Nginx学习笔记
maiaimei 2021/2/18 Nginx
# 配置负载均衡
http {
upstream myserver{
server 192.168.1.102:9090;
server 192.168.1.102:9091;
}
server {
listen 80;
server_name 192.168.66.133;
location / {
proxy_pass http://myserver;
}
}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
2
3
4
5
6
7
8
9
10
11
12
13
14
15
# 实现 https 访问
# 安装 ssl 模块
查看 nginx 是否安装 http_ssl_module 模块
/usr/local/nginx/sbin/nginx -V
1
如果出现 configure arguments: --with-http_ssl_module, 则已安装。
否则执行以下命令。
cd /opt/software/
# 解压
tar -xvf nginx-1.12.2.tar.gz
# 切换目录
cd nginx-1.12.2
# 配置ssl 方式一
./configure --prefix=/usr/local/nginx --with-http_ssl_module
# 配置ssl 方式二
# rpm -qa|grep -i openssl
# yum -y install openssl openssl-devel
#./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
# 使用 make 命令编译(使用make install会重新安装nginx),此时当前目录会出现 objs 文件夹
make
# 关闭nginx
ps -ef|grep nginx
kill -9 进程
# 备份nginx
cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak
# 用新的 nginx 文件覆盖当前的 nginx 文件
cp /opt/software/nginx-1.12.2/objs/nginx /usr/local/nginx/sbin/
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
# 部署 ssl 证书
cd /usr/local/nginx
# 创建cert目录并上传证书
mkdir cert
1
2
3
2
3
# 配置 nginx.conf
vi /usr/local/nginx/conf/nginx.conf
1
默认为:
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
修改为:
# HTTPS server
server {
listen 443 ssl;
# 域名,多个以空格分开
server_name maiamy.cn www.maiamy.cn;
# 绝对路径
ssl_certificate /usr/local/nginx/ssl/cert.pem;
# 绝对路径
ssl_certificate_key /usr/local/nginx/ssl/cert.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# 反向代理,防止java代码获取的是127.0.0.1
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
# 解决:中文乱码
charset utf-8;
# 反向代理-文件系统
location ~ /files/ {
proxy_pass http://127.0.0.1:8081;
}
# 反向代理-HRAPI
location ~ /hrapi/ {
proxy_pass http://127.0.0.1:8082;
}
# 反向代理-UUAP
location ~ /uuap/ {
proxy_pass http://127.0.0.1:8083;
}
# 动静分离-UUAP(需要验证)
location ~ /uuap/*.*\.(css|js|gif|jpg|png)$ {
root html/uuap/static;
}
location /hrweb {
root html;
index index.html index.htm;
}
location / {
root html/vuepress-blog;
index index.html index.htm;
}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
将 http 重定向到 https
# 方式一(推荐)
server {
listen 80;
server_name maiamy.cn www.maiamy.cn;
return 301 https://$host$request_uri;
}
# 方式二
server {
listen 80;
server_name maiamy.cn www.maiamy.cn;
rewrite ^(.*)$ https://$host$1 permanent;
}
1
2
3
4
5
6
7
8
9
10
11
12
13
2
3
4
5
6
7
8
9
10
11
12
13
检查配置文件是否有误
./nginx -t
1
重启nginx
cd /usr/local/nginx/sbin
./nginx
1
2
2