快递空包网站建设,宁波网站关键词优化代码,外贸网站建站k,大连网络推广公司推荐定义一个变量来存放 nginx 版本号
version1.15.4nginx 下载地址#xff1a;http://nginx.org/download/
下列函数功能则是判断当前步骤是否执行成功#xff0c;并将结果输出出来
function show_result(){if [ $1 -eq 0 ]thenecho -e \e[32m$2 is Succes…定义一个变量来存放 nginx 版本号
version1.15.4nginx 下载地址http://nginx.org/download/
下列函数功能则是判断当前步骤是否执行成功并将结果输出出来
function show_result(){if [ $1 -eq 0 ]thenecho -e \e[32m$2 is Success . [ OK ] \e[0melseecho -e \e[31m$2 is Fail . [ FAIL ] \e[0mfi
}创建 nginx 用户和用户组建议用大于 1000 的 GID 和 UID 号表示普通用户 这段代码里我做了一个条件判断
如果在 /etc/passwd 和 /etc/group 文件中过滤出 nginx表示已经创建了 nginx 用户和 nginx 用户组就不再创建了 安装一些扩展包
function nginx_pkg(){local itemPackages Installyum -y install gcc openssl-devel pcre-devel zlib-devel /dev/null 21 show_result $? ${item}
}下载Nginx并解压缩
function nginx_download(){local itemNginx Downloadcd /usr/local/src \wget http://nginx.org/download/nginx-${version}.tar.gz /dev/null 21 test -e /usr/local/src/nginx-${version} || tar zxf nginx-${version}.tar.gz rm -rf /usr/local/src/nginx-${version}.tar.gzshow_result $? ${item}
}编译安装 Nginx
这里也做了一个条件判断
如果 /usr/local/nginx 目录存在则说明 nginx 已经成功安装好了
function nginx_compile(){local itemNginx Compilecd /usr/local/src/nginx-${version}if [ ls -l /usr/local/ | grep nginx | wc -l -ge 1 ];thenecho -e \e[31mNginx exist! \e[0melse./configure --prefix/usr/local/nginx /dev/null 21 make /dev/null 21 make install /dev/null 21 fishow_result $? ${item}
}建立软连接
function nginx_softlink(){local itemNginx Softlinktest -d /etc/nginx/ || ln -s /usr/local/nginx/conf/ /etc/nginxtest -e /usr/sbin/nginx || ln -s /usr/local/nginx/sbin/nginx /usr/sbin/show_result $? ${item}
}注册服务
将 nginx 注册成服务之后就可以使用 systemctl 控制它了
function nginx_service(){local itemNginx Servicetest -e /usr/lib/systemd/system/nginx.service || \ echo
[Unit]
DescriptionThe nginx HTTP and reverse proxy server
Afternetwork-online.target remote-fs.target nss-lookup.target
Wantsnetwork-online.target
[Service]
Typeforking
PIDFile/usr/local/nginx/logs/nginx.pid
# Nginx will fail to start if /run/nginx.pid already exists but has the wrong
# SELinux context. This might happen when running nginx -t from the cmdline.
# https://bugzilla.redhat.com/show_bug.cgi?id1268621ExecStartPre/usr/bin/rm-f /usr/local/nginx/logs/nginx.pid
ExecStartPre/usr/local/nginx/sbin/nginx -t
ExecStart/usr/local/nginx/sbin/nginx
ExecReload/usr/local/nginx/sbin/nginx -s reload
KillSignalSIGQUIT
TimeoutStopSec5
KillModeprocess
PrivateTmptrue /usr/lib/systemd/system/nginx.servicesystemctl daemon-reload show_result $? ${item}
}内核参数优化
function nginx_kernel(){local itemOptimize Kernel Argumentscp /etc/sysctl.conf /etc/sysctl.conf.${current_time} /dev/null 21arch_ratio$([[ ! -z $(uname -a | grep x86_64) ]] expr 64 / 32 || expr 32 / 32)memory_size$(free -b| awk NR2{print $2})nf_conntrack_size$(expr ${memory_size} / 16384 / ${arch_ratio})#开启反向路径过滤add_config_tofile net.ipv4.conf.default.rp_filter 1 /etc/sysctl.confadd_config_tofile net.ipv4.conf.all.rp_filter 1 /etc/sysctl.conf#处理无源路由包add_config_tofile net.ipv4.conf.all.accept_source_route 0 /etc/sysctl.confadd_config_tofile net.ipv4.conf.default.accept_source_route 0 /etc/sysctl.conf#core文件名中添加pid作为扩展名add_config_tofile kernel.core_uses_pid 1 /etc/sysctl.conf#开启syn洪水攻击保护add_config_tofile net.ipv4.tcp_syncookies 1 /etc/sysctl.conf#修改消息队列长度add_config_tofile kernel.msgmnb 65536 /etc/sysctl.confadd_config_tofile kernel.msgmax 65536 /etc/sysctl.conf#修改最大内存共享段大小bytesadd_config_tofile kernel.shmmax 68719476736 /etc/sysctl.confadd_config_tofile kernel.shmall 4294967296 /etc/sysctl.conf#timewait数量默认18000add_config_tofile net.ipv4.tcp_max_tw_buckets 600 /etc/sysctl.confadd_config_tofile net.ipv4.tcp_sack 1 /etc/sysctl.confadd_config_tofile net.ipv4.tcp_window_scaling 1 /etc/sysctl.confadd_config_tofile net.ipv4.tcp_rmem 4096 87380 16777216 /etc/sysctl.confadd_config_tofile net.ipv4.tcp_wmem 4096 65536 16777216 /etc/sysctl.confadd_config_tofile net.core.rmem_default 8388608 /etc/sysctl.confadd_config_tofile net.core.wmem_max 16777216 /etc/sysctl.conf#未收到客户端确认信息连接请求的最大值add_config_tofile net.ipv4.tcp_max_syn_backlog 262144 /etc/sysctl.conf#放弃建立连接之前发送的synack包add_config_tofile net.ipv4.tcp_syn_retries 2 /etc/sysctl.conf#开启重用允许time—wait socket 重新用语新的tcp连接add_config_tofile net.ipv4.tcp_tw_reuse 1 /etc/sysctl.confadd_config_tofile net.ipv4.tcp_fin_timeout 1 /etc/sysctl.conf#防止简单的ddos攻击add_config_tofile net.ipv4.tcp_max_orphans 3276800 /etc/sysctl.conf#启用timewait快速收回add_config_tofile net.ipv4.tcp_tw_recycle 0 /etc/sysctl.conf#keeptime启用时tcp发送keepalive消息的频度默认2hadd_config_tofile net.ipv4.tcp_keepalive_time 600 /etc/sysctl.conf#允许系统打开的端口范围add_config_tofile net.ipv4.ip_local_port_range 1024 65535 /etc/sysctl.conf#资源回收add_config_tofile net.ipv4.tcp_tw_recycle 0 /etc/sysctl.conf#路由转发add_config_tofile net.ipv4.ip_forward 1 /etc/sysctl.conf #修改防火墙连接跟踪表大小默认65535add_config_tofile net.netfilter.nf_conntrack_max ${nf_conntrack_size} /etc/sysctl.confadd_config_tofile net.nf_conntrack_max ${nf_conntrack_size} /etc/sysctl.conf#解禁pingadd_config_tofile net.ipv4.icmp_echo_ignore_all 0 /etc/sysctl.confmodprobe bridgesysctl -p /dev/null 21show_result $? ${item}
}启动nginx并开机自启
function nginx_start(){local itemNginx startsystemctl enable nginx --now /dev/null 21show_result $? ${item}
}负责配置的写入函数
在上面的内核参数优化函数里面我并没有使用 echo 将配置直接重定向到 /etc/sysctl.conf 文件里面
而是用了 add_config_tofile 函数第一个参数是配置项第二个参数是文件名
function add_config_tofile(){local keywordsecho $1| awk -F [ ] {print $1}local SearchResultgrep ^${keywords} $2if [ -z ${SearchResult} ]thenecho $1 $2elsesed -i s/^${keywords}.*/$1/ $2fi
}main函数
function main(){user_createnginx_pkgnginx_downloadnginx_compilenginx_softlinknginx_servicenginx_kernelnginx_start
}完整代码
执行结果如下 #! /bin/bashversion1.15.4#判断函数是否执行成功
function show_result(){if [ $1 -eq 0 ]thenecho -e \e[32m$2 is Success . [ OK ] \e[0melseecho -e \e[31m$2 is Fail . [ FAIL ] \e[0mfi
}#创建 nginx 用户和用户组
function user_create(){local itemCreate User and Groupif [ cat /etc/{passwd,group} | grep nginx | wc -l -ge 2 ];thenecho -e \e[31mUser and Group exist! \e[0melsegroupadd -g 1004 nginx \useradd -u 1004 -g 1004 -M -s /sbin/nologin nginx show_result $? ${item}fi
}#下载一些拓展包
function nginx_pkg(){local itemPackages Installyum -y install gcc openssl-devel pcre-devel zlib-devel /dev/null 21 show_result $? ${item}
}#下载nginx
function nginx_download(){local itemNginx Downloadcd /usr/local/src \wget http://nginx.org/download/nginx-${version}.tar.gz /dev/null 21 test -e /usr/local/src/nginx-${version} || tar zxf nginx-${version}.tar.gz rm -rf /usr/local/src/nginx-${version}.tar.gzshow_result $? ${item}
}#编译安装
function nginx_compile(){local itemNginx Compilecd /usr/local/src/nginx-${version}if [ ls -l /usr/local/ | grep nginx | wc -l -ge 1 ];thenecho -e \e[31mNginx exist! \e[0melse./configure --prefix/usr/local/nginx /dev/null 21 make /dev/null 21 make install /dev/null 21 fishow_result $? ${item}
}#软连接建立
function nginx_softlink(){local itemNginx Softlinktest -d /etc/nginx/ || ln -s /usr/local/nginx/conf/ /etc/nginxtest -e /usr/sbin/nginx || ln -s /usr/local/nginx/sbin/nginx /usr/sbin/show_result $? ${item}
}#注册服务
function nginx_service(){local itemNginx Servicetest -e /usr/lib/systemd/system/nginx.service || \ echo
[Unit]
DescriptionThe nginx HTTP and reverse proxy server
Afternetwork-online.target remote-fs.target nss-lookup.target
Wantsnetwork-online.target
[Service]
Typeforking
PIDFile/usr/local/nginx/logs/nginx.pid
# Nginx will fail to start if /run/nginx.pid already exists but has the wrong
# SELinux context. This might happen when running nginx -t from the cmdline.
# https://bugzilla.redhat.com/show_bug.cgi?id1268621ExecStartPre/usr/bin/rm-f /usr/local/nginx/logs/nginx.pid
ExecStartPre/usr/local/nginx/sbin/nginx -t
ExecStart/usr/local/nginx/sbin/nginx
ExecReload/usr/local/nginx/sbin/nginx -s reload
KillSignalSIGQUIT
TimeoutStopSec5
KillModeprocess
PrivateTmptrue /usr/lib/systemd/system/nginx.servicesystemctl daemon-reload show_result $? ${item}
}#内核优化
function nginx_kernel(){local itemOptimize Kernel Argumentscp /etc/sysctl.conf /etc/sysctl.conf.${current_time} /dev/null 21arch_ratio$([[ ! -z $(uname -a | grep x86_64) ]] expr 64 / 32 || expr 32 / 32)memory_size$(free -b| awk NR2{print $2})nf_conntrack_size$(expr ${memory_size} / 16384 / ${arch_ratio})#开启反向路径过滤add_config_tofile net.ipv4.conf.default.rp_filter 1 /etc/sysctl.confadd_config_tofile net.ipv4.conf.all.rp_filter 1 /etc/sysctl.conf#处理无源路由包add_config_tofile net.ipv4.conf.all.accept_source_route 0 /etc/sysctl.confadd_config_tofile net.ipv4.conf.default.accept_source_route 0 /etc/sysctl.conf#core文件名中添加pid作为扩展名add_config_tofile kernel.core_uses_pid 1 /etc/sysctl.conf#开启syn洪水攻击保护add_config_tofile net.ipv4.tcp_syncookies 1 /etc/sysctl.conf#修改消息队列长度add_config_tofile kernel.msgmnb 65536 /etc/sysctl.confadd_config_tofile kernel.msgmax 65536 /etc/sysctl.conf#修改最大内存共享段大小bytesadd_config_tofile kernel.shmmax 68719476736 /etc/sysctl.confadd_config_tofile kernel.shmall 4294967296 /etc/sysctl.conf#timewait数量默认18000add_config_tofile net.ipv4.tcp_max_tw_buckets 600 /etc/sysctl.confadd_config_tofile net.ipv4.tcp_sack 1 /etc/sysctl.confadd_config_tofile net.ipv4.tcp_window_scaling 1 /etc/sysctl.confadd_config_tofile net.ipv4.tcp_rmem 4096 87380 16777216 /etc/sysctl.confadd_config_tofile net.ipv4.tcp_wmem 4096 65536 16777216 /etc/sysctl.confadd_config_tofile net.core.rmem_default 8388608 /etc/sysctl.confadd_config_tofile net.core.wmem_max 16777216 /etc/sysctl.conf#未收到客户端确认信息连接请求的最大值add_config_tofile net.ipv4.tcp_max_syn_backlog 262144 /etc/sysctl.conf#放弃建立连接之前发送的synack包add_config_tofile net.ipv4.tcp_syn_retries 2 /etc/sysctl.conf#开启重用允许time—wait socket 重新用语新的tcp连接add_config_tofile net.ipv4.tcp_tw_reuse 1 /etc/sysctl.confadd_config_tofile net.ipv4.tcp_fin_timeout 1 /etc/sysctl.conf#防止简单的ddos攻击add_config_tofile net.ipv4.tcp_max_orphans 3276800 /etc/sysctl.conf#启用timewait快速收回add_config_tofile net.ipv4.tcp_tw_recycle 0 /etc/sysctl.conf#keeptime启用时tcp发送keepalive消息的频度默认2hadd_config_tofile net.ipv4.tcp_keepalive_time 600 /etc/sysctl.conf#允许系统打开的端口范围add_config_tofile net.ipv4.ip_local_port_range 1024 65535 /etc/sysctl.conf#资源回收add_config_tofile net.ipv4.tcp_tw_recycle 0 /etc/sysctl.conf#路由转发add_config_tofile net.ipv4.ip_forward 1 /etc/sysctl.conf #修改防火墙连接跟踪表大小默认65535add_config_tofile net.netfilter.nf_conntrack_max ${nf_conntrack_size} /etc/sysctl.confadd_config_tofile net.nf_conntrack_max ${nf_conntrack_size} /etc/sysctl.conf#解禁pingadd_config_tofile net.ipv4.icmp_echo_ignore_all 0 /etc/sysctl.confmodprobe bridgesysctl -p /dev/null 21show_result $? ${item}
}#启动 nginx
function nginx_start(){local itemNginx startsystemctl enable nginx --now /dev/null 21show_result $? ${item}
}#负责写入配置的函数
function add_config_tofile(){local keywordsecho $1| awk -F [ ] {print $1}local SearchResultgrep ^${keywords} $2if [ -z ${SearchResult} ]thenecho $1 $2elsesed -i s/^${keywords}.*/$1/ $2fi
}
#主函数
function main(){user_createnginx_pkgnginx_downloadnginx_compilenginx_softlinknginx_servicenginx_kernelnginx_start
}main
