nginx 下载安装配置,项目部署相关配置,https ssl配置
一、nginx 安装
1. 通过nginx.org下载源码安装包,或直接wget下载 点击链接去下载
选择对应系统版本即可。我这里从稳定版【Stable version】下载
2. 安装nginx依赖环境包
yum install gcc-c++ pcre pcre-devel zlib zlib-devel openssl openssl-devel
3. 上传或者下载nginx安装包
~ mkdir -p /usr/local/nginx
~ wget -P /usr/local/nginx http://nginx.org/download/nginx-1.24.0.tar.gz
~ cd /usr/local/nginx
~ tar zxvf nginx-1.24.0.tar.gz
~ cd nginx-1.24.0
~ ./configure
~ make && make install
~ cd /usr/local/nginx/sbin
# 检查配置文件的语法是否正确
~ ./nginx -t
# 启动
~ ./nginx
# 重启
~ ./nginx -s reload
# 停止
~ ./nginx -s stop
4. 加入到环境变量(推荐)
~ vim /etc/profile
# 增加
export PATH="$PATH:/usr/local/nginx/sbin"
# 重新加载
~ source /etc/profile
# 启动
~ nginx
# 停止
~ nginx -s stop
# 重新加载 Nginx 服务配置
~ nginx -s reload
5. 加入到 systemctl
~ vim /etc/systemd/system/nginx.service
#增加内容
[Unit]
Description=Nginx
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecStop=/usr/local/nginx/sbin/nginx -s quit
ExecReload=/usr/local/nginx/sbin/nginx -s reload
PrivateTmp=true
[Install]
WantedBy=multi-user.target
# 保存之后 重新加载 systemd 配置
~ systemctl daemon-reload
# 开启
~ systemctl start nginx
# 停止
~ systemctl stop nginx
6. 部分截图
访问ip 默认 80端口(注意检查服务器防火墙)
引入外部配置文件,区分不同配置(添加到目录 /usr/local/nginx/conf.d/)
http {
include /usr/local/nginx/mime.types;
default_type application/octet-stream;
underscores_in_headers on;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /usr/local/nginx/conf.d/*.conf; # 注意这里
}
7. 普通的反向代理
client_body_buffer_size 10m; #缓存区大小
client_max_body_size 100m; #上传文件的最大值
client_body_temp_path /usr/local/nginx/client_temp 1 2;
server {
listen 8080;
server_name localhost;
keepalive_timeout 600;
fastcgi_connect_timeout 600;
fastcgi_send_timeout 600;
fastcgi_read_timeout 600;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
location /xxx-app-boot/ {
proxy_buffer_size 4096k;
proxy_buffers 4 4096k;
client_max_body_size 100m;
proxy_pass http://192.168.0.121:8081;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
}
}
8. vue项目部署代理
server {
listen 8080;
server_name localhost;
#access_log /var/log/nginx/host.access.log main;
location / {
root /data/xxxxx/web-site/dist;# vue前端打包文件
index index.html index.htm;
# 路由匹配
if (!-e $request_filename) {
rewrite ^(.*)$ /index.html?s=$1 last;
break;
}
}
location /api {
proxy_pass http://ip:port/xxxx-boot/; # 转发到后台服务
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
9.https ssl配置 + 负载均衡
需要提前准备证书相关文件: 1. 域名; 2. (域名).crt;3. (域名).key
放置到 /usr/local/nginx/ssl/ 目录下
负载均衡: 部署两份及以上后台服务
upstream appBoot-server {
server 192.161.0.121:8080;
server 192.161.0.122:8080;
# "fair" 算法,每个客户端的请求都会被发送到相同的后端服务器
# fair;
}
server {
listen 443 ssl;
server_name www.demo.com; #填写绑定证书的域名
limit_rate 300K;
ssl_certificate ../ssl/www.demo.com.crt; # 指定证书的位置,相对路径(例如:/usr/local/nginx/conf/nginx.conf)
ssl_certificate_key ../ssl/www.demo.com.key; # 相对路径,同上
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # 按照这个协议配置
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; # 按照这个套件配置
ssl_prefer_server_ciphers on;
location /app-boot/ {
proxy_buffer_size 4096k;
proxy_buffers 4 4096k;
client_max_body_size 100m;
proxy_pass http://appBoot-server;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
}
}
二、其他proxy_pass说明:
在nginx中配置proxy_pass代理转发时,如果在proxy_pass后面的url加/,表示绝对根路径;如果没有/,表示相对路径,把匹配的路径部分也给代理走。
假设下面四种情况分别用 http://192.168.0.121/proxy/test.html 进行访问。
第一种:
location /proxy/ {
proxy_pass http://127.0.0.1/;
}
代理到URL:http://127.0.0.1/test.html
第二种(相对于第一种,最后少一个 / )(推荐1)
location /proxy/ {
proxy_pass http://127.0.0.1;
}
代理到URL:http://127.0.0.1/proxy/test.html
第三种:
location /proxy/ {
proxy_pass http://127.0.0.1/aaa/;
}
代理到URL:http://127.0.0.1/aaa/test.html
第四种(相对于第三种,最后少一个 / )
location /proxy/ {
proxy_pass http://127.0.0.1/aaa;
}
代理到URL:http://127.0.0.1/aaatest.html
最后制作不易,点下推荐再走呗(●'◡'●)
本文来自博客园,作者:博客-涛,转载请注明原文链接:https://www.cnblogs.com/htmsmile/p/17608612.html
