Appearance
安装 Nginx
INFO
- 本文档来源于Nginx官方文档,要查看最新且最详尽的描述,请点击链接阅读英文版本。
- 本文档中的 RHEL 系发行版包括 RHEL、CentOS、Oracle Linux、AlmaLinux、Rocky Linux。
1. 检查兼容性
在Nginx发行版支持列表查找自己使用的发行版是否受到支持。
截至 2025 年 11 月, Nginx 支持的主要发行版版本范围如下:
格式:<发行版版本>: <支持的处理器架构>,发行版版本和支持的处理器架构均在清单中,即可视为你的服务器受到官方源的支持。
text
11.x “bullseye”: x86_64, aarch64/arm64
12.x “bookworm”: x86_64, aarch64/arm64
13.x “trixie”: x86_64, aarch64/arm64text
22.04 “jammy”: x86_64, aarch64/arm64
24.04 “noble”: x86_64, aarch64/arm64
25.04 “plucky”: x86_64, aarch64/arm64
25.10 “questing”: x86_64, aarch64/arm64text
8.x: x86_64, aarch64/arm64
9.x: x86_64, aarch64/arm64
10.x: x86_64, aarch64/arm64text
3.19: x86_64, aarch64/arm64
3.20: x86_64, aarch64/arm64
3.21: x86_64, aarch64/arm64
3.22: x86_64, aarch64/arm64如果你使用的版本不受支持,可以考虑使用系统包管理器提供的 nginx、自行编译或使用 Nginx 容器镜像。
2. 准备相关依赖
bash
sudo apt update && \
sudo apt install curl \
gnupg2 \
ca-certificates \
lsb-release \
debian-archive-keyringbash
sudo apt update && \
sudo apt install curl \
gnupg2 \
ca-certificates \
lsb-release \
ubuntu-keyringbash
# 无需操作bash
sudo apk add openssl \
curl \
ca-certificates3. 导入 Nginx 的 GPG 密钥
导入密钥:
bash
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
| sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/nullbash
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
| sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/nullbash
# 无需操作bash
# 无需操作,Alpine 检查的是 RSA 公钥,将在导入镜像源时进行说明。检查密钥是否正确:
bash
gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpgbash
gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpgbash
# 无需操作,检查密钥的操作将在安装时进行bash
# 无需操作,Alpine 检查的是 RSA 公钥,将在导入镜像源时进行说明。应该输出以下三个指纹:
WARNING
此处只是为了方便列出了 Nginx 的指纹,实际上正确的做法是到Nginx官方文档中比对相关指纹。
text
pub rsa4096 2024-05-29 [SC]
8540A6F18833A80E9C1653A42FD21310B49F6B46
uid nginx signing key <signing-key-2@nginx.com>
pub rsa2048 2011-08-19 [SC] [expires: 2027-05-24]
573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
uid nginx signing key <signing-key@nginx.com>
pub rsa4096 2024-05-29 [SC]
9E9BE90EACBCDE69FE9B204CBCDCD8A38D88A2B3
uid nginx signing key <signing-key-3@nginx.com>如果指纹不匹配,立即删除下载的文件。
4. 添加镜像源
INFO
此处添加的是稳定版的镜像源。如果要添加主线版的镜像源,请查看Nginx官方文档。
bash
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/debian `lsb_release -cs` nginx" \
| sudo tee /etc/apt/sources.list.d/nginx.list
echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \
| sudo tee /etc/apt/preferences.d/99nginxbash
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" \
| sudo tee /etc/apt/sources.list.d/nginx.list
echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \
| sudo tee /etc/apt/preferences.d/99nginxbash
# 创建对应的 Yum/DNF 存储库文件
sudo vi /etc/yum.repos.d/nginx.repo
# 添加以下内容(去掉注释)
# [nginx-stable]
# name=nginx stable repo
# baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
# gpgcheck=1
# enabled=1
# gpgkey=https://nginx.org/keys/nginx_signing.key
# module_hotfixes=true
# [nginx-mainline]
# name=nginx mainline repo
# baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
# gpgcheck=1
# enabled=0
# gpgkey=https://nginx.org/keys/nginx_signing.key
# module_hotfixes=truesh
# 导入镜像源
printf "%s%s%s%s\n" \
"@nginx " \
"http://nginx.org/packages/alpine/v" \
`egrep -o '^[0-9]+\.[0-9]+' /etc/alpine-release` \
"/main" \
| sudo tee -a /etc/apk/repositories
# 导入签名密钥
curl -o /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub
# 验证公钥准确性
openssl rsa -pubin -in /tmp/nginx_signing.rsa.pub -text -noout
# 输出应包含以下模数
# Public-Key: (2048 bit)
# Modulus:
# 00:fe:14:f6:0a:1a:b8:86:19:fe:cd:ab:02:9f:58:
# 2f:37:70:15:74:d6:06:9b:81:55:90:99:96:cc:70:
# 5c:de:5b:e8:4c:b2:0c:47:5b:a8:a2:98:3d:11:b1:
# f6:7d:a0:46:df:24:23:c6:d0:24:52:67:ba:69:ab:
# 9a:4a:6a:66:2c:db:e1:09:f1:0d:b2:b0:e1:47:1f:
# 0a:46:ac:0d:82:f3:3c:8d:02:ce:08:43:19:d9:64:
# 86:c4:4e:07:12:c0:5b:43:ba:7d:17:8a:a3:f0:3d:
# 98:32:b9:75:66:f4:f0:1b:2d:94:5b:7c:1c:e6:f3:
# 04:7f:dd:25:b2:82:a6:41:04:b7:50:93:94:c4:7c:
# 34:7e:12:7c:bf:33:54:55:47:8c:42:94:40:8e:34:
# 5f:54:04:1d:9e:8c:57:48:d4:b0:f8:e4:03:db:3f:
# 68:6c:37:fa:62:14:1c:94:d6:de:f2:2b:68:29:17:
# 24:6d:f7:b5:b3:18:79:fd:31:5e:7f:4c:be:c0:99:
# 13:cc:e2:97:2b:dc:96:9c:9a:d0:a7:c5:77:82:67:
# c9:cb:a9:e7:68:4a:e1:c5:ba:1c:32:0e:79:40:6e:
# ef:08:d7:a3:b9:5d:1a:df:ce:1a:c7:44:91:4c:d4:
# 99:c8:88:69:b3:66:2e:b3:06:f1:f4:22:d7:f2:5f:
# ab:6d
# Exponent: 65537 (0x10001)
# 将公钥移动到 apk 的可信存储
sudo mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/5. 安装 Nginx
bash
sudo apt update && \
sudo apt install nginx
# 要安装 nginx 的对应模块包,可以使用 sudo apt install nginx-module-<name>bash
sudo apt update && \
sudo apt install nginx
# 要安装 nginx 的对应模块包,可以使用 sudo apt install nginx-module-<name>bash
# 此处假设我们安装的发行版使用 dnf 作为包管理器
sudo dnf update
sudo dnf install nginx
# 要安装 nginx 的对应模块包,可以使用 sudo dnf install nginx-module-<name>
# 当提示接受 GPG 密钥时,验证以下三个指纹是否匹配
# Importing GPG key 0xB49F6B46:
# UserID : "nginx signing key <signing-key-2@nginx.com"
# Fingerprint: 8540 A6F1 8833 A80E 9C16 53A4 2FD2 1310 B49F 6B46
# From : https://nginx.org/keys/nginx_signing.key
# Importing GPG key 0x7BD9BF62:
# UserID : "nginx signing key <signing-key@nginx.com"
# Fingerprint: 573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62
# From : https://nginx.org/keys/nginx_signing.key
# Importing GPG key 0x8D88A2B3:
# UserID : "nginx signing key <signing-key-3@nginx.com"
# Fingerprint: 9E9B E90E ACBC DE69 FE9B 204C BCDC D8A3 8D88 A2B3
# From : https://nginx.org/keys/nginx_signing.keybash
sudo apk add nginx@nginx
# 要安装 nginx 的对应模块包,可以使用 sudo apk add nginx-module-<name>@nginx