WEB 服务器之 Nginx服务脚本安装 - 窝窝头-学技术

Nginx 介绍：

Nginx (engine x) 是一个高性能的HTTP和反向代理web服务器，同时也提供了IMAP/POP3/SMTP服务。其将源代码以类BSD许可证的形式发布，因它的稳定性、丰富的功能集、简单的配置文件和低系统资源的消耗而闻名。因些许多企业都在使用。

目的：

1、一键安装
2、修改源码改变nginx的名称和版本【安全】

脚本内容：

#!/bin/bash
#
#********************************************************************
#Author:            wwtou
#Date:              2025-04-23
#FileName：         nginx_install.sh
#Description:       The test script for OS Version greater than 8.0
#Copyright (C):     2020 All rights reserved
#********************************************************************
NGINX_VER=1.26.3
CUSTOM_VER=66.88.0
SERVER_NAME=Websrv
NGINX_FILE=nginx-${NGINX_VER}.tar.gz
NGINX_URL=http://nginx.org/download/
HOST_IP=$(hostname -I | awk '{print $1}')
SRC_DIR=/tools
NGINX_INSTALL_DIR=/apps/nginx
NGINX_TMP_DIR=/var/tmp/nginx
CONFILE=/etc/nginx/nginx.conf
NGINX_COMMAND_FILE=/etc/profile.d/nginx.sh
USER=nginx
GROUP=nginx
CPUS=$(lscpu |awk '/^CPU\(s\)/{print $2}')
. /etc/os-release
color () {
    RES_COL=60
    MOVE_TO_COL="echo -en \\033[${RES_COL}G"
    SETCOLOR_SUCCESS="echo -en \\033[1;32m"
    SETCOLOR_FAILURE="echo -en \\033[1;31m"
    SETCOLOR_WARNING="echo -en \\033[1;33m"
    SETCOLOR_NORMAL="echo -en \E[0m"
    echo -n "$1" && $MOVE_TO_COL
    echo -n "["
    if [ $2 = "success" -o $2 = "0" ] ;then
        ${SETCOLOR_SUCCESS}
        echo -n $"  OK  "    
    elif [ $2 = "failure" -o $2 = "1" ] ;then 
        ${SETCOLOR_FAILURE}
        echo -n $"FAILED"
    else
        ${SETCOLOR_WARNING}
        echo -n $"WARNING"
    fi
    ${SETCOLOR_NORMAL}
    echo -n "]"
    echo 
}
check () {
    [ -e ${NGINX_INSTALL_DIR} ] && { color "nginx 已安装,请卸载后再安装" 1; exit; }
    [ ! -d ${NGINX_TMP_DIR} ] && mkdir -p ${NGINX_TMP_DIR}/{client,proxy,fcgi,uwsgi,scgi}
    selinux_code=$(getenforce)
    if [ ${selinux_code} = 'Disabled' ]; then
        color 'Selinux 已经关闭' 0
    else
        setenforce 0
        sed -i '/^SELINUX=/c SELINUX=disabled' /etc/selinux/config
        color 'Selinux 已经临时关闭,重启后彻底生效' 0
    fi
    if firewall-cmd --state &>/dev/null; then
        systemctl disable --now  firewalld.service &>/dev/null
        #firewall-cmd --add-service=http --permanent
        #firewall-cmd --add-service=https --permanent
        #firewall-cmd --add-port=8012/tcp --permanent
        #firewall-cmd --add-port=8013/tcp --permanent
        #firewall-cmd --reload
        color '已关闭防火墙' 0
    else
        color '防火墙已关闭' 0
    fi
    color "安装工具包" 0
    if egrep -i 'centos|rocky|anolis|rhel' /etc/os-release &>/dev/null; then
            dnf -y install tar bash-completion vim-enhanced wget
        else
            apt update
            apt -y install tar bash-completion vim-enhanced wget
    fi
    [ ! -d ${SRC_DIR} ] && mkdir ${SRC_DIR}
    cd  ${SRC_DIR}
    if [  -e ${SRC_DIR}/${NGINX_FILE} ];then
        color "相关文件已准备好" 0
    else
        color '开始下载 nginx 源码包' 0
        wget  ${NGINX_URL}${NGINX_FILE}
        [ $? -ne 0 ] && { color "下载 ${NGINX_FILE}文件失败" 1; exit; } 
    fi
} 
install () {
    color "开始安装 nginx" 0
    if id $USER  &> /dev/null;then
        color "$USER 用户已存在" 1 
    else
        groupadd $GROUP
        useradd -r -g $GROUP -s /sbin/nologin $USER
        color "创建 $USER 用户" 0 
    fi
    color "开始安装 nginx 依赖包" 0
    if egrep -i 'centos|rocky|anolis|rhel' /etc/os-release &>/dev/null; then
            dnf -y install gcc make openssl-devel pcre-devel zlib-devel perl-ExtUtils-Embed
        else
        apt update
        apt -y install gcc make libpcre3 libpcre3-dev openssl libssl-dev zlib1g-dev
    fi
    cd $SRC_DIR
    tar xf ${NGINX_FILE}
    NGINX_DIR=`echo ${NGINX_FILE} | sed -nr 's/^(.*[0-9]).*/\1/p'`
    cd ${NGINX_DIR}
    # 
    sed -i "s|${NGINX_VER}|${CUSTOM_VER}|"  src/core/nginx.h
    sed -i "s|nginx/|${SERVER_NAME}/|"      src/core/nginx.h
    sed -i "s| nginx| ${SERVER_NAME}|"      src/http/ngx_http_header_filter_module.c
    [ $? -eq 0 ] && color "nginx 修改源码版本成功" 0 ||  { color "nginx 修改源码版本失败,退出!" 1 ; exit; }
    ./configure \
     --prefix=${NGINX_INSTALL_DIR} \
     --sbin-path=${NGINX_INSTALL_DIR}/sbin/nginx \
     --conf-path=$CONFILE \
     --pid-path=/var/run/nginx.pid  \
     --lock-path=/var/lock/nginx.lock \
     --user=$USER \
     --group=$GROUP \
     --with-pcre \
     --with-stream \
     --with-http_ssl_module \
     --with-http_flv_module \
     --with-http_stub_status_module \
     --with-http_gzip_static_module \
     --with-http_realip_module \
     --with-http_v2_module \
     --http-client-body-temp-path=/var/tmp/nginx/client \
     --http-proxy-temp-path=/var/tmp/nginx/proxy \
     --http-fastcgi-temp-path=/var/tmp/nginx/fcgi \
     --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi \
     --http-scgi-temp-path=/var/tmp/nginx/scgi \
     --without-mail_pop3_module \
     --without-mail_imap_module \
     --without-mail_smtp_module
    make -j $CPUS && make install
    [ $? -eq 0 ] && color "nginx 编译安装成功" 0 ||  { color "nginx 编译安装失败,退出!" 1 ;exit; }
    chown -R $USER:$GROUP  ${NGINX_INSTALL_DIR}
    echo "export PATH=${NGINX_INSTALL_DIR}/sbin:${PATH}" > ${NGINX_COMMAND_FILE}
    cat > /etc/security/limits.d/nginx.conf <<EOF
* soft nofile 65535
* hard nofile 65535
EOF
    cat > /usr/lib/systemd/system/nginx.service <<EOF
[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
ExecStart=${NGINX_INSTALL_DIR}/sbin/nginx -c $CONFILE
ExecReload=${NGINX_INSTALL_DIR}/sbin/nginx -s reload
ExecStop=${NGINX_INSTALL_DIR}/sbin/nginx -s stop
KillSignal=SIGQUIT
TimeoutStopSec=5
KillMode=process
#PrivateTmp=true
LimitNOFILE=100000
[Install]
WantedBy=multi-user.target
EOF
    systemctl daemon-reload
    systemctl enable --now nginx.service &> /dev/null 
    systemctl is-active nginx &> /dev/null ||  { color "nginx 启动失败,退出!" 1 ; exit; }
    color "nginx 安装完成" 0
    echo
    echo "请先运行: source ${NGINX_COMMAND_FILE}"
    echo "访问链接: http://${HOST_IP}"
    echo
}
check
install

运行脚本：

# sh nginx_install.sh

通过执行脚本实现一键安装 ~~