1.下载nginx

下载地址：https://nginx.org/en/download.html

选择稳定版本 下的镜像文件进行下载

2.解压Nginx包

cd /root/nginx
tar -zxvf nginx-1.26.0.tar.gz
cd nginx-1.26.0

3.安装nginx相关依赖

yum -y install gcc zlib zlib-devel pcre-devel openssl openssl-devel

4.生成 Makefile 可编译文件

./configure --with-http_ssl_module --with-http_stub_status_module

参数说明：

• –prefix=PATH：指定 nginx 的安装目录（默认/usr/local/nginx）
• –conf-path=PATH：指定 nginx.conf 配置文件路径
• –user=NAME：nginx 工作进程的用户
• –with-pcre：开启 PCRE 正则表达式的支持
• with-http-realip_module：允许改变客户端请求头中客户端 IP 地址
• –with-file-aio：启用 File AIO
• –add-module=PATH：添加第三方外部模块

5.编译和安装

# 编译
make
# 安装
make install

默认的安装路径为：/usr/local/nginx

6.启动

cd /usr/local/nginx/sbin
# 启动
./nginx
# 查看进程
ps -ef | grep nginx
# 停止
/usr/local/nginx/sbin/nginx -s stop
# 重启
/usr/local/nginx/sbin/nginx -s restart

7.配置

非https配置

worker_processes  1;
events {worker_connections  1024;
}http {include       mime.types;default_type  application/octet-stream;sendfile        on;keepalive_timeout  65;#gzip  on;upstream reverseProxyServer{ip_hash;#负载均衡应用服务器A: 权重为10,10s内连接请求失败2次,nginx在10s内认为server是不可用的，将不在发送请求给这台服务器server xxx.xxx.xx.xxx:9090 weight=10 max_fails=2 fail_timeout=10s; #负载均衡应用服务器B: 代理服务器权重为5,10s内连接请求失败2次,nginx在10s内认为server是不可用的，将不在发送请求给这台服务器server xxx.xxx.xx.xxx:9090 weight=5 fail_timeout=10s max_fails=2;}upstream reverseGrafanaServer{ip_hash;server xxx.xxx.xx.xxx:3000 weight=10 max_fails=2 fail_timeout=10s;server xxx.xxx.xx.xxx:3000 weight=8 max_fails=2 fail_timeout=10s;}server {listen       80;server_name  xxx.com;proxy_redirect off;proxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_connect_timeout 30s;proxy_read_timeout 30s;#charset koi8-r;#access_log  logs/host.access.log  main;location /{proxy_pass http://reverseProxyServer/;}location /grafana/{proxy_buffering on;proxy_buffer_size 4k;proxy_buffers 8 4M;proxy_busy_buffers_size 4M;proxy_pass http://reverseGrafanaServer/;}}
}

https配置

http {...server {listen 80;server_name xxx.com;#将请求转成httpsrewrite ^(.*)$ https://$host$1 permanent;}server {listen       443 ssl;server_name  xxx.com;proxy_redirect off;proxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_connect_timeout 30s;proxy_read_timeout 30s;#charset koi8-r;#ssl证书的pem文件路径ssl_certificate  /usr/local/nginx/cert/server.crt;#ssl证书的key文件路径ssl_certificate_key /usr/local/nginx/cert/server.key;....}
}

FAQ：遇到问题总结

问题1：nginx: [emerg] unknown directive “ssl”

解决方法
1.nginx生成 Makefile可编译文件时没有开启ssl，请参考步骤4
2.旧版本配置ssl和新版本不一致
server{
listen 443;
xxx
ssl on;
#ssl证书的pem文件路径
ssl_certificate /usr/local/nginx/cert/server.crt;
#ssl证书的key文件路径
ssl_certificate_key /usr/local/nginx/cert/server.key;
}
应改为
server{
listen 443 ssl;
xxx
#ssl证书的pem文件路径
ssl_certificate /usr/local/nginx/cert/server.crt;
#ssl证书的key文件路径
ssl_certificate_key /usr/local/nginx/cert/server.key;
}

问题2：curl: (60) SSL certificate problem: self signed certificate

解决方法：curl命令向服务器发送https请求, curl https的时候需要加上-k参数

问题3：nginx配了证书显示站点连接不安全

解决方法：我手里有crt和key证书，因为我用crt证书使用openssl命令生成pem证书配置上去的原因
解决方法直接配置crt和key证书就行