20190329 CentOS 7.6 安装 nginx,配置端口访问网站
1、查询一下 nginx
yum search nginx
已加载插件:fastestmirror
Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast
Determining fastest mirrors
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
epel 12744/12744
......
** 如果已经有旧版本,可以重新卸载安装
2、安装 nginx
sudo yum install -y nginx
启动并设置为开机启动
基本指令:
sudo systemctl start nginx.service
sudo systemctl enable nginx.service
sudo systemctl status nginx.service
sudo systemctl restart nginx.service
查看版本,确认启动
nginx -v
nginx version: nginx/1.12.2
ps -ef |grep nginx
测试网站配置
sudo nginx -t
curl 127.0.0.1
3、配置 8080 端口访问的网站
参考
https://m.linuxidc.com/Linux/2019-02/156789.htmhttps://blog.csdn.net/yongzhang52545/article/details/51282914
1. 检查 nginx 配置文件
sudo vim /etc/nginx/nginx.conf
内容摘要如下:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
....
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
配置网站模块放在 /etc/nginx/conf.d/*.conf 下
2. 新建一个网站 : chuangke.conf
sudo touch /etc/nginx/conf.d
sudo vim chuangke.conf
加入以下内容
server {
listen 8080;
server_name 127.0.0.1;
root /usr/share/nginx/chuangke;
# root /var/www/chuangke;
index index.html;
location / {
}
}
测试一下配置
sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
重启 nginx
sudo systemctl restart nginx
测试网站
curl 127.0.0.1:8080
使用 root /var/www/chuangke 总是 403 错误?!
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.12.2</center>
</body>
</html>
4、 开放 8080 端口
1. 查看防火墙状态
sudo systemctl status firewalld
sudo firewall-cmd --state
running
2. 防火墙基本命令
# 开启
service firewalld start
# 重启
service firewalld restart
# 关闭
sudo service firewalld stop
# 查看防火墙规则
sudo firewall-cmd --list-all
sudo firewall-cmd --state
3. 开启 8080 端口
sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent
重启防火墙
sudo systemctl restart firewalld.service
sudo firewall-cmd --reload
4. 不知道为什么,就把自己关在外面了 ssh 连接不上去了!
sudo firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: enp0s3
sources:
services: ssh dhcpv6-client
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
** 可以看到,ports 一个都没有!
** 干脆重新增加端口的时候,先加上 20,22 端口
sudo firewall-cmd --zone=public --add-port=80/tcp --permanent
sudo firewall-cmd --zone=public --add-port=22/tcp --permanent
sudo firewall-cmd --zone=public --add-port=21/tcp --permanent
sudo firewall-cmd --zone=public --add-port=20/tcp --permanent
sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent
sudo firewall-cmd --zone=public --add-port=4433/tcp --permanent
重启防火墙
sudo systemctl restart firewalld.service
重新查看防火墙规则
sudo firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: enp0s3
sources:
services: ssh dhcpv6-client
ports: 80/tcp 22/tcp 21/tcp 20/tcp 8080/tcp 4433/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
** 现在可以安全的退出、重新 ssh 了!
5、再增加一个其他端口 (例如:4433)发生错误
1. 测试:将以上 chuangke.conf 的端口改成 4433后
sudo systemctl restart nginx
返回错误!
Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.
2. 测试 nginx 配置是 OK!
sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
3. 查看错误信息
sudo systemctl status nginx.service
......
3月 29 15:07:26 centos7-71 nginx[18289]: nginx: [emerg] bind() to 0.0.0.0:4433 failed (13: Permission denied)
......
3月 29 15:07:26 centos7-71 systemd[1]: Unit nginx.service entered failed state.
3月 29 15:07:26 centos7-71 systemd[1]: nginx.service failed.
** 4433 端口不允许!
6、semanage 解决 http 端口访问配置(Selinux)
参考https://blog.csdn.net/runsnail2018/article/details/81185138https://zhb1208.iteye.com/blog/1432957
1. 直接安装 semanage 会提示:没有 semanage
sudo yum update
sudo yum install semanage
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
没有可用软件包 semanage。
错误:无须任何处理
2. 按照参考文档,执行一下设置和安装命令
1). yum provides /usr/sbin/semanage
2). yum -y install policycoreutils-python
3). 现在就可以执行 semanage 命令了
3. 查看 http 可以访问的端口
sudo semanage port -l | grep http_port_t
http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t tcp 5988
** 果然没有发现 4433 端口!
4. 增加 4433 到 http 访问端口
sudo semanage port -a -t http_port_t -p tcp 4433
5. 再来看看 http 端口
sudo semanage port -l | grep http_port_t
http_port_t tcp 4433, 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t tcp 5988
** 现在可以访问 4433 了
sudo systemctl restart nginx
sudo systemctl status nginx.service
OK!
一直没有搞明白 SELinux 干么用的!现在有点儿明白了!
不是简单从防火墙开放一个端口就可以了还要配置 特定服务(这次是 HTTP)可以使用哪些端口
6、切换root目录一直 403 错误
参考https://blog.csdn.net/a690392431/article/details/85914076
** 这个博客应该是正确的!但是,我照着操作了,还是不行!
实在没有办法了!
只好先关闭 SELinux !以后再学习!
sudo vim /etc/selinux/config
# by wzh 20190329 disable SELINUX
SELINUX=disabled
# SELINUX=enforcing
重启才能生效!
查看 SELinux
sestatus
SELinux status: disabled