本文详细介绍了如何在Linux系统上安装Nginx,包括下载安装包、安装依赖、创建用户、编译安装及启动。接着讲解了Nginx配置文件的关键参数,如worker_processes、worker_rlimit_nofile等,并展示了反向代理、负载均衡和跨域配置的实例。最后,文章提供了实际场景下的Nginx配置案例,涉及HTTPS安全证书设置和多个监听端口的配置。
Nginx的安装
1、nginx安装包下载地址
http://nginx.org/en/download.html
2、把nginx安装包上传到Linux系统上
2.1 Xhell 自带上传工具。
2.2 分享一个下载上传的应用,安装完成后rz是上传、sz是下载
yum -y install lrzsz
3、安装依赖环境
3.1 安装gcc
yum -y install gcc*
3.2 安装PCRE解析、ZLIB压缩解压缩、OPENSSL安全加密
yum -y install pcre-devel zlib-devel openssl-devel
3.3 创建nginx用户,禁止登陆,不设置家目录
useradd -M -s /sbin/nologin nginx
3.4 解压nginx安装包
tar -xvf nginx-1.8.1.tar.gz
3.5 进入解压好的nginx目录里,编译安装nginx
./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_stub_status_module && make && make install
3.6 下载nginx 启动脚本
nginx启动脚本下载地址: https://download.youkuaiyun.com/download/zhi_linux/86244942
Centos 7 中依然可以使用 service nginx start 启动nginx
3.7 打开浏览器,访问内网ip即可打开nginx默认页
Nginx的配置
1、nginx的配置文件介绍常用的配置
user nginx;
### 根据CPU核数来设置最大8,auto自动检测最佳
worker_processes 2;
### vim /etc/security/limits.conf ulimit -u
###* soft nofile 655350
###* hard nofile 655350
###* soft nproc 655350
###* hard nproc 655350
worker_rlimit_nofile 65535;
#pid logs/nginx.pid;
events {
### 打开的最大连接数
worker_connections 65535;
### 采用epoll事件模型,处理效率高
use epoll;
}
http {
include mime.types;
default_type application/octet-stream;
### 立即将数据从磁盘读到OS缓存
sendfile on;
#tcp_nopush on;
### 超过35秒,断开连接
keepalive_timeout 35;
#gzip on;
### 关闭nginx版本号
server_tokens off;
### nginx不要缓存数据
tcp_nodelay on;
### 关闭存储访问日志
access_log off;
### 只记录严重的错误
error_log /var/log/nginx/error.log crit;
### 关闭不响应的客户端连接
reset_timedout_connection on;
### 超时关闭连接
send_timeout 15;
### 上传文件大小限制
#client_max_body_size 10m;
### 一个IP地址最多同时打开有10个连接
limit_conn addr 10;
upstream 1 {
server 0.0.0.0:0000
}
server {
listen 70;
location / {
}
}
2、nginx 反向代理
#访问本机80端口时,本机会自动跳转到192.168.10.10:8081服务器上的web服务;
server {
listen 80;
server_name www.admin.com;
location / {
proxy_pass http://192.1680.10.10:8081;
}
}
3、nginx 负载均衡
#ip_hash:调度算法,默认 rr 轮训,hash常用语解决session共享的问题
#weight=1:代表权重,权重越高代表使用的越多
#max_fails=number:设置允许请求代理服务器失败的次数,默认为1。
#fail_timeout=time:设置经过max_fails失败后,服务暂停的时间,默认是10秒。
upstream guanwang {
server 0.0.0.0:8082 weight=1 fail_timeout=5 max_fails=3;
server 0.0.0.0:8083 weight=2 fail_timeout=5 max_fails=3;
ip_hash;
}
server {
listen 80;
server_name www.admin.com;
location / {
proxy_pass http://guanwang;
}
}
4、nginx 跨域配置
#如公司服务是BS架构会涉及跨域问题,请添加一下代码
#Access-Control-Allow-Origin *: *代表域名
server {
listen 80;
server_name localhost;
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Credentials true;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
location / {
root /usr/local/nginx/html/baoming/;
}
}
5、nginx https安全证书设置
#通过www.admin.com访问网页,进来后通过nginx的配置会被重定向到nginx的第二server虚拟主机的443端口,443端口代表https证书加密访问。
upstream guanwang {
server 172.10.22.11:8081;
}
server {
listen 80;
server_name www.admin.com;
#将请求转成https 重定向到https://$host$2 也就是nginx server的第二个
rewrite ^(.*)$ https://$host$2 permanent;
#return 301 https://$server_name$request_uri;
# location / {
# proxy_pass https://localhost:443;
# }
}
server {
listen 443 ssl;
server_name www.admin.com;
ssl_certificate /usr/local/nginx/www.admin.com_cert_chain.pem;
ssl_certificate_key /usr/local/nginx/www.admin.com_key.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://guanwang;
}
}
Nginx 分享实战
#user nobody;
worker_processes 8;
worker_rlimit_nofile 655350;
events {
worker_connections 655350;
use epoll;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 35;
#gzip on;
upstream guanwang {
server 172.22.22.11:8082 weight=1 fail_timeout=5 max_fails=3;
server 172.22.22.12:8083 weight=2 fail_timeout=5 max_fails=3;
ip_hash;
}
server {
listen 80;
server_name www.admin.com;
rewrite ^(.*)$ https://$host$2 permanent;
}
server {
listen 443 ssl;
server_name www.admin.com;
ssl_certificate /usr/local/nginx/证书.pem;
ssl_certificate_key /usr/local/nginx/证书.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://guanwang;
}
}
server {
listen 7001;
server_name localhost;
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Credentials true;
add_header Access-Control-Allow-Methods GET,POST;
location / {
root /usr/local/nginx/html/baoming/;
}
}
server {
listen 7002;
server_name localhost;
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Credentials true;
add_header Access-Control-Allow-Methods GET,POST;
location / {
root /usr/local/nginx/html/tice/;
}
location /api/ {
rewrite ^/b/(.*)$ /$1 break;
proxy_pass http://10.10.11.22:7014/;
}
}
server {
listen 7005;
server_name localhost;
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Credentials true;
add_header Access-Control-Allow-Methods GET,POST;
location / {
root /usr/local/nginx/html/chengjicx/;
}
}
}
如能帮到您,请您收藏备用。
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
