Nginx安装与配置

举报
fengfeng 发表于 2017/03/07 11:17:54 2017/03/07
【摘要】 Nginx安装与配置

1      卸载nginx

       如果单板上已经安装了nginx,需要先卸载nginx

1)      关闭nginx服务

ps  ef  |  grep  nginx

kill QUIT 主进程号

2)      删除nginx安装目录

        cd /usr/local

           rm rf  nginx

           rm rf  nginx-1.7.10

2      安装nginx依赖组件

       1)安装pcre

        tar -zxvf pcre-8.36.tar.gz

cd pcre-8.36

./configure

make

make install

       2)安装zlib

tar -zxvf zlib-1.2.8.tar.gz

cd zlib-1.2.8

./configure

make

make install

       3)安装openssl

tar -zxvf openssl-1.0.1g.tar.gz

cd openssl-1.0.1g

./config

make

make install

注意:低版本的openssl有漏洞,前台需要使用较高版本的openssl1.0.1g以上版本)。一般Linux系统都自带openssl组件,此处安装不会覆盖系统自带的openssl,如果要覆盖系统自带的openssl,可以按如下步骤操作(可以不执行):

 mv /usr/bin/openssl /usr/bin/openssl.OFF

 mv /usr/include/openssl /usr/include/openssl.OFF

 ln s /usr/local/ssl/bin/openssl /usr/bin/openssl

 ln s /usr/local/ssl/include/openssl /usr/include/openssl

3      安装nginx

tar -zxvf nginx-1.7.10.tar.gz

cd nginx-1.7.10

./configure --prefix=/usr/local/nginx --with-pcre=/usr/local/pcre-8.36 --with-zlib=/usr/local/zlib-1.2.8 --with-openssl=/usr/local/openssl-1.0.1g --with-http_ssl_module

make

make install

注意:安装nginx时一定要安装HTTPS模块(--with-http_ssl_module),否则无法使用nginxHTTPS代理。编译过程比较慢,请耐心等候。

 

4      生成https证书

cd /usr/local/nginx/conf

openssl genrsa -des3 -out server.key 1024 (此步骤需要设置密码)

openssl req -new -key server.key -out server.csr (此步骤需要输入密码)

openssl rsa -in server.key -out server_nopwd.key

openssl x509 -req -days 365 -in server.csr -signkey server_nopwd.key -out server.crt

5      配置nginx

nginx主要配置如下:

1)http请求分发

server {

        listen      80;

        server_name  10.176.88.120;

 

        access_log  logs/host.access.log  main;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        client_body_buffer_size 512k;

        proxy_connect_timeout 300;

        proxy_read_timeout 300;

        proxy_send_timeout 300;

        proxy_buffer_size 16k;

        proxy_buffers 4 64k;

        proxy_busy_buffers_size 128k;

        proxy_temp_file_write_size 128k;

 

        location / {

                proxy_pass http://10.176.88.120:29330;

                proxy_set_header Host $host:80;

                proxy_set_header X-Real-IP $remote_addr;

                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

                proxy_set_header Via "nginx";

        }

 

        location ~ ^/WEB-INF/ {

           deny all;

        }

 

        set $resp_body "";

    }

2)https请求分发

server {

        listen       443;

        server_name  10.176.88.120;

 

        ssl                  on;

        ssl_certificate      /usr/local/nginx/conf/server.crt;

        ssl_certificate_key  /usr/local/nginx/conf/server.key;

 

        location / {

                proxy_pass https:// 10.176.88.120:29440;

                proxy_set_header Host $host:443;

                proxy_set_header X-Real-IP $remote_addr;

                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

                proxy_set_header Via "nginx";

        }

    }

3)httphttps跳转

server {

        listen 29440;

        server_name 10.176.88.121;

        rewrite ^(.*) https://$server_name$1 permanent;

 

        ssl               on;

        ssl_certificate      /usr/local/nginx/conf/server.crt;

        ssl_certificate_key  /usr/local/nginx/conf/server.key;

    }

4)httpshttp跳转

server {

        listen 29330;

        server_name 10.176.88.121;

        rewrite ^(.*) http://$server_name$1 permanent;

    }

6      启动nginx

cd /usr/local/nginx/sbin

./nginx https模块启动时需要多次输入密码,即生成https证书时设置的密码,)

ps –ef | grep nginx (查看nginx是否启动)

 

7      附录:

Nginx完整的配置样例:

#user  nobody;

worker_processes  2;

error_log /usr/local/nginx/logs/error.log warn;

 

#error_log  logs/error.log;

#error_log  logs/error.log  notice;

#error_log  logs/error.log  info;

 

#pid        logs/nginx.pid;

 

 

events {

    worker_connections  1024;

}

 

http {

    include       mime.types;

    default_type  application/octet-stream;

 

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" "$request_body" "$resp_body"'

                      '$status $body_bytes_sent "$http_referer" '

                      '"$http_user_agent" "$http_x_forwarded_for"';

 

    access_log  /usr/local/nginx/logs/access.log  main;

 

    #sendfile        on;

    #tcp_nopush     on;

 

    #keepalive_timeout  0;

    #Upload file size limit

    client_header_buffer_size 32k;

    #Slow setting request

    large_client_header_buffers 4 64k;

    #Server name hash table size

    server_names_hash_bucket_size 128;

    # Set the requested relief

    client_max_body_size 8m;

 

    #if used to download applications such as disk IO heavy load applications, can be set off,

    #in order to balance the disk and network I / O processing speed and reduce the load on the system.

    #Note: If the picture is not displayed properly put this into off

    sendfile on;

    #Prevent network congestion

    tcp_nopush on;

    tcp_nodelay  on;

    #Open access directory listing, download the appropriate server, the default is off.

    autoindex on;

    #keepalive_timeout  0; Long connection timeout in seconds

 

    keepalive_timeout  300;

 

    #gzip  on;

      

       server {

        listen      80;

        server_name  10.176.88.120;

 

        access_log  logs/host.access.log  main;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        client_body_buffer_size 512k;

        proxy_connect_timeout 300;

        proxy_read_timeout 300;

        proxy_send_timeout 300;

        proxy_buffer_size 16k;

        proxy_buffers 4 64k;

        proxy_busy_buffers_size 128k;

        proxy_temp_file_write_size 128k;

 

        location / {

                proxy_pass http:// 10.176.88.120:29330;

                proxy_set_header Host $host:80;

                proxy_set_header X-Real-IP $remote_addr;

                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

                proxy_set_header Via "nginx";

        }

 

        location ~ ^/WEB-INF/ {

           deny all;

        }

 

        set $resp_body "";

    }

      

      

       # HTTPS server

    #

    server {

        listen       443;

        server_name  10.176.88.120;

 

        ssl                  on;

        ssl_certificate      /usr/local/nginx/conf/server.crt;

        ssl_certificate_key  /usr/local/nginx/conf/server.key;

 

        location / {

                proxy_pass https:// 10.176.88.120:29440;

                proxy_set_header Host $host:443;

                proxy_set_header X-Real-IP $remote_addr;

                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

                proxy_set_header Via "nginx";

        }

    }

      

       #http to https

       server {

        listen 29440;

        server_name 10.176.88.121;

        rewrite ^(.*) https://$server_name$1 permanent;

 

        ssl                  on;

        ssl_certificate      /usr/local/nginx/conf/server.crt;

        ssl_certificate_key  /usr/local/nginx/conf/server.key;

    }

       #https to http

    server {

        listen 29330;

        server_name 10.176.88.121;

        rewrite ^(.*) http://$server_name$1 permanent;

    }

}

作者 |李培道

转载请注明出处:华为云博客 https://portal.hwclouds.com/blogs

【版权声明】本文为华为云社区用户原创内容,转载时必须标注文章的来源(华为云社区)、文章链接、文章作者等基本信息, 否则作者和本社区有权追究责任。如果您发现本社区中有涉嫌抄袭的内容,欢迎发送邮件进行举报,并提供相关证据,一经查实,本社区将立刻删除涉嫌侵权内容,举报邮箱: cloudbbs@huaweicloud.com
  • 点赞
  • 收藏
  • 关注作者

评论(0

0/1000
抱歉,系统识别当前为高风险访问,暂不支持该操作

全部回复

上滑加载中

设置昵称

在此一键设置昵称,即可参与社区互动!

*长度不超过10个汉字或20个英文字符,设置后3个月内不可修改。

*长度不超过10个汉字或20个英文字符,设置后3个月内不可修改。