情報系メモ : NGINX

Nginx インストール 2017/10

公開鍵の取得

$ wget https://nginx.org/keys/aalexeev.key
$ wget https://nginx.org/keys/is.key
$ wget https://nginx.org/keys/mdounin.key
$ wget https://nginx.org/keys/maxim.key
$ wget https://nginx.org/keys/sb.key
$ wget https://nginx.org/keys/nginx_signing.key
$ gpg --import aalexeev.key
$ gpg --import wget is.key
$ gpg --import wget mdounin.key
$ gpg --import wget maxim.key
$ gpg --import wget sb.key
$ gpg --import wget nginx_signing.key

ソースの取得

$ wget https://nginx.org/download/nginx-1.12.2.tar.gz

署名ファイルの取得

$ wget https://nginx.org/download/nginx-1.12.2.tar.gz.asc
$ gpg --verify nginx-1.12.2.tar.gz.asc nginx-1.12.2.tar.gz

グループとユーザの追加

# groupadd nginx
# useradd -s /bin/nologin nginx -g nginx

Cコンパイラ等の開発環境のインストール

# yum groupinstall "Development Tools"

PCREのインストール

# yum install pcre pcre-devel

ZLIBのインストール

# yum install zlib zlib-devel.x86_64

OpenSSLソースコードのダウンロード

wget https://www.openssl.org/source/openssl-1.1.0f.tar.gz 
tar xzvf openssl-1.1.0f.tar.gz

※ ここで解凍したディレクトリをconfigureで指定する。

MAKE

$ tar xzvf nginx-1.12.2.tar.gz
$ cd nginx-1.12.2
$ ./configure \
--prefix=/usr/local/nginx \
--conf-path=/etc/nginx/nginx.conf \
--with-openssl=/PATH/TO/openssl-1.1.0f \
--user=nginx \
--group=nginx \
--with-http_ssl_module
$ make
# make install

自動起動スクリプト参考を元に改造

# vi /lib/systemd/system/nginx.service

[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true

[Install]
WantedBy=multi-user.target

システム登録

# systemctl list-unit-files | grep nginx
nginx.service                               disabled

# systemctl enable nginx
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to
/usr/lib/systemd/system/nginx.service.

# systemctl start nginx

# systemctl status nginx
● nginx.service - The NGINX HTTP and reverse proxy server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2016-07-25 00:22:05 JST; 3min 48s ago
  Process: 1340 ExecStart=/usr/local/nginx/sbin/nginx (code=exited, status=0/SUCCESS)
  Process: 1334 ExecStartPre=/usr/local/nginx/sbin/nginx -t (code=exited, status=0/SUCCESS)
 Main PID: 1344 (nginx)
   CGroup: /system.slice/nginx.service
           tq1344 nginx: master process /usr/local/nginx/sbin/nginx
           mq1345 nginx: worker process

firewalldの設定

# firewall-cmd --list-all
public (default, active)
  interfaces: eth0
  sources:
  services: dhcpv6-client ssh
  ports:
  masquerade: no
  forward-ports:
  icmp-blocks:
  rich rules:

# firewall-cmd --permanent --add-service=http
success

# firewall-cmd --permanent --add-service=https
success

# firewall-cmd --reload
success

# firewall-cmd --list-all
public (default, active)
  interfaces: eth0
  sources:
  services: dhcpv6-client http ssh
  ports:
  masquerade: no
  forward-ports:
  icmp-blocks:
  rich rules:

システムを再起動してブラウザから接続テスト

# reboot

※このままではSSLが使用できないので、別途コンパイルと設定が必要。