#######################
#
#    安装工具包
#
#######################

aptitude install build-essential

aptitude install libpcre3

aptitude install libpcre3-dev

aptitude install libpcrecpp0

aptitude install libssl-dev

aptitude install zlib1g-dev

#######################
#
#    添加用户和组
#
#######################

groupadd nginx

useradd -g nginx -d /home/nginx -s /sbin/nologin nginx

#######################
#
#  优化Linux内核参数
#
#######################

vi /etc/sysctl.conf

net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.ip_local_port_range = 5000    65000

/sbin/sysctl -p

#######################
#
#      安装nignx
#
#######################

### 具体configure配置参考看 ###

wget

tar zxfv nginx-0.7.30.tar.gz

cd nginx-0.7.30

./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module  --with-http_ssl_module

make

make install

#######################
#
#      运行nignx
#
#######################

/usr/local/nginx/sbin/nginx -t

　　# the configuration file /usr/local/webserver/nginx/conf/nginx.conf syntax is ok
　　# the configuration file /usr/local/webserver/nginx/conf/nginx.conf was tested successfully

cp /usr/local/nginx/conf/nginx.conf  /usr/local/nginx/conf/nginx.conf.bak

/usr/local/nginx/sbin/nginx

#######################
#
#    开机启动nginx
#
#######################

vi /etc/rc.local

ulimit -SHn 51200
/usr/local/nginx/sbin/nginx

#######################
#
#      关闭nginx
#
#######################

kill `cat /usr/local/nginx/logs/nginx.pid`

####################################################
#
#      不停止Nginx服务的情况下平滑变更Nginx配置
#
####################################################

kill -HUP `cat /usr/local/nginx/logs/nginx.pid`

#######################
#
#   查看Nginx主进程号
#
#######################

ps -ef | grep "nginx: master process" | grep -v "grep" | awk -F ' ' '{print $2}'

#######################
#
#       安装SSL
#
#######################

aptitude install openssh-server

### 首先，创造一个key,pem 和 certificate 文件

openssl genrsa 1024 > host.key
chmod 400 host.key
openssl req -new -x509 -nodes -sha1 -days 365 -key host.key > host.cert
cat host.cert host.key > host.pem
chmod 400 host.pem

### 在nginx配置文件里加入SSL，如下：

worker_processes 1;
http {
    ...
    server {
        listen               443;
        ssl                  on;
        ssl_certificate      /path/to/host.pem;
        ssl_certificate_key  /path/to/host.key;
        keepalive_timeout    70;
    }
}

#################################
#
#  每天定时切割Nginx日志的脚本
#
#################################

touch /usr/local/nginx/sbin/cut_nginx_log.sh

chmod +x /usr/local/nginx/sbin/cut_nginx_log.sh

cat >> /usr/local/nginx/sbin/cut_nginx_log.sh << "EOF"

#!/bin/bash
# This script run at 00:00

# The Nginx logs path
logs_path="/usr/local/nginx/logs/"

mkdir -p ${logs_path}$(date -d "yesterday" +"%Y")/$(date -d "yesterday" +"%m")/
mv ${logs_path}access.log ${logs_path}$(date -d "yesterday" +"%Y")/$(date -d "yesterday" +"%m")/access_$(date -d "yesterday" +"%Y%m%d").log
kill -USR1 `cat /usr/local/nginx/logs/nginx.pid`
EOF

### 设置crontab，每天凌晨00:00切割nginx访问日志

crontab -e

00 00 * * * /bin/bash  /usr/local/nginx/sbin/cut_nginx_log.sh