设置阿里Yum镜像
1.备份
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
2.下载新的CentOS-Base.repo 到/etc/yum.repos.d/
CentOS 7
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
CentOS 6
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
CentOS 5
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-5.repo
3.生成缓存
yum makecache
安装
添加Nginx源
rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
查询
yum list nginx
安装
yum install -y nginx
卸载
yum -y remove nginx*
启动
service nginx start
停止
service nginx stop
设为开机启动
chkconfig nginx on
或
systemctl enable nginx.service
重新加载配置
service nginx reload
查看版本
nginx -v
配置文件路径/etc/nginx/conf.d
配置
负载均衡
upstream git_xhkjedu {
server xxx.xxx.xxx.xxx:10080;
server xxx.xxx.xxx.xxx:10080;
}
server {
listen 80;
server_name git.xhkjedu.com;
client_max_body_size 200m;
location / {
proxy_pass http://git_xhkjedu/;
proxy_cookie_path / /;
proxy_redirect / /;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 200m;
client_body_buffer_size 128k;
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_buffer_size 64k;
proxy_buffers 8 64k;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 128k;
send_timeout 60;
}
}
上传文件时注意一下配置
client_max_body_size 200m;
client_body_buffer_size 128k;
proxy_connect_timeout 300s;
静态项目
server {
listen 80;
server_name qg.xhkjedu.com;
client_max_body_size 200m;
listen 443;
ssl on;
ssl_certificate /etc/nginx/cert/xhkjedu.pem;
ssl_certificate_key /etc/nginx/cert/xhkjedu.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
index index.html;
root /data/web_front/qg;
}
静态项目主要添加了
root /data/web_front/qg;
index index.html;
不添加的话 部分浏览器访问不到默认首页
SSL证书配置
listen 443;
ssl on;
ssl_certificate /etc/nginx/cert/xhkjedu.pem;
ssl_certificate_key /etc/nginx/cert/xhkjedu.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
HTTP重定向到HTTPS
server {
listen 80;
server_name qg.xhkjedu.com;
return 301 https://$host$request_uri;
}
server {
server_name qg.xhkjedu.com;
client_max_body_size 200m;
listen 443;
ssl on;
ssl_certificate /etc/nginx/cert/xhkjedu.pem;
ssl_certificate_key /etc/nginx/cert/xhkjedu.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
index index.html;
root /data/web_front/qg;
}
主要是配置了
return 301 https://$host$request_uri;
URL重写
主要用于地址迁移 重定向到新的地址
server {
server_name zujuan.xhkjedu.com;
client_max_body_size 200m;
listen 443;
ssl on;
ssl_certificate /etc/nginx/cert/xhkjedu.pem;
ssl_certificate_key /etc/nginx/cert/xhkjedu.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
index index.html;
root /data/web_front/zujuan;
location /userapi/login {
rewrite ^/userapi/login$ https://zujuan.xhkjedu.com/userapi/tip.json;
}
}
主要配置是
location /userapi/login {
rewrite ^/userapi/login$ https://zujuan.xhkjedu.com/userapi/tip.json;
}
常见错误
nginx: [emerg] bind() to 0.0.0.0:8091 failed (13: Permission denied)
是开启selinux 导致的
查看状态 如果输出 disabled 或 Permissive 那就是关闭了
如果输出 Enforcing 那就是开启了 selinux
临时关闭
临时关闭
setenforce 0
临时开启
setenforce 1
永久关闭
修改/etc/selinux/config文件
vi /etc/selinux/config
将
SELINUX=enforcing
改为
SELINUX=disabled
立即生效
source /etc/selinux/config
静态项目访问403
编辑配置文件
vi /etc/nginx/nginx.conf
修改内容
用户修改为root 默认是nginx
user root;
输入
getenforce
出现Enforcing表示已强制执行安全策略了
配置关闭
vi /etc/selinux/config
修改为disable
SELINUX=disabled
重启
reboot
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
