nginx

Rocky9安装nginx

Rocky Linux附带了旧版本的Nginx，需要下载官方Nginx存储库才能安装最新版本。这里安装stable版本

sudo vi /etc/yum.repos.d/nginx.repo

[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

执行：

sudo dnf install nginx  -y && sudo systemctl start nginx &&  sudo systemctl enable nginx && nginx -v 

nginx开启 gzip

sudo vi /etc/nginx/nginx.conf

user  nginx;
#user www-data;


        ##
        # Gzip Settings
        ##

        gzip on;

        gzip_vary on;
        gzip_proxied   expired no-cache no-store private auth;
        gzip_comp_level 6;
        gzip_buffers     4 16k;
        gzip_http_version 1.1;
        gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
        gzip_min_length 1k;
        gzip_disable   "MSIE [1-6]\.";

sudo service nginx restart

设置https

参考：https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-rocky-linux-8

sudo dnf install certbot python3-certbot-nginx -y
sudo certbot --nginx -d yinhe.co -d www.yinhe.co

自动续期测试：

sudo certbot renew --dry-run

每日更新(不能用相对路径)：

0 2 * * * /usr/bin/certbot renew --quiet

使用 goaccess 监控nginx

参考：

• https://tweenpath.net/install-goaccess-log-analysis-tool-on-rocky-linux-9/
• https://cloud.tencent.com/developer/article/1449085
• https://www.cnblogs.com/wzzkaifa/p/19050564
• https://stackoverflow.com/questions/39232741/how-to-parse-several-log-nginx-files-using-goaccess
• https://stackoverflow.com/questions/64002655/cron-job-for-generate-go-access-report-not-working

安装：

sudo dnf config-manager --set-enabled crb && sudo dnf install ncurses-devel gcc  glibc-langpack-zh -y && sudo dnf --enablerepo=remi install GeoIP-devel -y && sudo dnf install goaccess -y && sudo localectl set-locale LANG="zh_CN.utf8" && sudo localectl set-locale LC_ALL="zh_CN.utf8"  && goaccess --version 

重启：reboot

mmdb格式数据库下载： https://github.com/P3TERX/GeoLite.mmdb/releases

cd /opt/ && wget https://github.com/P3TERX/GeoLite.mmdb/releases/download/2025.10.07/GeoLite2-City.mmdb

sudo vi /etc/goaccess/goaccess.conf

time-format %H:%M:%S
date-format %d/%b/%Y
log-format %h %^[%d:%t %^] "%r" %s %b "%R" "%u"
geoip-database /opt/GeoLite2-City.mmdb

测试生成html,访问： https://yinhe.co/goaccess.html 查看效果

zcat -f /var/log/nginx/access.log* | goaccess -enable-utf8 -enable-geoip=mmdb  -enable-tcb=btree --log-format=COMBINED -a -d  -p /etc/goaccess/goaccess.conf -o /yinheco/goaccess.html

每20分钟执行一次： sudo vi /etc/crontab

*/20 * * * * root zcat -f /var/log/nginx/access.log* | goaccess - -enable-utf8 -enable-geoip=mmdb  -enable-tcb=btree --log-format=COMBINED -a -d  -p /etc/goaccess/goaccess.conf -o /yinheco/goaccess.html