OpenResty yum 方式安装支持 CentOS 7和8

2022-12-02 阅读 {{counts.readCount}} 评论 {{counts.commentCount}}

## 前言
续上一篇，记录的是编译源码方式，安装 OpenResty 
[OpenResty 安装配置入门教程 代替Nginx 使用lua redis动态控制请求](https://leanote.zzzmh.cn/blog/post/admin/60d2e8f816199b501c026ab5)
<br>
本篇用更简单的yum方式安装，且支持后续更新，所需插件和模块也会一并自动安装
<br>
默认是不支持 `brotli` ，我这里选择直接去掉 `brotli` ，只用 `gzip` ，影响不大

<br><br>
## 折腾
基于官网教程
[http://openresty.org/cn/linux-packages.html#centos](http://openresty.org/cn/linux-packages.html#centos)

```shell
# 以下命令适用于 CentOS 7
# （对于 CentOS 8 或以上版本，应将下面的 yum 都替换成 dnf）
wget https://openresty.org/package/centos/openresty.repo
sudo mv openresty.repo /etc/yum.repos.d/
sudo yum check-update

yum install -y openresty

# 启动和开机启动
systemctl start openresty
systemctl enable openresty
```

<br>
安装细节同样可以参考官网
[http://openresty.org/cn/rpm-packages.html](http://openresty.org/cn/rpm-packages.html)

只需关注几个重点
```shell
# 安装路径
/usr/bin/openresty

# nginx 配置文件路径
/usr/local/openresty/nginx/conf/nginx.conf

# 常用命令
# 启动 重启 停止 状态 开机启动
systemctl start openresty
systemctl restart openresty
systemctl stop openresty
systemctl status openresty
systemctl enable openresty

# 帮助 测试配置文件
openresty -h
openresty -t

# 同nginx  重新加载配置文件
openresty -s reload
```


配置文件调试
默认路径
`/usr/local/openresty/nginx/conf/nginx.conf`
```shell

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    server {
        listen       80;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            root   html;
            index  index.html index.htm;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

}
```

例如开启tls3
```shell
server {
    listen    443  ssl http2 default_server;
    server_name    xxx.com;
    
    # 证书部分
    ssl_certificate     /root/ssl/xxx.crt;
    ssl_certificate_key /root/ssl/xxx.key;

    # TLS 握手优化
    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;
    keepalive_timeout    75s;
    keepalive_requests   100;

    # TLS 版本控制
    ssl_protocols   TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers     'TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5';

    # 开启 1.3 o-RTT
    ssl_early_data  on;
    
    location / {
        ...
    }
    
    ...
}
```


## END
附上openresty学习资料
[OpenResty 全套课程 (bilibili)](https://www.bilibili.com/video/BV1nU4y1x7Lt)
[OpenResty 最佳实践 (gitbooks)](https://moonbingbing.gitbooks.io/openresty-best-practices/content/index.html)
[LuaNginxModule 文档 (github)](https://github.com/openresty/lua-nginx-module)

**注意：其中gitbooks裸连会出现打开慢的问题，如果你看不到左边目录栏就是连不上超时了，建议试试他的github地址**

mdi-chevron-left