nginx源码安装及相关问题处理
nginx安装及相关问题处理
编译安装nginx
符合FHS的./configure参数
./configure \
--prefix=/usr/share/nginx \
--sbin-path=/usr/sbin/nginx \
--modules-path=/usr/lib/nginx/modules \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/run/nginx.pid \
--lock-path=/run/nginx.lock \
--user=nginx \
--group=nginx \
--with-http_sub_module \
--with-http_ssl_module \
--with-http_v2_module \
--with-stream \
--with-compat
# 配置文件放 /etc/nginx
# 可执行文件放 /usr/sbin
# 日志放 /var/log/nginx
# PID 和 Lock 放 /var/run
# 使用 User=nginx 和 Group=nginx(需提前创建用户)
```shell
### nginx服务/etc/systemd/system/nginx.service
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target
[Service]
Type=forking
PIDFile=/run/nginx.pid
User=nginx
Group=nginx
ExecStartPre=/usr/sbin/nginx -t -c /etc/nginx/nginx.conf
ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf
ExecReload=/usr/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
Restart=on-failure
RestartSec=5s
[Install]
WantedBy=multi-user.target
### 创建Nginx用户和日志目录
sudo useradd --system --no-create-home --shell /sbin/nologin nginx
sudo mkdir -p /var/log/nginx
sudo chown nginx:nginx /var/log/nginx
### 编译、安装并启用服务
make clean
make
make install
systemctl daemon-reload
systemctl enable nginx --now
### 验证
nginx -V
## 完整配置文件
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
stream {
upstream mysql {
server 10.10.12.224:3306 max_fails=30 fail_timeout=30s;
}
server {
listen 3306;
proxy_connect_timeout 10s;
proxy_timeout 30s;
proxy_pass mysql;
}
}
多彩贵州城
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent '
'"$http_x_forwarded_for" '
'"$scheme://$host:$server_port$request_uri"';
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log;
gzip on;
gzip_disable "msie6";
server {
listen 443 ssl;
server_name xxx.cn;
access_log /var/log/nginx/gzcolorfulcity.cn.access.log main;
error_log /var/log/nginx/gzcolorfulcity.cn.error.log;
charset utf-8;
ssl_certificate /opt/nginx/certificate/gzcolorfulcity.cn.pem;
ssl_certificate_key /opt/nginx/certificate/gzcolorfulcity.cn.key;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
#表示优先使用服务端加密套件。默认开启
ssl_prefer_server_ciphers on;
root /var/www/xxx.cn;
index index.html;
location / {
root /opt/server/xxx/dist;
try_files $uri $uri/ /index.html;
index index.html index.htm;
}
location /api/sys/ {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
sub_filter 'http://10.10.12.224:7777' 'https://www.xxx.cn';
proxy_pass http://10.10.12.224:7777/api/sys/;
}
}
server {
listen 80;
server_name www.xxx.cn;
return 301 https://$host$request_uri;
}
}
## nginx问题
### 代理返回静态文件中路径不带端口的问题
修改配置文件/etc/nginx/nginx.conf
将proxy_set_header Host $host;改为proxy_set_header Host $host:$server_port;
```conf
server {
listen 8086;
server_name localhost;
#gzip off;
location / {
proxy_set_header Host $host:$server_port; # 这里加上$host:$server_port
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://10.***.***.46:8086/;
proxy_set_header X-Forwarded-Proto $scheme;
#sub_filter 'src="/' 'src="http://111.***.***.61:8086/';
#sub_filter_once off;
}
}
替换响应
server {
listen 8086;
server_name localhost;
#gzip off;
location / {
proxy_set_header Host $host:$server_port; # 这里加上$host:$server_port
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://10.***.***.46:8086/;
proxy_set_header X-Forwarded-Proto $scheme;
sub_filter 'http://ip:port/'src="https://www.xx.com/'; # 替换
sub_filter_once off; # 可选关闭只替换第一个
}
}
浙公网安备 33010602011771号