Internet und Hostinglösungen
  • Werbung
  • Schlagwörter

Nginx Webserver installation und konfiguration auf Debian 8 Jessie

Vorwort

Nginx wird aufgrund der Vielfältigkeit, der hohen Leistung und der guten Konfigurierbarkeit bei vielen großen Webdiensten verwendet.

Installation


System vorbereiten

apt update
apt -y upgrade


Damit ich später gzib verwenden kann, muss zusätzlich das Paket zlib1g-dev installiert werden. Für die verwendung von SSL (HTTPS) muss das Paket libssl-dev installiert werden:
apt-get install -y g++ make zlib1g-dev libssl-dev


Um rewrite Reglen verwenden zu können, muss pcre installiert werden:
cd /usr/src
wget http://freefr.dl.sourceforge.net/project/pcre/pcre/8.36/pcre-8.36.tar.gz
tar xzvf pcre-8.*.tar.gz
cd pcre-8.*/
./configure
make
make install


Nginx herunterladen und entpacken


cd /usr/src/
wget http://nginx.org/download/nginx-1.11.3.tar.gz
tar xzf nginx-*.tar.gz
cd nginx-*


Nginx konfigurieren und kompilieren


./configure --with-http_realip_module --with-ipv6 --with-http_ssl_module
make
make install


Nginx Startscript


nano /etc/init.d/nginx

#!/bin/bash -e
#-----------------------------------------------------------------------#
# Copyright 2006-2017 by Kevin Bühl <kevin@buehl.biz> #
#-----------------------------------------------------------------------#
# __ __ _____________ __ __ ______________ #
# | | 2006 | | | _______ \ | | | | |___________ | #
# | | 2017 | | | | \ | | | | | | | #
# | |___ ____| | | |_______/ / | |___ ____| | ___________| | #
# |______ ____ | | _______ | |______ ____ | | ___________| #
# by | | | | \ \ Content | | | | #
# Kevin | | | |_______/ | Management | | | |___________ #
# Bühl |__| |_____________/ System |__| |______________| #
# #
# No part of this website or any of its contents may be reproduced, #
# copied, modified or adapted, without the prior written consent of #
# the author, unless otherwise indicated for stand-alone materials. #
# For more Information visit www.4b42.com. #
# This notice must remain untouched at any time. #
#-----------------------------------------------------------------------#

#-----------------------------------------------------------------------#
# 2012-12-28 Kevin Bühl created
#-----------------------------------------------------------------------#

### BEGIN INIT INFO
# Provides: nginx
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: starts the nginx web server
# Description: starts nginx using start-stop-daemon
### END INIT INFO

DAEMON=/usr/local/nginx/sbin/nginx
OPTIONS=
PIDFILE=/usr/local/nginx/logs/nginx.pid
CONF=/usr/local/nginx/conf/nginx.conf
NAME=Nginx

test -x $DAEMON || exit 0
. /lib/lsb/init-functions

case "$1" in
start)
log_daemon_msg "Starting Webserver" nginx
if start-stop-daemon --start --quiet --pidfile ${PIDFILE} --exec $DAEMON -- $OPTIONS; then
log_end_msg 0
else
log_end_msg 1
fi
;;

stop)
log_daemon_msg "Stopping Webserver" nginx
start-stop-daemon --stop --quiet --pidfile ${PIDFILE} --exec $DAEMON
log_end_msg 0
;;

restart)
$0 stop
sleep 2
$0 start
;;

reload)
$DAEMON -t -c $CONF -q
log_daemon_msg "Reloading Webserver configuration" nginx
if start-stop-daemon --stop --signal HUP --quiet --pidfile ${PIDFILE} --exec $DAEMON; then
log_end_msg 0
else
log_end_msg 1
fi
;;

status)
status_of_proc -p ${PIDFILE} $DAEMON nginx && exit 0 || exit $?
;;

*)
log_action_msg "Usage: $0 {start|stop|reload|restart|status}"
exit 1
;;

esac
exit 0

Passen Sie nun die Berechtigungen des Skripts an und erstellen Sie einen Ordner für die Logdateien:
chmod +x /etc/init.d/nginx
mkdir /var/log/nginx/

Damit Nginx automatisch bei Systemstart gestartet wird:
update-rc.d nginx defaults


Konfiguration


Öffnen Sie die Konfigurationsdatei nginx.conf imVerzeichnis /usr/local/nginx/conf/:
nano /usr/local/nginx/conf/nginx.conf

Passen Sie die Konfiguration an Ihre Umgebung an:
worker_processes					8;
events
{
worker_connections 8192;
use epoll;
multi_accept on;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
gzip on;
## Start: Size Limits & Buffer Overflows ##
client_body_buffer_size 1K;
client_header_buffer_size 1k;
client_max_body_size 2m;
large_client_header_buffers 2 1k;
## END: Size Limits & Buffer Overflows ##

## Start: Timeouts ##
client_body_timeout 10;
client_header_timeout 10;
keepalive_timeout 5 5;
send_timeout 25;
## End: Timeouts ##

server
{
listen 127.0.0.1:80;
server_name default;

ssl on;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2;
ssl_ciphers "EECDH+AES:EDH+AES:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4";
add_header Strict-Transport-Security max-age=15768000; # six months
ssl_certificate /var/www/ssl/san.bdl;
ssl_certificate_key /var/www/ssl/san.key;
ssl_dhparam /var/www/ssl/san.dh;

location /
{
root /var/www/default/httpsdocs/;
index index.html index.php;
}
location ~ \.php$
{
root /var/www/default/httpsdocs/;
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
include /usr/local/nginx/conf/error-pages.conf;
}
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
}


nano /usr/local/nginx/conf/error-pages.conf

error_page      400     =       /error/400.html;
error_page 401 = /error/401.html;
error_page 402 = /error/402.html;
error_page 403 = /error/403.html;
error_page 404 = /error/404.html;
error_page 405 = /error/405.html;
error_page 406 = /error/406.html;
error_page 407 = /error/407.html;
error_page 408 = /error/408.html;
error_page 409 = /error/409.html;
error_page 410 = /error/410.html;
error_page 411 = /error/411.html;
error_page 412 = /error/412.html;
error_page 413 = /error/413.html;
error_page 414 = /error/414.html;
error_page 415 = /error/415.html;
error_page 416 = /error/416.html;
error_page 417 = /error/417.html;
error_page 418 = /error/418.html;
error_page 421 = /error/421.html;
error_page 422 = /error/422.html;
error_page 423 = /error/423.html;
error_page 424 = /error/424.html;
error_page 425 = /error/425.html;
error_page 426 = /error/426.html;
error_page 429 = /error/429.html;
error_page 444 = /error/444.html;
error_page 451 = /error/451.html;

error_page 500 = /error/500.html;
error_page 501 = /error/501.html;
error_page 502 = /error/502.html;
error_page 503 = /error/503.html;
error_page 504 = /error/504.html;

Nun können Sie den Webserver Nginx starten:
ldconfig
/etc/init.d/nginx start
[ ok ] Starting nginx (via systemctl): nginx.service.


Logrotate


nano /etc/logrotate.d/nginx

/var/log/nginx/*.log {
weekly
missingok
rotate 52
compress
delaycompress
notifempty
create 640 root root
sharedscripts
postrotate
[ -f /usr/local/nginx/logs/nginx.pid ] && kill -USR1 `cat /usr/local/nginx/logs/nginx.pid`
endscript
}

Um logrotate manuell auszuführen geben Sie folgenden Befehl ein:
logrotate --force /etc/logrotate.d/nginx

Prüfen Sie nun ob die älteren Logdateien komprimiert wurden:
ls -lah /var/log/nginx/
insgesamt 1.8G
drwxr-xr-x 2 root root 4.0K Aug 02 11:11 .
drwxr-xr-x 12 root root 4.0K Aug 02 10:11 ..
-rw-r----- 1 nobody root 1.7K Aug 02 11:11 access.log
-rw-r--r-- 1 root root 1.8G Aug 02 11:11 access.log.1
-rw-r----- 1 nobody root 0 Aug 02 11:11 error.log
-rw-r--r-- 1 root root 93K Aug 02 11:11 error.log.1