置文件内容以便调试
log_info "显示nginx.conf内容:"
grep -v "^#" ${CONF_DIR}/nginx.conf | grep -v "^ *$"
exit 1
fi
chmod 777 ${RUN_DIR}/*
chmod 777 ${LOG_DIR}/*
chown -R ${NGINX_USER}:${NGINX_GROUP} ${RUN_DIR}/*
chown -R ${NGINX_USER}:${NGINX_GROUP} ${LOG_DIR}/*
# 启动服务
log_info "启动Nginx服务..."
if ! systemctl start nginx; then
log_error "Nginx启动失败"
log_info "查看systemctl状态:"
systemctl status nginx || true
log_info "查看journal日志:"
journalctl -xe --since "1 minute ago" | tail -20
exit 1
fi
# 设置开机自启
systemctl enable nginx 2>/dev/null || true
# 检查服务状态
sleep 2
if systemctl is-active --quiet nginx; then
log_info "Nginx服务运行正常"
else
log_error "Nginx服务未运行"
systemctl status nginx
exit 1
fi
}
# 验证安装
verify_installation() {
log_info "验证安装..."
# 检查nginx版本
NGINX_VER=$(${INSTALL_DIR}/sbin/nginx -v 2>&1)
log_info "Nginx版本: ${NGINX_VER}"
# 测试HTTP访问
log_info "测试HTTP访问..."
if curl -s -o /dev/null -w "%{http_code}" http://localhost:8080 | grep -q "200"; then
log_info "HTTP访问测试成功"
else
log_warn "HTTP访问测试失败,可能需要等待服务完全启动"
fi
}
# 显示安装信息
show_installation_info() {
echo ""
echo "==================== Nginx安装完成 ===================="
echo "Nginx版本: ${NGINX_VERSION}"
echo "安装目录: ${INSTALL_DIR}"
echo "配置目录: ${CONF_DIR}"
echo "日志目录: ${LOG_DIR}"
echo "运行目录: ${RUN_DIR}"
echo "运行用户: ${NGINX_USER}:${NGINX_GROUP}"
echo "服务状态: $(systemctl is-active nginx)"
echo "开机自启: $(systemctl is-enabled nginx 2>/dev/null || echo "unknown")"
echo ""
echo "配置文件:"
echo " 主配置: ${CONF_DIR}/nginx.conf"
echo " 虚拟主机: ${INSTALL_DIR}/conf.d/"
echo ""
echo "常用命令:"
echo " 启动: systemctl start nginx"
echo " 停止: systemctl stop nginx"
echo " 重启: systemctl restart nginx"
echo " 重载: systemctl reload nginx"
echo " 状态: systemctl status nginx"
echo " 测试: ${INSTALL_DIR}/sbin/nginx -t"
echo ""
echo "测试访问: curl http://localhost:8080"
echo "================================================="
}
# 清理临时文件
cleanup() {
log_info "清理临时文件..."
if [ -d "${TMP_DIR}" ]; then
# rm -rf ${TMP_DIR}
log_info "已清理临时目录: ${TMP_DIR}"
fi
# 清理yum缓存
yum clean all 2>/dev/null || true
log_info "清理完成"
}
# 主函数
main() {
echo "开始安装Nginx ${NGINX_VERSION}"
# 执行安装步骤
check_root
check_centos_version
check_gcc_version
create_nginx_user
create_directories
install_dependencies
download_sources
compile_nginx
create_systemd_service
configure_nginx
configure_firewall
configure_selinux
start_nginx
verify_installation
show_installation_info
cleanup
echo "Nginx ${NGINX_VERSION} 安装完成!"
}
# 执行主函数
main "$@"