Nginx 自動(dòng)化腳本安裝完整方案

更新時(shí)間：2025年10月19日 13:37:33 作者：Super Rookie

本文介紹了一個(gè)Nginx自動(dòng)化安裝腳本方案,支持多種Linux發(fā)行版（CentOS/RHEL/Ubuntu/Debian/Amazon Linux）和三種安裝方式（官方源/發(fā)行版源/編譯安裝）,本文給大家介紹的非常詳細(xì),感興趣的朋友跟隨小編一起看看吧

?? Nginx 一鍵安裝腳本

腳本功能：

? 自動(dòng)檢測(cè)系統(tǒng)類(lèi)型和版本
? 支持官方源、發(fā)行版源、編譯安裝
? 自動(dòng)配置防火墻
? 啟用基礎(chǔ)安全配置
? SSL證書(shū)自動(dòng)配置（可選）

?? 完整安裝腳本

#!/bin/bash
?
# Nginx 自動(dòng)安裝腳本
# 支持: CentOS/RHEL/Ubuntu/Debian/Amazon Linux
?
set -e
?
# 顏色定義
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'
?
# 輸出函數(shù)
log_info() { echo -e "${GREEN}[INFO]${NC} $1"; }
log_warn() { echo -e "${YELLOW}[WARN]${NC} $1"; }
log_error() { echo -e "${RED}[ERROR]${NC} $1"; }
log_debug() { echo -e "${BLUE}[DEBUG]${NC} $1"; }
?
# 檢測(cè)系統(tǒng)
detect_os() {
    if [ -f /etc/os-release ]; then
        . /etc/os-release
        OS=$ID
        VER=$VERSION_ID
    else
        OS=$(uname -s)
        VER=$(uname -r)
    fi
    log_info "操作系統(tǒng): $OS $VER"
}
?
# 安裝依賴(lài)
install_dependencies() {
    log_info "安裝依賴(lài)包..."
    case $OS in
        ubuntu|debian)
            apt-get update
            apt-get install -y curl wget gnupg2 lsb-release
            ;;
        centos|rhel|amzn|fedora)
            if command -v dnf >/dev/null 2>&1; then
                dnf install -y curl wget
            else
                yum install -y curl wget
            fi
            ;;
        *)
            log_error "不支持的Linux發(fā)行版: $OS"
            exit 1
            ;;
    esac
}
?
# 方法1: 使用官方源安裝
install_nginx_official() {
    log_info "使用Nginx官方源安裝..."
    case $OS in
        ubuntu|debian)
            # 添加Nginx官方簽名密鑰
            wget -O /tmp/nginx_signing.key https://nginx.org/keys/nginx_signing.key
            apt-key add /tmp/nginx_signing.key
            # 添加官方源
            echo "deb https://nginx.org/packages/mainline/ubuntu/ $(lsb_release -cs) nginx" > /etc/apt/sources.list.d/nginx.list
            echo "deb-src https://nginx.org/packages/mainline/ubuntu/ $(lsb_release -cs) nginx" >> /etc/apt/sources.list.d/nginx.list
            apt-get update
            apt-get install -y nginx
            ;;
        centos|rhel|amzn|fedora)
            # 創(chuàng)建官方源文件
            cat > /etc/yum.repos.d/nginx.repo << EOF
[nginx-stable]
name=nginx stable repo
baseurl=https://nginx.org/packages/centos/\$releasever/\$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
?
[nginx-mainline]
name=nginx mainline repo
baseurl=https://nginx.org/packages/mainline/centos/\$releasever/\$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
EOF
            if command -v dnf >/dev/null 2>&1; then
                dnf install -y nginx
            else
                yum install -y nginx
            fi
            ;;
    esac
}
?
# 方法2: 使用發(fā)行版源安裝
install_nginx_distro() {
    log_info "使用發(fā)行版源安裝Nginx..."
    case $OS in
        ubuntu|debian)
            apt-get update
            apt-get install -y nginx
            ;;
        centos|rhel)
            if command -v dnf >/dev/null 2>&1; then
                dnf install -y nginx
            else
                yum install -y nginx
            fi
            ;;
        amzn)
            amazon-linux-extras install -y nginx1
            ;;
    esac
}
?
# 方法3: 編譯安裝
compile_nginx() {
    log_info "開(kāi)始編譯安裝Nginx..."
    # 安裝編譯依賴(lài)
    case $OS in
        ubuntu|debian)
            apt-get install -y build-essential libpcre3 libpcre3-dev zlib1g zlib1g-dev libssl-dev
            ;;
        centos|rhel|amzn|fedora)
            if command -v dnf >/dev/null 2>&1; then
                dnf groupinstall -y "Development Tools"
                dnf install -y pcre-devel zlib-devel openssl-devel
            else
                yum groupinstall -y "Development Tools"
                yum install -y pcre-devel zlib-devel openssl-devel
            fi
            ;;
    esac
    # 下載源碼
    NGINX_VERSION="1.24.0"
    cd /tmp
    wget https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz
    tar -xzf nginx-${NGINX_VERSION}.tar.gz
    cd nginx-${NGINX_VERSION}
    # 編譯配置
    ./configure \
        --prefix=/usr/local/nginx \
        --sbin-path=/usr/sbin/nginx \
        --conf-path=/etc/nginx/nginx.conf \
        --error-log-path=/var/log/nginx/error.log \
        --http-log-path=/var/log/nginx/access.log \
        --pid-path=/var/run/nginx.pid \
        --lock-path=/var/run/nginx.lock \
        --http-client-body-temp-path=/var/cache/nginx/client_temp \
        --http-proxy-temp-path=/var/cache/nginx/proxy_temp \
        --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
        --user=nginx \
        --group=nginx \
        --with-http_ssl_module \
        --with-http_realip_module \
        --with-http_addition_module \
        --with-http_sub_module \
        --with-http_gunzip_module \
        --with-http_gzip_static_module \
        --with-http_random_index_module \
        --with-http_secure_link_module \
        --with-http_stub_status_module \
        --with-http_auth_request_module \
        --with-threads \
        --with-stream \
        --with-stream_ssl_module \
        --with-mail \
        --with-mail_ssl_module
    # 編譯安裝
    make && make install
    # 創(chuàng)建nginx用戶(hù)和目錄
    useradd -r -s /bin/false nginx
    mkdir -p /var/cache/nginx/client_temp /var/log/nginx
    chown -R nginx:nginx /var/cache/nginx /var/log/nginx
    # 創(chuàng)建systemd服務(wù)
    cat > /etc/systemd/system/nginx.service << EOF
[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target
?
[Service]
Type=forking
PIDFile=/var/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t
ExecStart=/usr/sbin/nginx
ExecReload=/usr/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT \$MAINPID
PrivateTmp=true
?
[Install]
WantedBy=multi-user.target
EOF
    systemctl daemon-reload
}
?
# 配置防火墻
configure_firewall() {
    log_info "配置防火墻..."
    if command -v ufw >/dev/null 2>&1; then
        # Ubuntu/Debian
        ufw allow 'Nginx Full'
        ufw --force enable
    elif command -v firewall-cmd >/dev/null 2>&1; then
        # CentOS/RHEL/Fedora
        firewall-cmd --permanent --add-service=http
        firewall-cmd --permanent --add-service=https
        firewall-cmd --reload
    elif command -v iptables >/dev/null 2>&1; then
        # 傳統(tǒng)iptables
        iptables -I INPUT -p tcp --dport 80 -j ACCEPT
        iptables -I INPUT -p tcp --dport 443 -j ACCEPT
        iptables-save > /etc/sysconfig/iptables
    else
        log_warn "未找到防火墻工具，請(qǐng)手動(dòng)開(kāi)放80和443端口"
    fi
}
?
# 基礎(chǔ)安全配置
basic_security_config() {
    log_info "應(yīng)用基礎(chǔ)安全配置..."
    # 備份原始配置
    cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.backup.$(date +%Y%m%d)
    # 創(chuàng)建安全配置片段
    mkdir -p /etc/nginx/conf.d
    cat > /etc/nginx/conf.d/security.conf << 'EOF'
# 安全頭設(shè)置
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
?
# 隱藏Nginx版本號(hào)
server_tokens off;
?
# 限制請(qǐng)求體大小
client_max_body_size 10M;
?
# 超時(shí)設(shè)置
client_body_timeout 10;
client_header_timeout 10;
keepalive_timeout 30;
send_timeout 10;
?
# 禁用不需要的HTTP方法
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
    return 444;
}
EOF
?
    # 創(chuàng)建默認(rèn)服務(wù)器配置
    cat > /etc/nginx/conf.d/default.conf << 'EOF'
server {
    listen 80 default_server;
    server_name _;
    # 安全設(shè)置
    include conf.d/security.conf;
    # 根目錄配置
    root /usr/share/nginx/html;
    index index.html index.htm;
    # 日志配置
    access_log /var/log/nginx/default_access.log;
    error_log /var/log/nginx/default_error.log;
    location / {
        try_files $uri $uri/ =404;
    }
    # 禁止訪問(wèn)隱藏文件
    location ~ /\. {
        deny all;
        access_log off;
        log_not_found off;
    }
    # 禁止訪問(wèn)常見(jiàn)敏感文件
    location ~* (\.env|\.git|\.svn|composer\.json|package\.json) {
        deny all;
        access_log off;
        log_not_found off;
    }
}
EOF
}
?
# 啟動(dòng)服務(wù)
start_nginx() {
    log_info "啟動(dòng)Nginx服務(wù)..."
    # 創(chuàng)建nginx用戶(hù)（如果不存在）
    id -u nginx &>/dev/null || useradd -r -s /bin/false nginx
    # 啟動(dòng)服務(wù)
    systemctl enable nginx
    systemctl start nginx
    # 檢查狀態(tài)
    if systemctl is-active --quiet nginx; then
        log_info "Nginx啟動(dòng)成功"
    else
        log_error "Nginx啟動(dòng)失敗"
        systemctl status nginx
        exit 1
    fi
}
?
# 驗(yàn)證安裝
verify_installation() {
    log_info "驗(yàn)證Nginx安裝..."
    # 檢查版本
    nginx -v
    # 檢查配置語(yǔ)法
    if nginx -t; then
        log_info "Nginx配置語(yǔ)法檢查通過(guò)"
    else
        log_error "Nginx配置語(yǔ)法檢查失敗"
        exit 1
    fi
    # 測(cè)試HTTP訪問(wèn)
    if command -v curl >/dev/null 2>&1; then
        if curl -s http://localhost >/dev/null; then
            log_info "Nginx HTTP服務(wù)測(cè)試成功"
        else
            log_error "Nginx HTTP服務(wù)測(cè)試失敗"
        fi
    fi
    log_info "安裝完成！"
    log_info "Nginx配置文件: /etc/nginx/nginx.conf"
    log_info "網(wǎng)站根目錄: /usr/share/nginx/html"
    log_info "服務(wù)管理: systemctl {start|stop|restart|reload|status} nginx"
}
?
# 主函數(shù)
main() {
    log_info "開(kāi)始安裝Nginx..."
    # 檢查root權(quán)限
    if [ "$EUID" -ne 0 ]; then
        log_error "請(qǐng)使用root權(quán)限運(yùn)行此腳本"
        exit 1
    fi
    detect_os
    install_dependencies
    # 選擇安裝方式
    echo "請(qǐng)選擇安裝方式:"
    echo "1) 使用Nginx官方源安裝 (推薦)"
    echo "2) 使用發(fā)行版源安裝"
    echo "3) 編譯安裝 (高級(jí)用戶(hù))"
    read -p "請(qǐng)輸入選擇 [1-3]: " choice
    case $choice in
        1)
            install_nginx_official
            ;;
        2)
            install_nginx_distro
            ;;
        3)
            compile_nginx
            ;;
        *)
            log_info "使用默認(rèn)選項(xiàng): 官方源安裝"
            install_nginx_official
            ;;
    esac
    configure_firewall
    basic_security_config
    start_nginx
    verify_installation
}
?
# 執(zhí)行主函數(shù)
main "$@"

?? 快速安裝方式

方法1：一鍵腳本安裝

# 下載腳本
wget -O install-nginx.sh https://raw.githubusercontent.com/example/install-nginx/master/install-nginx.sh
?
# 添加執(zhí)行權(quán)限
chmod +x install-nginx.sh
?
# 運(yùn)行安裝
sudo ./install-nginx.sh

方法2：各系統(tǒng)快速安裝

# Ubuntu/Debian
sudo apt update && sudo apt install -y nginx
sudo systemctl enable nginx && sudo systemctl start nginx
?
# CentOS/RHEL/Amazon Linux
sudo yum install -y nginx
sudo systemctl enable nginx && sudo systemctl start nginx
?
# 開(kāi)放防火墻
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

?? 常用管理命令

# 服務(wù)管理
sudo systemctl start nginx      # 啟動(dòng)
sudo systemctl stop nginx       # 停止
sudo systemctl restart nginx    # 重啟
sudo systemctl reload nginx     # 重載配置（不中斷服務(wù)）
sudo systemctl status nginx     # 查看狀態(tài)
?
# 配置檢查
sudo nginx -t                   # 測(cè)試配置語(yǔ)法
sudo nginx -T                   # 顯示完整配置
?
# 日志查看
sudo tail -f /var/log/nginx/access.log    # 實(shí)時(shí)訪問(wèn)日志
sudo tail -f /var/log/nginx/error.log     # 實(shí)時(shí)錯(cuò)誤日志
?
# 進(jìn)程查看
ps aux | grep nginx             # 查看Nginx進(jìn)程

?? 重要目錄和文件

# 配置文件
/etc/nginx/nginx.conf           # 主配置文件
/etc/nginx/conf.d/              # 額外配置目錄
/etc/nginx/sites-available/     # 可用站點(diǎn)配置 (Ubuntu/Debian)
/etc/nginx/sites-enabled/       # 啟用站點(diǎn)配置 (Ubuntu/Debian)
?
# 網(wǎng)站文件
/usr/share/nginx/html/          # 默認(rèn)網(wǎng)站根目錄
/var/www/html/                  # 其他常見(jiàn)根目錄
?
# 日志文件
/var/log/nginx/access.log       # 訪問(wèn)日志
/var/log/nginx/error.log        # 錯(cuò)誤日志
?
# 進(jìn)程文件
/var/run/nginx.pid              # PID文件

?? 基礎(chǔ)配置示例

創(chuàng)建虛擬主機(jī)

# 創(chuàng)建網(wǎng)站目錄
sudo mkdir -p /var/www/example.com/html
sudo chown -R nginx:nginx /var/www/example.com
?
# 創(chuàng)建虛擬主機(jī)配置
sudo tee /etc/nginx/conf.d/example.com.conf << 'EOF'
server {
    listen 80;
    server_name example.com www.example.com;
    root /var/www/example.com/html;
    index index.html index.htm;
    access_log /var/log/nginx/example.com_access.log;
    error_log /var/log/nginx/example.com_error.log;
    location / {
        try_files $uri $uri/ =404;
    }
    # 靜態(tài)文件緩存
    location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
        expires 1y;
        add_header Cache-Control "public, immutable";
    }
}
EOF
?
# 測(cè)試并重載配置
sudo nginx -t && sudo nginx -s reload

?? 安裝驗(yàn)證

# 檢查版本和編譯參數(shù)
nginx -V
?
# 測(cè)試HTTP響應(yīng)
curl -I http://localhost
?
# 檢查監(jiān)聽(tīng)端口
netstat -tulpn | grep nginx
ss -tulpn | grep nginx
?
# 創(chuàng)建測(cè)試頁(yè)面
echo "<h1>Nginx安裝成功！</h1><p>服務(wù)器時(shí)間: $(date)</p>" | sudo tee /usr/share/nginx/html/index.html