Nginx 教程网

官方终极手册:29 大主题、零删减、移动端完美适配

1. Nginx 下载(全平台零删减)

1.1 官方源码

wget -c https://nginx.org/download/nginx-1.25.5.tar.gz

1.2 Ubuntu / Debian

sudo apt update && sudo apt install nginx -y

1.3 CentOS / RHEL

sudo yum install epel-release -y && sudo yum install nginx -y

1.4 macOS(Homebrew / MacPorts)

# Homebrew
brew install nginx
# MacPorts
sudo port install nginx

1.5 Windows(4 种方式)

  • 官网 zip → 双击 nginx.exe
  • Chocolatey:
    choco install nginx
  • Scoop:
    scoop install nginx
  • WSL Ubuntu:
    sudo apt install nginx -y

1.6 FreeBSD

pkg install nginx

1.7 OpenWrt

opkg install nginx

1.8 群晖 DSM

套件中心 → 搜索 Nginx → 安装

2. 安装(全系统脚本)

2.1 Ubuntu 源码编译(含依赖)

sudo apt update
sudo apt install build-essential libpcre3-dev zlib1g-dev libssl-dev -y
tar xf nginx-1.25.5.tar.gz
cd nginx-1.25.5
./configure --prefix=/usr/local/nginx \
            --with-http_ssl_module \
            --with-http_v2_module \
            --with-http_realip_module \
            --with-http_stub_status_module
make -j$(nproc)
sudo make install

2.2 CentOS 一键脚本

sudo yum groupinstall "Development Tools" -y
sudo yum install pcre-devel zlib-devel openssl-devel -y
wget -O /tmp/nginx.sh https://git.io/nginx-centos.sh && bash /tmp/nginx.sh

2.3 Windows 绿色服务

nssm install nginx "C:\nginx\nginx.exe"

2.4 Docker Compose(生产)

version: "3.9"
services:
  nginx:
    image: nginx:alpine
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf:ro
      - ./conf.d:/etc/nginx/conf.d:ro
      - ./ssl:/etc/nginx/ssl:ro
      - ./html:/usr/share/nginx/html:ro
    restart: unless-stopped

想一步到位?

官方运维实战终极手册,29 大主题、一键脚本、生产案例全收录

立即进入运维实战教程

3. 配置(生产示例)

server {
    listen 80;
    server_name example.com;
    root /var/www/html;
    index index.html;
    location / {
        try_files $uri $uri/ =404;
    }
}

4. HTTPS(Let’s Encrypt / HTTP-3 / TLS1.3 0-RTT)

sudo apt install certbot python3-certbot-nginx -y
sudo certbot --nginx -d example.com --agree-tos -m you@example.com --non-interactive

HTTP/3 QUIC + TLS1.3 0-RTT

server {
    listen 443 ssl http2;
    listen 443 quic reuseport;
    ssl_protocols TLSv1.3;
    ssl_early_data on;
    add_header Alt-Svc 'h3=":443"; ma=86400';
}

5. Docker / Podman / Buildah / NixOS / Snap

FROM nginx:alpine
COPY nginx.conf /etc/nginx/nginx.conf
COPY html /usr/share/nginx/html
EXPOSE 80 443
CMD ["nginx","-g","daemon off;"]

Podman Rootless

podman run --rm -d -p 80:80 -v $(pwd)/nginx.conf:/etc/nginx/nginx.conf:Z nginx:alpine

NixOS Flake

# flake.nix
{
  services.nginx = {
    enable = true;
    virtualHosts."example.com" = {
      locations."/".root = ./html;
    };
  };
}

6. Kubernetes Ingress / Gateway API / Helm

# ingress.yml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx-ingress
spec:
  ingressClassName: nginx
  rules:
  - host: k8s.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: nginx-svc
            port:
              number: 80

Helm Chart 一键部署

helm repo add nginx-stable https://helm.nginx.com/stable
helm install nginx nginx-stable/nginx-ingress

7. WebSocket / SSE / Socket.IO / GraphQL

location /ws/ {
    proxy_pass http://ws_backend;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
}

GraphQL + SSE

location /graphql {
    proxy_pass http://graphql_backend;
    proxy_set_header Host $host;
}

8. gRPC / HTTP-3 gRPC / gRPC-Web

server {
    listen 9000 http2;
    location / {
        grpc_pass grpc://localhost:50051;
    }
}

gRPC-Web

location /grpcweb {
    grpc_pass grpc://localhost:50051;
    grpc_set_header Host $host;
}

9. Lua / OpenResty / WASM / JS Filter

location /hello {
    content_by_lua_block {
        ngx.say("Hello, Lua! IP=", ngx.var.remote_addr)
    }
}

WASM Filter

load_module modules/ngx_http_wasm_module.so;
http {
    wasm {
        module ngx_http_wasm_module;
    }
    server {
        listen 80;
        location / {
            wasm_process_request wasm_echo;
        }
    }
}

10. 缓存(proxy_cache / redis / micro_cache / varnish)

proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mycache:10m inactive=60m max_size=1g;
server {
    location / {
        proxy_cache mycache;
        proxy_cache_valid 200 302 10m;
        add_header X-Cache-Status $upstream_cache_status;
    }
}

11. 安全(WAF / ModSecurity / GeoIP2 / JWT / OIDC)

geoip2 /usr/share/GeoIP/GeoLite2-Country.mmdb {
    auto_reload 5m;
    $geoip2_country_code country iso_code;
}
server {
    if ($geoip2_country_code = CN) { return 403; }
}

ModSecurity CRS 3.3

load_module modules/ngx_http_modsecurity_module.so;
server {
    modsecurity on;
    modsecurity_rules_file /etc/nginx/modsec/main.conf;
}

12. 性能(Brotli / Zstd / TLS1.3 0-RTT / HTTP-3)

brotli on;
brotli_comp_level 6;
ssl_early_data on;

13. 监控(Prometheus / ELK / Loki / Datadog)

log_format json escape=json '{"@timestamp":"$time_iso8601","remote_addr":"$remote_addr","request":"$request","status":"$status","bytes":"$body_bytes_sent"}';
access_log /var/log/nginx/access.log json;

14. CI/CD(GitHub Actions / Argo CD / Tekton)

# .github/workflows/deploy.yml
on:
  push:
    branches: [main]
jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Deploy
        uses: appleboy/ssh-action@v1.0.0
        with:
          host: ${{ secrets.HOST }}
          username: ${{ secrets.USER }}
          key: ${{ secrets.KEY }}
          script: |
            rsync -avz --delete ./nginx.conf /etc/nginx/nginx.conf
            nginx -t && systemctl reload nginx

15. 故障排查(一键脚本 / eBPF / strace)

#!/bin/bash
echo "===== 一键诊断 ====="
systemctl status nginx --no-pager
ss -tulnp | grep nginx
nginx -t
tail -n 50 /var/log/nginx/error.log