How to quickly build Nginx server under CentOS

View server version

# cat /etc/redhat-release
CentOS Linux release 8.1.1911(Core)

installation steps

1. Update yum

# yum updateFailed to set locale, defaulting to C.UTF-8CentOS-8- AppStream                                                                                                                                              4.1 kB/s |4.3 kB     00:01CentOS-8- Base                                                                                                                                                   5.1 kB/s |3.8 kB     00:00CentOS-8- Extras                                                                                                                                                 4.1 kB/s |3.0 kB     00:00Dependencies resolved.Nothing to do.Complete!

2. Install Nginx

sudo yum install nginx

3. Configure Nginx

Set boot up

# sudo systemctl enable nginx

Start service

# sudo systemctl start nginx

Out of service

# sudo systemctl restart nginx

Reload

# sudo systemctl reload nginx

Firewall configuration

# sudo firewall-cmd --zone=public--permanent --add-service=httpsuccess

Open a port and reload the configuration to take effect. lasting

# sudo firewall-cmd --add-port=80/tcp --permanentsuccess# sudo firewall-cmd --add-port=443/tcp --permanentsuccess

Restart the server and check the firewall status.

# sudo firewall-cmd --list-servicedhcpv6-client http ssh

Query release port

# sudo firewall-cmd --list-ports80/tcp

Nginx common mistakes

View error message

# cat /var/log/nginx/error.log

1. Modify nginx.conf to start the user

# ps aux | grep "nginx: worker process"| awk '{print $1}'nobodyroot
# vim conf/nginx.confuser root;worker_processes auto;error_log /var/log/nginx/error.log;...

2. Modify html file permissions

View the file permissions of the original html directory

# ls -lrtZ /usr/share/nginx/htmltotal 24-rw-r--r--.1 root root system_u:object_r:httpd_sys_content_t:s0  368 Oct  721:16 nginx-logo.png-rw-r--r--.1 root root system_u:object_r:httpd_sys_content_t:s0 4057 Oct  721:16 index.html-rw-r--r--.1 root root system_u:object_r:httpd_sys_content_t:s0 4020 Oct  721:16 50x.html-rw-r--r--.1 root root system_u:object_r:httpd_sys_content_t:s0 3971 Oct  721:16404.html-rw-r--r--.1 root root system_u:object_r:httpd_sys_content_t:s0 4148 Oct  721:16 poweredby.png

Modify custom catalog

chcon -R -u system_u /xxx/chcon -R -t httpd_sys_content_t /xxx/

Security configuration

1. Hide directory

http {  autoindex off;}

2. Hide show version number

http {  server_tokens off;}

3. Restrict access to request parameters

http {  #Set client request header read timeout client_header_timeout 15;  #Set the client request body read timeout client_body_timeout 15;     #Upload file size limit client_max_body_size 10m;  #Specify the timeout period to respond to the client send_timeout    60;  #Set the timeout period keepalive for the client connection to keep the session_timeout 60;}

4. Access restrictions, allow is the ip and ip segments that are allowed to be accessed, deny is the ip and ip segments that are forbidden to access

# Set the access permission of the website root directory location/{    allow 192.168.1.1/24;    deny 192.168.1.2/24;    deny all;}

5. Restrict access to individual directories or file extensions

# When visiting uploads, p_w_Picpaths directory specifies the file location of the suffix~^/(uploads|p_w_picpaths)/.*\.(php|php5|jsp)$ {return403;}#Prohibit access to files with specified suffixes in all directories~.*\.(sql|log|txt|jar|war|sh|py){    deny all;}