Nginx

apache
重启apache:sudo /usr/sbin/apachectl restart

关闭apache:sudo /usr/sbin/apachectl stop

开启apache:sudo /usr/sbin/apachectl start

安装nginx
brew update && brew install nginx

貌似和watchman有冲突 要卸载pcre
(brew uninstall xxx 注意 brew命令不可以在sudo权限下执行)

卸载watchman可能会提示权限问题

Error: Permission denied - /usr/local/homebrew/Cellar/watchman/4.5.0/bin/watchman

sudo chown -R "$USER":admin /usr/local/homebrew/

改变onwer就好了

安装过程

brew install nginx
Updating Homebrew...
==> Installing dependencies for nginx: pcre, openssl@1.1
==> Installing nginx dependency: pcre
==> Downloading https://homebrew.bintray.com/bottles/pcre-8.40.el_capitan.bottle.tar.gz
######################################################################## 100.0%
==> Pouring pcre-8.40.el_capitan.bottle.tar.gz
==> Using the sandbox
🍺  /usr/local/homebrew/Cellar/pcre/8.40: 204 files, 5.4MB
==> Installing nginx dependency: openssl@1.1
==> Downloading https://www.openssl.org/source/openssl-1.1.0e.tar.gz
######################################################################## 100.0%
==> perl ./Configure --prefix=/usr/local/homebrew/Cellar/openssl@1.1/1.1.0e --openssldir=/usr/local/homebrew/etc/openssl@1.1 no-ssl3 no-ssl3-method no-zl
==> make
==> make test
==> make install MANDIR=/usr/local/homebrew/Cellar/openssl@1.1/1.1.0e/share/man MANSUFFIX=ssl
==> Caveats
A CA file has been bootstrapped using certificates from the system
keychain. To add additional certificates, place .pem files in
  /usr/local/homebrew/etc/openssl@1.1/certs

and run
  /usr/local/homebrew/opt/openssl@1.1/bin/c_rehash

This formula is keg-only, which means it was not symlinked into /usr/local/homebrew,
because this is an alternate version of another formula.

If you need to have this software first in your PATH run:
  echo 'export PATH="/usr/local/homebrew/opt/openssl@1.1/bin:$PATH"' >> ~/.zshrc

For compilers to find this software you may need to set:
    LDFLAGS:  -L/usr/local/homebrew/opt/openssl@1.1/lib
    CPPFLAGS: -I/usr/local/homebrew/opt/openssl@1.1/include

==> Summary
🍺  /usr/local/homebrew/Cellar/openssl@1.1/1.1.0e: 6,303 files, 15.4MB, built in 8 minutes 6 seconds
==> Installing nginx
==> Downloading https://nginx.org/download/nginx-1.12.0.tar.gz
######################################################################## 100.0%
==> ./configure --prefix=/usr/local/homebrew/Cellar/nginx/1.12.0 --with-http_ssl_module --with-pcr
==> make install
==> Caveats
Docroot is: /usr/local/homebrew/var/www

The default port has been set in /usr/local/homebrew/etc/nginx/nginx.conf to 8080 so that
nginx can run without sudo.

nginx will load all files in /usr/local/homebrew/etc/nginx/servers/.

To have launchd start nginx now and restart at login:
  brew services start nginx
Or, if you don't want/need a background service you can just run:
  nginx
==> Summary
🍺  /usr/local/homebrew/Cellar/nginx/1.12.0: 8 files, 1010.1KB, built in 34 seconds

从上面知道默认的doc是 /usr/local/homebrew/var/www

启动

nginx

重启(-t会监测conf的正确性)

nginx -t && nginx -s reload

问题 这样重启配置文件经常不生效
还是关闭再启动吧

sudo nginx -s stop
sudo nginx

nginx -s signal

其中,signal 可以是以下几种之一:

stop —— 快速关闭
quit —— 平稳关闭
reload —— 重载配置文件
reopen —— 重新打开日志文件

默认配置文件
/usr/local/homebrew/etc/nginx/nginx.conf

http://cnt1992.xyz/2016/03/18/simple-intro-to-nginx/

rewrite

    location = /501.html {
        rewrite ^/501.html$ /505.html permanent;
    }

    # regex not use = but ~
    location ~ ^/50.\.html {
        rewrite ^/500.html /haha.html permanent;
        rewrite ^/502.html /520.html permanent;
        rewrite ^/50x.html /xx.html permanent;
    }

把所有的/50..html 的路径会特别处理
除了501.html 会到505.html

https
监测是否安装了https

nginx -V
nginx version: nginx/1.12.0
built by clang 7.3.0 (clang-703.0.31)
built with OpenSSL 1.1.0e  16 Feb 2017
TLS SNI support enabled
configure arguments: --prefix=/usr/local/homebrew/Cellar/nginx/1.12.0 --with-http_ssl_module --with-pcre --sbin-path=/usr/local/homebrew/Cellar/nginx/1.12.0/bin/nginx --with-cc-opt='-I/usr/local/homebrew/opt/pcre/include -I/usr/local/homebrew/opt/openssl@1.1/include' --with-ld-opt='-L/usr/local/homebrew/opt/pcre/lib -L/usr/local/homebrew/opt/openssl@1.1/lib' --conf-path=/usr/local/homebrew/etc/nginx/nginx.conf --pid-path=/usr/local/homebrew/var/run/nginx.pid --lock-path=/usr/local/homebrew/var/run/nginx.lock --http-client-body-temp-path=/usr/local/homebrew/var/run/nginx/client_body_temp --http-proxy-temp-path=/usr/local/homebrew/var/run/nginx/proxy_temp --http-fastcgi-temp-path=/usr/local/homebrew/var/run/nginx/fastcgi_temp --http-uwsgi-temp-path=/usr/local/homebrew/var/run/nginx/uwsgi_temp --http-scgi-temp-path=/usr/local/homebrew/var/run/nginx/scgi_temp --http-log-path=/usr/local/homebrew/var/log/nginx/access.log --error-log-path=/usr/local/homebrew/var/log/nginx/error.log --with-http_gzip_static_module --with-ipv6

生成https秘钥 https://my.oschina.net/JasonZhang/blog/754404

我在ssl目录下生成了server.key server.key的默认密码是123456

➜  ssl git:(stable) openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
..........++++++
.......................++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:


➜  ssl git:(stable) openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:BJ
Locality Name (eg, city) []:BJ
Organization Name (eg, company) [Internet Widgits Pty Ltd]:BUBU
Organizational Unit Name (eg, section) []:BUBU
Common Name (e.g. server FQDN or YOUR name) []:hehe.com
Email Address []:lumixraku@gmail.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:BUBU


➜  ssl git:(stable) openssl rsa -in server.key -out server-np.key
Enter pass phrase for server.key:
writing RSA key


➜  ssl git:(stable) openssl x509 -req -days 366 -in server.csr -signkey server-np.key -out server.crt
Signature ok
subject=/C=CN/ST=BJ/L=BJ/O=BUBU/OU=BUBU/CN=hehe.com/emailAddress=lumixraku@gmail.com
Getting Private key



nginx.conf 配置

    # HTTPS server
    #
    server {
        listen       443 ssl;
        server_name  localhost;

        # ssl_certificate      cert.pem;
        ssl_certificate      ./ssl/server.crt;
        ssl_certificate_key  ./ssl/server-np.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

        location / {
            root /Users/xxx/Sites;
            index  index.html index.htm;
        }
    }

重启

ssl git:(stable) sudo nginx -t && nginx -s reload
nginx: the configuration file /usr/local/homebrew/etc/nginx/nginx.conf syntax is ok
nginx: configuration file /usr/local/homebrew/etc/nginx/nginx.conf test is successful
posted @ 2017-05-20 19:52  cart55free99  阅读(237)  评论(0编辑  收藏  举报