前提:已经配置好静态IP
以防万一,先安装好iptables服务(不管你装没装,先执行,免得后面添乱)
[root@localhost ~]# yum install iptables-services
[root@localhost ~]# systemctl mask firewalld.service
[root@localhost ~]# systemctl enable iptables.service
[root@localhost ~]# systemctl enable ip6tables.service
进入iptables配置80端口,因为nginx默认是由80端口访问
[root@localhost ~]# vim /etc/sysconfig/iptables
这是配置信息:
# Generated by iptables-save v1.4.21 on Fri May 12 21:28:29 2017
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [6:696]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT(我给vsftpd配置的端口)
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT(给nginx配置的端口,原样输入就行了)
-A INPUT -p tcp -m state --state NEW -m tcp --dport 30000:30999 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Fri May 12 21:28:29 2017
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [6:696]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT(我给vsftpd配置的端口)
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT(给nginx配置的端口,原样输入就行了)
-A INPUT -p tcp -m state --state NEW -m tcp --dport 30000:30999 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Fri May 12 21:28:29 2017
然后:wq,保存退出就行了
重启iptables,配置才生效
[root@localhost ~]# systemctl restart iptables.service
开启防火墙,不管你开没有,再开一遍:
[root@localhost ~]# systemctl start firewalld
开启http访问
[root@localhost ~]# firewall-cmd --permanent --add-service=http
加入80端口
[root@localhost ~]# firewall-cmd --permanent --zone=trusted --add-port=80/tcp
启动nginx!!!!(重点来了!!!)
centOS7的nginx启动与其他的有区别!!!注意:我是装的nginx1.80,在centOS6.X系列中,是通过
cd /usr/local/nginx/sbin/
./nginx
这两条命令启动的。在Ubuntu中是通过/etc/nginx.....,你会发现你的centOS7里面,etc下面根本就没有nginx这个folder!
在centOS7中你会发现这行不通,我们应该这么启动:
[root@localhost ~]# /usr/local/nginx/sbin/nginx
如果发现:
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] still could not bind()
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] still could not bind()
说明80端口被占用,杀掉这个进程:
[root@localhost ~]# killall -9 nginx
再次启动nginx:
[root@localhost ~]# /usr/local/nginx/sbin/nginx
查看是否启动:
[root@localhost ~]# ps aux|grep nginx
输出:
root 7110 0.0 0.0 24348 752 ? Ss 22:32 0:00 nginx: master process /usr/local/nginx/sbin/nginx
nobody 7111 0.0 0.0 26860 1508 ? S 22:32 0:00 nginx: worker process
root 7114 0.0 0.0 112664 968 pts/0 S+ 22:33 0:00 grep --color=auto nginx
nobody 7111 0.0 0.0 26860 1508 ? S 22:32 0:00 nginx: worker process
root 7114 0.0 0.0 112664 968 pts/0 S+ 22:33 0:00 grep --color=auto nginx
启动成功!
访问nginx
在浏览器地址栏输入你的Linux虚拟机的静态ip,会跳转到nginx的欢迎页面。