20190329 CentOS 7.6 安裝 nginx,配置端口訪問網站
1、查詢一下 nginx
yum search nginx
已加載插件:fastestmirror
Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast
Determining fastest mirrors
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
epel 12744/12744
......
** 如果已經有舊版本,可以重新卸載安裝
2、安裝 nginx
sudo yum install -y nginx
啓動並設置爲開機啓動
基本指令:
sudo systemctl start nginx.service
sudo systemctl enable nginx.service
sudo systemctl status nginx.service
sudo systemctl restart nginx.service
查看版本,確認啓動
nginx -v
nginx version: nginx/1.12.2
ps -ef |grep nginx
測試網站配置
sudo nginx -t
curl 127.0.0.1
3、配置 8080 端口訪問的網站
參考
https://m.linuxidc.com/Linux/2019-02/156789.htm
https://blog.csdn.net/yongzhang52545/article/details/51282914
1. 檢查 nginx 配置文件
sudo vim /etc/nginx/nginx.conf
內容摘要如下:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
....
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
配置網站模塊放在 /etc/nginx/conf.d/*.conf 下
2. 新建一個網站 : chuangke.conf
sudo touch /etc/nginx/conf.d
sudo vim chuangke.conf
加入以下內容
server {
listen 8080;
server_name 127.0.0.1;
root /usr/share/nginx/chuangke;
# root /var/www/chuangke;
index index.html;
location / {
}
}
測試一下配置
sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
重啓 nginx
sudo systemctl restart nginx
測試網站
curl 127.0.0.1:8080
使用 root /var/www/chuangke 總是 403 錯誤?!
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.12.2</center>
</body>
</html>
4、 開放 8080 端口
1. 查看防火牆狀態
sudo systemctl status firewalld
sudo firewall-cmd --state
running
2. 防火牆基本命令
# 開啓
service firewalld start
# 重啓
service firewalld restart
# 關閉
sudo service firewalld stop
# 查看防火牆規則
sudo firewall-cmd --list-all
sudo firewall-cmd --state
3. 開啓 8080 端口
sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent
重啓防火牆
sudo systemctl restart firewalld.service
sudo firewall-cmd --reload
4. 不知道爲什麼,就把自己關在外面了 ssh 連接不上去了!
sudo firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: enp0s3
sources:
services: ssh dhcpv6-client
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
** 可以看到,ports 一個都沒有!
** 乾脆重新增加端口的時候,先加上 20,22 端口
sudo firewall-cmd --zone=public --add-port=80/tcp --permanent
sudo firewall-cmd --zone=public --add-port=22/tcp --permanent
sudo firewall-cmd --zone=public --add-port=21/tcp --permanent
sudo firewall-cmd --zone=public --add-port=20/tcp --permanent
sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent
sudo firewall-cmd --zone=public --add-port=4433/tcp --permanent
重啓防火牆
sudo systemctl restart firewalld.service
重新查看防火牆規則
sudo firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: enp0s3
sources:
services: ssh dhcpv6-client
ports: 80/tcp 22/tcp 21/tcp 20/tcp 8080/tcp 4433/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
** 現在可以安全的退出、重新 ssh 了!
5、再增加一個其他端口 (例如:4433)發生錯誤
1. 測試:將以上 chuangke.conf 的端口改成 4433後
sudo systemctl restart nginx
返回錯誤!
Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.
2. 測試 nginx 配置是 OK!
sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
3. 查看錯誤信息
sudo systemctl status nginx.service
......
3月 29 15:07:26 centos7-71 nginx[18289]: nginx: [emerg] bind() to 0.0.0.0:4433 failed (13: Permission denied)
......
3月 29 15:07:26 centos7-71 systemd[1]: Unit nginx.service entered failed state.
3月 29 15:07:26 centos7-71 systemd[1]: nginx.service failed.
** 4433 端口不允許!
6、semanage 解決 http 端口訪問配置(Selinux)
參考
https://blog.csdn.net/runsnail2018/article/details/81185138
https://zhb1208.iteye.com/blog/1432957
1. 直接安裝 semanage 會提示:沒有 semanage
sudo yum update
sudo yum install semanage
已加載插件:fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
沒有可用軟件包 semanage。
錯誤:無須任何處理
2. 按照參考文檔,執行一下設置和安裝命令
1). yum provides /usr/sbin/semanage
2). yum -y install policycoreutils-python
3). 現在就可以執行 semanage 命令了
3. 查看 http 可以訪問的端口
sudo semanage port -l | grep http_port_t
http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t tcp 5988
** 果然沒有發現 4433 端口!
4. 增加 4433 到 http 訪問端口
sudo semanage port -a -t http_port_t -p tcp 4433
5. 再來看看 http 端口
sudo semanage port -l | grep http_port_t
http_port_t tcp 4433, 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t tcp 5988
** 現在可以訪問 4433 了
sudo systemctl restart nginx
sudo systemctl status nginx.service
OK!
一直沒有搞明白 SELinux 幹麼用的!現在有點兒明白了!
不是簡單從防火牆開放一個端口就可以了
還要配置 特定服務(這次是 HTTP)可以使用哪些端口
6、切換root目錄一直 403 錯誤
參考
https://blog.csdn.net/a690392431/article/details/85914076
** 這個博客應該是正確的!但是,我照着操作了,還是不行!
實在沒有辦法了!
只好先關閉 SELinux !以後再學習!
sudo vim /etc/selinux/config
# by wzh 20190329 disable SELINUX
SELINUX=disabled
# SELINUX=enforcing
重啓才能生效!
查看 SELinux
sestatus
SELinux status: disabled