20190329 CentOS 7.6 安装 nginx,配置端口访问网站

1、查询一下 nginx

yum search nginx
	已加载插件:fastestmirror
	Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast
	Determining fastest mirrors
	 * base: mirrors.aliyun.com
	 * extras: mirrors.aliyun.com
	 * updates: mirrors.aliyun.com
	epel                                                                12744/12744
	......

** 如果已经有旧版本,可以重新卸载安装

2、安装 nginx

sudo yum install -y nginx

启动并设置为开机启动
基本指令:
	sudo systemctl start nginx.service
	sudo systemctl enable nginx.service
	sudo systemctl status nginx.service
	sudo systemctl restart nginx.service

查看版本,确认启动
 nginx -v
	nginx version: nginx/1.12.2
ps -ef |grep nginx

测试网站配置
	sudo nginx -t

	curl 127.0.0.1

3、配置 8080 端口访问的网站

参考

https://m.linuxidc.com/Linux/2019-02/156789.htmhttps://blog.csdn.net/yongzhang52545/article/details/51282914

1.  检查 nginx 配置文件
	sudo  vim /etc/nginx/nginx.conf
	内容摘要如下:
			    server {
	        listen       80 default_server;
	        listen       [::]:80 default_server;
	        server_name  _;
	        root         /usr/share/nginx/html;
	....
	# Load modular configuration files from the /etc/nginx/conf.d directory.
	    # See http://nginx.org/en/docs/ngx_core_module.html#include
	    # for more information.
	    include /etc/nginx/conf.d/*.conf;

	    配置网站模块放在  /etc/nginx/conf.d/*.conf 下
2. 新建一个网站 : chuangke.conf
	sudo touch /etc/nginx/conf.d
	sudo vim  chuangke.conf
	加入以下内容
		server {
        listen       8080;
        server_name  127.0.0.1;
        root        /usr/share/nginx/chuangke;
        # root    /var/www/chuangke;
        index   index.html;

        location / {
        }
    }

测试一下配置
    sudo nginx -t
	nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
	nginx: configuration file /etc/nginx/nginx.conf test is successful

重启 nginx
 sudo systemctl restart nginx

测试网站
curl 127.0.0.1:8080
使用 root    /var/www/chuangke 总是 403 错误?!
	    <html>
	<head><title>403 Forbidden</title></head>
	<body bgcolor="white">
	<center><h1>403 Forbidden</h1></center>
	<hr><center>nginx/1.12.2</center>
	</body>
	</html>

4、 开放 8080 端口

1. 查看防火墙状态
	sudo systemctl status firewalld

	sudo firewall-cmd --state
		running
2. 防火墙基本命令
	# 开启
	service firewalld start
	# 重启
	service firewalld restart
	# 关闭
	sudo service firewalld stop

	# 查看防火墙规则
	sudo firewall-cmd --list-all
	sudo firewall-cmd --state
3. 开启 8080 端口
	sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent

	重启防火墙
	sudo systemctl restart firewalld.service

	sudo firewall-cmd --reload

4. 不知道为什么,就把自己关在外面了 ssh 连接不上去了!
	sudo firewall-cmd --list-all
		public (active)
		  target: default
		  icmp-block-inversion: no
		  interfaces: enp0s3
		  sources:
		  services: ssh dhcpv6-client
		  ports:
		  protocols:
		  masquerade: no
		  forward-ports:
		  source-ports:
		  icmp-blocks:
		  rich rules:
	** 可以看到,ports 一个都没有!
	** 干脆重新增加端口的时候,先加上 20,22 端口
	sudo firewall-cmd --zone=public --add-port=80/tcp --permanent
	sudo firewall-cmd --zone=public --add-port=22/tcp --permanent
	sudo firewall-cmd --zone=public --add-port=21/tcp --permanent
	sudo firewall-cmd --zone=public --add-port=20/tcp --permanent
	sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent
	sudo firewall-cmd --zone=public --add-port=4433/tcp --permanent

重启防火墙
	sudo systemctl restart firewalld.service
重新查看防火墙规则
	sudo firewall-cmd --list-all
		public (active)
		  target: default
		  icmp-block-inversion: no
		  interfaces: enp0s3
		  sources:
		  services: ssh dhcpv6-client
		  ports: 80/tcp 22/tcp 21/tcp 20/tcp 8080/tcp 4433/tcp
		  protocols:
		  masquerade: no
		  forward-ports:
		  source-ports:
		  icmp-blocks:
		  rich rules:
** 现在可以安全的退出、重新 ssh 了!

5、再增加一个其他端口 (例如:4433)发生错误

	1. 测试:将以上 chuangke.conf 的端口改成 4433后
		sudo systemctl restart nginx
		返回错误!
			Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.

2. 测试 nginx 配置是 OK!
	sudo nginx -t
		nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
		nginx: configuration file /etc/nginx/nginx.conf test is successful

3. 查看错误信息
		sudo systemctl status nginx.service
			......
		3月 29 15:07:26 centos7-71 nginx[18289]: nginx: [emerg] bind() to 0.0.0.0:4433 failed (13: Permission denied)
			......
			3月 29 15:07:26 centos7-71 systemd[1]: Unit nginx.service entered failed state.
			3月 29 15:07:26 centos7-71 systemd[1]: nginx.service failed.

** 4433 端口不允许!

6、semanage 解决 http 端口访问配置(Selinux)

参考https://blog.csdn.net/runsnail2018/article/details/81185138https://zhb1208.iteye.com/blog/1432957

1. 直接安装 semanage 会提示:没有 semanage
	sudo yum update
	sudo yum install semanage
		已加载插件:fastestmirror
		Loading mirror speeds from cached hostfile
		 * base: mirrors.aliyun.com
		 * extras: mirrors.aliyun.com
		 * updates: mirrors.aliyun.com
		没有可用软件包 semanage。
		错误:无须任何处理

2. 按照参考文档,执行一下设置和安装命令
	1). yum provides /usr/sbin/semanage
	2). yum -y install policycoreutils-python
	3). 现在就可以执行 semanage 命令了
3. 查看 http 可以访问的端口
	sudo semanage port -l | grep http_port_t
			http_port_t                    tcp      80, 81, 443, 488, 8008, 8009, 8443, 9000
		pegasus_http_port_t            tcp      5988
	** 果然没有发现 4433 端口!
4. 增加 4433 到 http 访问端口
	sudo semanage port -a -t http_port_t  -p tcp 4433
5. 再来看看 http 端口
sudo semanage port -l | grep http_port_t
		http_port_t                    tcp      4433, 80, 81, 443, 488, 8008, 8009, 8443, 9000
		pegasus_http_port_t            tcp      5988
** 现在可以访问 4433 了
	sudo systemctl restart nginx
	sudo systemctl status nginx.service
	OK!

一直没有搞明白 SELinux 干么用的!现在有点儿明白了!

不是简单从防火墙开放一个端口就可以了还要配置 特定服务(这次是 HTTP)可以使用哪些端口

6、切换root目录一直 403 错误

参考https://blog.csdn.net/a690392431/article/details/85914076

** 这个博客应该是正确的!但是,我照着操作了,还是不行!

实在没有办法了!
只好先关闭 SELinux !以后再学习!

sudo vim /etc/selinux/config
		# by wzh 20190329 disable SELINUX
		SELINUX=disabled
		# SELINUX=enforcing

重启才能生效!

查看 SELinux
sestatus
	SELinux status:                 disabled
03-30 02:45