1.下载nginx
下载地址:https://nginx.org/en/download.html
选择稳定版本 下的镜像文件进行下载
2.解压Nginx包
cd /root/nginx
tar -zxvf nginx-1.26.0.tar.gz
cd nginx-1.26.0
3.安装nginx相关依赖
yum -y install gcc zlib zlib-devel pcre-devel openssl openssl-devel
4.生成 Makefile 可编译文件
./configure --with-http_ssl_module --with-http_stub_status_module
参数说明:
- –prefix=PATH:指定 nginx 的安装目录(默认/usr/local/nginx)
- –conf-path=PATH:指定 nginx.conf 配置文件路径
- –user=NAME:nginx 工作进程的用户
- –with-pcre:开启 PCRE 正则表达式的支持
- with-http-realip_module:允许改变客户端请求头中客户端 IP 地址
- –with-file-aio:启用 File AIO
- –add-module=PATH:添加第三方外部模块
5.编译和安装
# 编译
make
# 安装
make install
默认的安装路径为:/usr/local/nginx
6.启动
cd /usr/local/nginx/sbin
# 启动
./nginx
# 查看进程
ps -ef | grep nginx
# 停止
/usr/local/nginx/sbin/nginx -s stop
# 重启
/usr/local/nginx/sbin/nginx -s restart
7.配置
非https配置
worker_processes 1;
events {worker_connections 1024;
}http {include mime.types;default_type application/octet-stream;sendfile on;keepalive_timeout 65;#gzip on;upstream reverseProxyServer{ip_hash;#负载均衡应用服务器A: 权重为10,10s内连接请求失败2次,nginx在10s内认为server是不可用的,将不在发送请求给这台服务器server xxx.xxx.xx.xxx:9090 weight=10 max_fails=2 fail_timeout=10s; #负载均衡应用服务器B: 代理服务器权重为5,10s内连接请求失败2次,nginx在10s内认为server是不可用的,将不在发送请求给这台服务器server xxx.xxx.xx.xxx:9090 weight=5 fail_timeout=10s max_fails=2;}upstream reverseGrafanaServer{ip_hash;server xxx.xxx.xx.xxx:3000 weight=10 max_fails=2 fail_timeout=10s;server xxx.xxx.xx.xxx:3000 weight=8 max_fails=2 fail_timeout=10s;}server {listen 80;server_name xxx.com;proxy_redirect off;proxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_connect_timeout 30s;proxy_read_timeout 30s;#charset koi8-r;#access_log logs/host.access.log main;location /{proxy_pass http://reverseProxyServer/;}location /grafana/{proxy_buffering on;proxy_buffer_size 4k;proxy_buffers 8 4M;proxy_busy_buffers_size 4M;proxy_pass http://reverseGrafanaServer/;}}
}
https配置
http {...server {listen 80;server_name xxx.com;#将请求转成httpsrewrite ^(.*)$ https://$host$1 permanent;}server {listen 443 ssl;server_name xxx.com;proxy_redirect off;proxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_connect_timeout 30s;proxy_read_timeout 30s;#charset koi8-r;#ssl证书的pem文件路径ssl_certificate /usr/local/nginx/cert/server.crt;#ssl证书的key文件路径ssl_certificate_key /usr/local/nginx/cert/server.key;....}
}
FAQ:遇到问题总结
问题1:nginx: [emerg] unknown directive “ssl”
解决方法
1.nginx生成 Makefile可编译文件时没有开启ssl,请参考步骤4
2.旧版本配置ssl和新版本不一致
server{
listen 443;
xxx
ssl on;
#ssl证书的pem文件路径
ssl_certificate /usr/local/nginx/cert/server.crt;
#ssl证书的key文件路径
ssl_certificate_key /usr/local/nginx/cert/server.key;
}
应改为
server{
listen 443 ssl;
xxx
#ssl证书的pem文件路径
ssl_certificate /usr/local/nginx/cert/server.crt;
#ssl证书的key文件路径
ssl_certificate_key /usr/local/nginx/cert/server.key;
}
问题2:curl: (60) SSL certificate problem: self signed certificate
解决方法:curl命令向服务器发送https请求, curl https的时候需要加上-k参数
问题3:nginx配了证书显示站点连接不安全
解决方法:我手里有crt和key证书,因为我用crt证书使用openssl命令生成pem证书配置上去的原因
解决方法直接配置crt和key证书就行