我在 3 月中旬於 Mapleboard 上安裝好 Nginx 伺服器, 正要安裝 ufw 防火牆卻分心去玩 Streamlit, 接下來又有其他事情要忙, 所以本篇測試紀錄遲遲未能寫完. 由於 Chrome 瀏覽器開太多頁面了, 今天就先做了小結吧.
以下安裝主要是參考之前在樹莓派上的經驗 :
同時也參考了下面這篇教學文章 :
安裝紀錄如下 :
1. 更新套件清單 :
於終端機輸入如下指令 :
sudo apt update
one@LX2438:~$ sudo apt update
[sudo] one 的密碼:
已有:1 http://packages.microsoft.com/repos/code stable InRelease
已有:2 http://deb.mapleboard.org/mp510 jammy InRelease
已有:3 https://linux.teamviewer.com/deb stable InRelease
已有:4 http://ports.ubuntu.com jammy InRelease
下載:5 http://ports.ubuntu.com jammy-security InRelease [110 kB]
下載:6 http://ports.ubuntu.com jammy-updates InRelease [119 kB]
下載:7 http://ports.ubuntu.com jammy-backports InRelease [107 kB]
下載:8 http://ports.ubuntu.com jammy-security/main arm64 Packages [594 kB]
下載:9 http://ports.ubuntu.com jammy-security/main armhf Packages [381 kB]
下載:10 http://ports.ubuntu.com jammy-security/main Translation-en [139 kB]
下載:11 http://ports.ubuntu.com jammy-security/main arm64 c-n-f Metadata [8,228 B]
下載:12 http://ports.ubuntu.com jammy-security/restricted arm64 Packages [292 kB]
下載:13 http://ports.ubuntu.com jammy-security/restricted Translation-en [99.7 kB]
下載:14 http://ports.ubuntu.com jammy-security/universe armhf Packages [459 kB]
下載:15 http://ports.ubuntu.com jammy-security/universe arm64 Packages [587 kB]
下載:16 http://ports.ubuntu.com jammy-security/universe Translation-en [111 kB]
下載:17 http://ports.ubuntu.com jammy-updates/main arm64 Packages [845 kB]
下載:18 http://ports.ubuntu.com jammy-updates/main armhf Packages [611 kB]
下載:19 http://ports.ubuntu.com jammy-updates/main arm64 c-n-f Metadata [13.3 kB]
下載:20 http://ports.ubuntu.com jammy-updates/restricted arm64 Packages [303 kB]
下載:21 http://ports.ubuntu.com jammy-updates/restricted armhf Packages [8,956 B]
下載:22 http://ports.ubuntu.com jammy-updates/universe armhf Packages [629 kB]
下載:23 http://ports.ubuntu.com jammy-updates/universe arm64 Packages [761 kB]
下載:24 http://ports.ubuntu.com jammy-updates/multiverse arm64 Packages [5,096 B]
取得 6,184 kB 用了 7s (864 kB/s)
正在讀取套件清單... 完成
正在重建相依關係... 完成
正在讀取狀態資料... 完成
可升級 80 個套件。執行 apt list --upgradable 檢視
N: Skipping acquire of configured file 'main/binary-armhf/Packages' as repository 'http://deb.mapleboard.org/mp510 jammy InRelease' doesn't support architecture 'armhf'
2. 安裝 Nginx :
sudo apt install nginx
one@LX2438:~$ sudo apt install nginx
正在讀取套件清單... 完成
正在重建相依關係... 完成
正在讀取狀態資料... 完成
下列的額外套件將被安裝:
libnginx-mod-http-geoip2 libnginx-mod-http-image-filter
libnginx-mod-http-xslt-filter libnginx-mod-mail libnginx-mod-stream
libnginx-mod-stream-geoip2 nginx-common nginx-core
建議套件:
fcgiwrap nginx-doc
下列【新】套件將會被安裝:
libnginx-mod-http-geoip2 libnginx-mod-http-image-filter
libnginx-mod-http-xslt-filter libnginx-mod-mail libnginx-mod-stream
libnginx-mod-stream-geoip2 nginx nginx-common nginx-core
升級 0 個,新安裝 9 個,移除 0 個,有 80 個未被升級。
需要下載 704 kB 的套件檔。
此操作完成之後,會多佔用 2,320 kB 的磁碟空間。
是否繼續進行 [Y/n]? [Y/n]
下載:1 http://ports.ubuntu.com jammy-security/main arm64 nginx-common all 1.18.0-6ubuntu14.3 [40.0 kB]
下載:2 http://ports.ubuntu.com jammy-security/main arm64 libnginx-mod-http-geoip2 arm64 1.18.0-6ubuntu14.3 [11.6 kB]
下載:3 http://ports.ubuntu.com jammy-security/main arm64 libnginx-mod-http-image-filter arm64 1.18.0-6ubuntu14.3 [14.8 kB]
下載:4 http://ports.ubuntu.com jammy-security/main arm64 libnginx-mod-http-xslt-filter arm64 1.18.0-6ubuntu14.3 [13.6 kB]
下載:5 http://ports.ubuntu.com jammy-security/main arm64 libnginx-mod-mail arm64 1.18.0-6ubuntu14.3 [45.0 kB]
下載:6 http://ports.ubuntu.com jammy-security/main arm64 libnginx-mod-stream arm64 1.18.0-6ubuntu14.3 [72.3 kB]
下載:7 http://ports.ubuntu.com jammy-security/main arm64 libnginx-mod-stream-geoip2 arm64 1.18.0-6ubuntu14.3 [9,898 B]
下載:8 http://ports.ubuntu.com jammy-security/main arm64 nginx-core arm64 1.18.0-6ubuntu14.3 [493 kB]
下載:9 http://ports.ubuntu.com jammy-security/main arm64 nginx arm64 1.18.0-6ubuntu14.3 [3,882 B]
取得 704 kB 用了 2s (294 kB/s)
正在預先設定套件 ...
選取了原先未選的套件 nginx-common。
(讀取資料庫 ... 目前共安裝了 287948 個檔案和目錄。)
正在準備解包 .../0-nginx-common_1.18.0-6ubuntu14.3_all.deb……
解開 nginx-common (1.18.0-6ubuntu14.3) 中...
選取了原先未選的套件 libnginx-mod-http-geoip2。
正在準備解包 .../1-libnginx-mod-http-geoip2_1.18.0-6ubuntu14.3_arm64.deb……
解開 libnginx-mod-http-geoip2 (1.18.0-6ubuntu14.3) 中...
選取了原先未選的套件 libnginx-mod-http-image-filter。
正在準備解包 .../2-libnginx-mod-http-image-filter_1.18.0-6ubuntu14.3_arm64.deb……
解開 libnginx-mod-http-image-filter (1.18.0-6ubuntu14.3) 中...
選取了原先未選的套件 libnginx-mod-http-xslt-filter。
正在準備解包 .../3-libnginx-mod-http-xslt-filter_1.18.0-6ubuntu14.3_arm64.deb……
解開 libnginx-mod-http-xslt-filter (1.18.0-6ubuntu14.3) 中...
選取了原先未選的套件 libnginx-mod-mail。
正在準備解包 .../4-libnginx-mod-mail_1.18.0-6ubuntu14.3_arm64.deb……
解開 libnginx-mod-mail (1.18.0-6ubuntu14.3) 中...
選取了原先未選的套件 libnginx-mod-stream。
正在準備解包 .../5-libnginx-mod-stream_1.18.0-6ubuntu14.3_arm64.deb……
解開 libnginx-mod-stream (1.18.0-6ubuntu14.3) 中...
選取了原先未選的套件 libnginx-mod-stream-geoip2。
正在準備解包 .../6-libnginx-mod-stream-geoip2_1.18.0-6ubuntu14.3_arm64.deb……
解開 libnginx-mod-stream-geoip2 (1.18.0-6ubuntu14.3) 中...
選取了原先未選的套件 nginx-core。
正在準備解包 .../7-nginx-core_1.18.0-6ubuntu14.3_arm64.deb……
解開 nginx-core (1.18.0-6ubuntu14.3) 中...
選取了原先未選的套件 nginx。
正在準備解包 .../8-nginx_1.18.0-6ubuntu14.3_arm64.deb……
解開 nginx (1.18.0-6ubuntu14.3) 中...
設定 nginx-common (1.18.0-6ubuntu14.3) ...
Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /lib
/systemd/system/nginx.service.
設定 libnginx-mod-http-xslt-filter (1.18.0-6ubuntu14.3) ...
設定 libnginx-mod-http-geoip2 (1.18.0-6ubuntu14.3) ...
設定 libnginx-mod-mail (1.18.0-6ubuntu14.3) ...
設定 libnginx-mod-http-image-filter (1.18.0-6ubuntu14.3) ...
設定 libnginx-mod-stream (1.18.0-6ubuntu14.3) ...
設定 libnginx-mod-stream-geoip2 (1.18.0-6ubuntu14.3) ...
設定 nginx-core (1.18.0-6ubuntu14.3) ...
* Upgrading binary nginx [ OK ]
設定 nginx (1.18.0-6ubuntu14.3) ...
執行 man-db (2.10.2-1) 的觸發程式……
執行 ufw (0.36.1-4build1) 的觸發程式……
這樣就完成 Nginx 安裝了, 檢視系統服務初始化腳本目錄 /etc/init.d/ 可知已經有 nginx, 系統啟動時會自動執行 :
one@LX2438:~$ ls /etc/init.d/
alsa-utils hwclock.sh rsync
anacron irqbalance saned
apparmor kerneloops speech-dispatcher
apport keyboard-setup.sh spice-vdagent
avahi-daemon kmod ssh
bluetooth lightdm sssd
console-setup.sh lm-sensors udev
cron networking ufw
cryptdisks nginx unattended-upgrades
cryptdisks-early openvpn uuidd
cups plymouth whoopsie
cups-browsed plymouth-log x11-common
dbus procps xrdp
dphys-swapfile pulseaudio-enable-autospawn
用 service 指令管理 (停止或啟動) 這些服務時其實就是呼叫這些腳本, 例如管理 nginx 伺服器可用下列指令 :
sudo service nginx start
sudo service nginx stop
sudo service nginx restart
sudo service nginx status (檢視伺服器狀態)
也可以直接執行 /etc/init.d/ 下的腳本 :
sudo /etc/init.d/nginx start
sudo /etc/init.d/nginx stop
sudo /etc/init.d/nginx restart
sudo /etc/init.d/nginx status
由於安裝好 Nginx 後伺服器就已啟動, 所以不用再執行上面的 start 指令, 開啟瀏覽器拜訪 localhost 或 127.0.0.1 就可以看到 Nginx 預設的歡迎網頁了 :
因為這台 Mapleboard 是用撥接上網取得光世代浮動制 IP 的一個固定 IP, 所以我從外網用 HTTP 連線此 IP 也會看到這個歡迎網頁 :
one@LX2438:~$ ls /var/www/html
index.nginx-debian.html
可用 cat 指令顯示網頁 HTML 內容 :
one@LX2438:~$ cat /var/www/html/index.nginx-debian.html
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
至於為何輸入 localhost 或 IP 會顯示此網頁, 就要看 Nginx 設定檔才會明白.
3. Nginx 設定檔 :
Nginx 伺服器的配置資訊摘要整理如下 :
- 網頁目錄位置 : /var/www/html 下, 預設首頁為 index.nginx-debian.html
- 主設定檔位置 : /etc/nginx/nginx.conf
- 站台設定檔目錄位置 : /etc/nginx/sites-enabled (預設站台 default)
- 存取紀錄檔位置 : /var/log/nginx/access.log
- 錯誤記錄檔位置 : /var/log/nginx/error.log
Nginx 的設定檔放在 /etc/nginx/ 下面 :
one@LX2438:~$ ls /etc/nginx/
conf.d koi-win nginx.conf sites-enabled
fastcgi.conf mime.types proxy_params snippets
fastcgi_params modules-available scgi_params uwsgi_params
koi-utf modules-enabled sites-available win-utf
其中主要的檔案與目錄說明如下 :
- nginx.conf : 系統設定檔
- /sites-enabled : 用來存放已啟用站台之站台設定檔資料夾
- /sites-available : 存放尚未啟用之站台設定檔資料夾
先用 cat 指令檢視系統設定檔 nginx.conf :
one@LX2438:~$ cat /etc/nginx/nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log; #存取記錄檔位置
error_log /var/log/nginx/error.log; #錯誤記錄檔位置
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf; # 載入全部系統設定檔
include /etc/nginx/sites-enabled/*; # 載入全部已啟用網站設定檔
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
nginx.conf 是伺服器的系統設定檔, 例如 HTTP 協定的 SSL 安全性, 紀錄檔位置, 站台設定檔位置等, 與之前在樹莓派上安裝的舊版 Nginx 設定檔比較, 少了最常連線參數 keepalive_timeout 之設定.
Nginx 伺服器可同時運行多個站台 (web sites), 每個站台的設定檔預設放在 /sites-enabled 目錄下, 用 ls 指令檢視預設只有一個名為 default 的站台設定檔 :
one@LX2438:~$ ls /etc/nginx/sites-enabled
default
站台設定檔 deault 的內容如下 :
one@LX2438:~$ cat /etc/nginx/sites-enabled/default
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80 default_server; # 監聽預設站台 80 埠
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html; # 設定網站根目錄
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html; # 首頁檔之檔名
server_name _; # 預設網站域名 _ 為 localhost
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/run/php/php7.4-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
可見站台的設定是放在 Server {} 裡面, 其中可用的設定指令如下表所示 :
設定指令 | 說明 |
listen | 設定監聽埠, 預設為 80 埠 (www) |
root | 設定預設站台之根目錄絕對路徑, 預設為 /var/www/html/ |
index | 列舉首頁檔名 |
server_name | 設定伺服器名稱, 預設為 _ |
location | 設定請求處理方式 |
只要將 listen 指令後面的預設埠 80 改成 8080, 則 Nginx 預設站台的埠號就變成 8080 了 :
listen {
listen 8080 default_server;
listen [::]:8080 default_server;
.....
昨天下班前上 Hahow 企業網站上了一堂 WordPress 資訊安全與備份的課 (註冊了一堆課程卻沒時間上, 這會影響今年公司是否繼續授予使用權), 覺得不能忽略 WordPress 強大的外掛支援, 這是 Python 架站套件所不能及的. 傍晚去河堤健走時原本想放空, 但卻一直在思索此問題, 最終決定還是用 WordPress 架站, Python 則當作實驗場 (Django 使用 8080 埠).
參考 :
2023-05-09 補充 :
今天整理 Chrome 書籤發現之前找到的一篇很有意思的文章 :
先記下來, 有空在 Mapleboard 上實驗看看.
沒有留言 :
張貼留言