Nginx的安装

1、nginx安装包下载地址

/en/download.html

2、把nginx安装包上传到Linux系统上

2.1 Xhell 自带上传工具。2.2 分享一个下载上传的应用，安装完成后rz是上传、sz是下载

yum -y install lrzsz

3、安装依赖环境

3.1 安装gcc

yum -y install gcc*

3.2 安装PCRE解析、ZLIB压缩解压缩、OPENSSL安全加密

yum -y install pcre-devel zlib-devel openssl-devel

3.3 创建nginx用户，禁止登陆，不设置家目录

useradd -M -s /sbin/nologin nginx

3.4 解压nginx安装包

tar -xvf nginx-1.8.1.tar.gz

3.5 进入解压好的nginx目录里，编译安装nginx

./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_stub_status_module && make && make install

3.6 下载nginx 启动脚本

nginx启动脚本下载地址： /download/zhi_linux/86244942

Centos 7 中依然可以使用 service nginx start 启动nginx

3.7 打开浏览器，访问内网ip即可打开nginx默认页

Nginx的配置

1、nginx的配置文件介绍常用的配置

user nginx;### 根据CPU核数来设置最大8,auto自动检测最佳worker_processes 2;### vim /etc/security/limits.conf ulimit -u ###*soft nofile 655350###*hard nofile 655350###*soft nproc 655350###*hard nproc 655350worker_rlimit_nofile 65535;#pid logs/nginx.pid;events {### 打开的最大连接数worker_connections 65535;### 采用epoll事件模型，处理效率高use epoll;} http {include mime.types;default_type application/octet-stream;### 立即将数据从磁盘读到OS缓存sendfile on;#tcp_nopushon;### 超过35秒，断开连接keepalive_timeout 35;#gzip on;### 关闭nginx版本号server_tokens off; ### nginx不要缓存数据tcp_nodelay on;### 关闭存储访问日志access_log off; ### 只记录严重的错误error_log /var/log/nginx/error.log crit;### 关闭不响应的客户端连接reset_timedout_connection on;### 超时关闭连接send_timeout 15;### 上传文件大小限制#client_max_body_size 10m;### 一个IP地址最多同时打开有10个连接limit_conn addr 10;upstream 1 {server 0.0.0.0:0000}server {listen 70;location / {}}

2、nginx 反向代理

#访问本机80端口时，本机会自动跳转到192.168.10.10:8081服务器上的web服务；server {listen 80;server_name ; location / {proxy_pass http://192.1680.10.10:8081;}}

3、nginx 负载均衡

#ip_hash：调度算法，默认 rr 轮训，hash常用语解决session共享的问题#weight=1:代表权重，权重越高代表使用的越多#max_fails=number:设置允许请求代理服务器失败的次数，默认为1。#fail_timeout=time:设置经过max_fails失败后，服务暂停的时间，默认是10秒。upstream guanwang {server 0.0.0.0:8082 weight=1 fail_timeout=5 max_fails=3;server 0.0.0.0:8083 weight=2 fail_timeout=5 max_fails=3;ip_hash;}server {listen 80;server_name ;location / {proxy_pass http://guanwang;}}

4、nginx 跨域配置

#如公司服务是BS架构会涉及跨域问题，请添加一下代码

#Access-Control-Allow-Origin *: *代表域名

server {listen 80;server_name localhost;add_header Access-Control-Allow-Origin *;add_header Access-Control-Allow-Credentials true;add_header Access-Control-Allow-Methods GET,POST,OPTIONS;location / {root /usr/local/nginx/html/baoming/;}}

5、nginx https安全证书设置

#通过访问网页，进来后通过nginx的配置会被重定向到nginx的第二server虚拟主机的443端口，443端口代表https证书加密访问。upstream guanwang {server 172.10.22.11:8081;}server {listen 80;server_name ;#将请求转成https 重定向到https://$host$2 也就是nginx server的第二个rewrite ^(.*)$ https://$host$2 permanent;#return 301 https://$server_name$request_uri;#location / {#proxy_pass https://localhost:443;#}}server {listen 443 ssl;server_name ;ssl_certificate /usr/local/nginx/_cert_chain.pem;ssl_certificate_key /usr/local/nginx/_key.key;ssl_session_cacheshared:SSL:1m;ssl_session_timeout 5m;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256;ssl_prefer_server_ciphers on;location / {proxy_pass http://guanwang;}}

Nginx 分享实战

#user nobody;worker_processes 8;worker_rlimit_nofile 655350;events {worker_connections 655350;use epoll;} http {include mime.types;default_type application/octet-stream;sendfile on;keepalive_timeout 35;#gzip on;upstream guanwang {server 172.22.22.11:8082 weight=1 fail_timeout=5 max_fails=3;server 172.22.22.12:8083 weight=2 fail_timeout=5 max_fails=3;ip_hash;}server {listen 80;server_name ;rewrite ^(.*)$ https://$host$2 permanent;}server {listen 443 ssl;server_name ;ssl_certificate /usr/local/nginx/证书.pem;ssl_certificate_key /usr/local/nginx/证书.key;ssl_session_cacheshared:SSL:1m;ssl_session_timeout 5m;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256;ssl_prefer_server_ciphers on;location / {proxy_pass http://guanwang;}}server {listen 7001;server_name localhost;add_header Access-Control-Allow-Origin *;add_header Access-Control-Allow-Credentials true;add_header Access-Control-Allow-Methods GET,POST;location / {root /usr/local/nginx/html/baoming/;} }server {listen 7002;server_name localhost;add_header Access-Control-Allow-Origin *;add_header Access-Control-Allow-Credentials true;add_header Access-Control-Allow-Methods GET,POST;location / {root /usr/local/nginx/html/tice/;}location /api/ {rewrite ^/b/(.*)$ /$1 break;proxy_pass http://10.10.11.22:7014/;}}server {listen 7005;server_name localhost;add_header Access-Control-Allow-Origin *;add_header Access-Control-Allow-Credentials true;add_header Access-Control-Allow-Methods GET,POST;location / {root /usr/local/nginx/html/chengjicx/;}}}

如能帮到您，请您收藏备用。