Nginx的安装
1、nginx安装包下载地址
/en/download.html
2、把nginx安装包上传到Linux系统上
2.1 Xhell 自带上传工具。2.2 分享一个下载上传的应用,安装完成后rz是上传、sz是下载
yum -y install lrzsz
3、安装依赖环境
3.1 安装gcc
yum -y install gcc*
3.2 安装PCRE解析、ZLIB压缩解压缩、OPENSSL安全加密
yum -y install pcre-devel zlib-devel openssl-devel
3.3 创建nginx用户,禁止登陆,不设置家目录
useradd -M -s /sbin/nologin nginx
3.4 解压nginx安装包
tar -xvf nginx-1.8.1.tar.gz
3.5 进入解压好的nginx目录里,编译安装nginx
./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_stub_status_module && make && make install
3.6 下载nginx 启动脚本
nginx启动脚本下载地址: /download/zhi_linux/86244942
Centos 7 中依然可以使用 service nginx start 启动nginx
3.7 打开浏览器,访问内网ip即可打开nginx默认页
Nginx的配置
1、nginx的配置文件介绍常用的配置
user nginx;### 根据CPU核数来设置最大8,auto自动检测最佳worker_processes 2;### vim /etc/security/limits.conf ulimit -u ###*soft nofile 655350###*hard nofile 655350###*soft nproc 655350###*hard nproc 655350worker_rlimit_nofile 65535;#pid logs/nginx.pid;events {### 打开的最大连接数worker_connections 65535;### 采用epoll事件模型,处理效率高use epoll;} http {include mime.types;default_type application/octet-stream;### 立即将数据从磁盘读到OS缓存sendfile on;#tcp_nopushon;### 超过35秒,断开连接keepalive_timeout 35;#gzip on;### 关闭nginx版本号server_tokens off; ### nginx不要缓存数据tcp_nodelay on;### 关闭存储访问日志access_log off; ### 只记录严重的错误error_log /var/log/nginx/error.log crit;### 关闭不响应的客户端连接reset_timedout_connection on;### 超时关闭连接send_timeout 15;### 上传文件大小限制#client_max_body_size 10m;### 一个IP地址最多同时打开有10个连接limit_conn addr 10;upstream 1 {server 0.0.0.0:0000}server {listen 70;location / {}}
2、nginx 反向代理
#访问本机80端口时,本机会自动跳转到192.168.10.10:8081服务器上的web服务;server {listen 80;server_name ; location / {proxy_pass http://192.1680.10.10:8081;}}
3、nginx 负载均衡
#ip_hash:调度算法,默认 rr 轮训,hash常用语解决session共享的问题#weight=1:代表权重,权重越高代表使用的越多#max_fails=number:设置允许请求代理服务器失败的次数,默认为1。#fail_timeout=time:设置经过max_fails失败后,服务暂停的时间,默认是10秒。upstream guanwang {server 0.0.0.0:8082 weight=1 fail_timeout=5 max_fails=3;server 0.0.0.0:8083 weight=2 fail_timeout=5 max_fails=3;ip_hash;}server {listen 80;server_name ;location / {proxy_pass http://guanwang;}}
4、nginx 跨域配置
#如公司服务是BS架构会涉及跨域问题,请添加一下代码
#Access-Control-Allow-Origin *: *代表域名
server {listen 80;server_name localhost;add_header Access-Control-Allow-Origin *;add_header Access-Control-Allow-Credentials true;add_header Access-Control-Allow-Methods GET,POST,OPTIONS;location / {root /usr/local/nginx/html/baoming/;}}
5、nginx https安全证书设置
#通过访问网页,进来后通过nginx的配置会被重定向到nginx的第二server虚拟主机的443端口,443端口代表https证书加密访问。upstream guanwang {server 172.10.22.11:8081;}server {listen 80;server_name ;#将请求转成https 重定向到https://$host$2 也就是nginx server的第二个rewrite ^(.*)$ https://$host$2 permanent;#return 301 https://$server_name$request_uri;#location / {#proxy_pass https://localhost:443;#}}server {listen 443 ssl;server_name ;ssl_certificate /usr/local/nginx/_cert_chain.pem;ssl_certificate_key /usr/local/nginx/_key.key;ssl_session_cacheshared:SSL:1m;ssl_session_timeout 5m;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256;ssl_prefer_server_ciphers on;location / {proxy_pass http://guanwang;}}
Nginx 分享实战
#user nobody;worker_processes 8;worker_rlimit_nofile 655350;events {worker_connections 655350;use epoll;} http {include mime.types;default_type application/octet-stream;sendfile on;keepalive_timeout 35;#gzip on;upstream guanwang {server 172.22.22.11:8082 weight=1 fail_timeout=5 max_fails=3;server 172.22.22.12:8083 weight=2 fail_timeout=5 max_fails=3;ip_hash;}server {listen 80;server_name ;rewrite ^(.*)$ https://$host$2 permanent;}server {listen 443 ssl;server_name ;ssl_certificate /usr/local/nginx/证书.pem;ssl_certificate_key /usr/local/nginx/证书.key;ssl_session_cacheshared:SSL:1m;ssl_session_timeout 5m;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256;ssl_prefer_server_ciphers on;location / {proxy_pass http://guanwang;}}server {listen 7001;server_name localhost;add_header Access-Control-Allow-Origin *;add_header Access-Control-Allow-Credentials true;add_header Access-Control-Allow-Methods GET,POST;location / {root /usr/local/nginx/html/baoming/;} }server {listen 7002;server_name localhost;add_header Access-Control-Allow-Origin *;add_header Access-Control-Allow-Credentials true;add_header Access-Control-Allow-Methods GET,POST;location / {root /usr/local/nginx/html/tice/;}location /api/ {rewrite ^/b/(.*)$ /$1 break;proxy_pass http://10.10.11.22:7014/;}}server {listen 7005;server_name localhost;add_header Access-Control-Allow-Origin *;add_header Access-Control-Allow-Credentials true;add_header Access-Control-Allow-Methods GET,POST;location / {root /usr/local/nginx/html/chengjicx/;}}}
如能帮到您,请您收藏备用。