先安装依赖
安装依赖之前最好先执行下update
yum update
yum install gcc gcc-c++ pcre pcre-devel zlib zlib-devel openssl openssl-devel -y
cd /usr/local/nginx
wget http://nginx.org/download/nginx-1.18.0.tar.gz
tar -zxvf nginx-1.18.0.tar.gz
cd /usr/local/nginx/nginx-1.18.0
执行三个命令:
./configure
make
make install
/usr/local/nginx/sbin/nginx -V如果报错没有nginx命令说明没有配置nginx的环境变量
打开/etc/profile
vi /etc/profile
在最后一行 追加下面配置(ESC :wq 保存退出)
export PATH=$PATH:/usr/local/nginx/sbin
执行source /etc/profile使配置生效,就可以用nginx命令了
配置开机自启动
vi /lib/systemd/system/nginx.service
复制以下内容保存(按ESC后:wq保存退出)
[Unit]
Description=nginx service
After=network.target[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s quit
PrivateTmp=true[Install]
WantedBy=multi-user.target
设置开机自启动
systemctl enable nginx
启动、查看状态、重启nginx,指令3件套
systemctl start nginx
systemctl status nginx
systemctl restart nginx
阿里云SSL证书配置
把阿里云申请的证书放到目录 /data/cert 或者/usr/local/nginx/conf/cert (路径自己指定)
注意:服务器安全组要开启80/443端口
vi /usr/local/nginx/conf/nginx.conf
增加配置,把下面的www.yuming.com改成自己的域名
server {listen 80;server_name www.yuming.com;return 301 https://$server_name$request_uri;}server {listen 443 ssl; # nginx1.15之后用这个语法,老的语法是ssl on;server_name wwww.yuming.com;ssl_certificate /data/cert/www.yuming.com.pem;ssl_certificate_key /data/cert/www.yuming.com.key;ssl_session_timeout 5m;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;ssl_prefer_server_ciphers on;location / {client_max_body_size 12m; # 设置请求头大小proxy_set_header Host $http_host;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Real-Ip $remote_addr;proxy_set_header X-NginX-Proxy true;proxy_pass http://localhost:8001;proxy_redirect off;}}
腾讯云SSL证书配置
基本和阿里云差不多,在ssl_ciphers处有差异
注意:服务器安全组要开启80/443端口,申请证书的二级域名要和绑定的域名一致,如下例:service,否则会有不安全的警告
server {listen 80;server_name service.yuming.com;return 301 https://$server_name$request_uri;}server {listen 443 ssl; # nginx1.15之后用这个语法,老的语法是ssl on;server_name service.yuming.com;ssl_certificate /data/cert/1_service.yuming.com_bundle.crt;ssl_certificate_key /data/cert/2_service.yuming.com.key;ssl_session_timeout 5m;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ssl_prefer_server_ciphers on;location / {client_max_body_size 12m; # 设置请求头大小proxy_set_header Host $http_host;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Real-Ip $remote_addr;proxy_set_header X-NginX-Proxy true;proxy_pass http://localhost:8081;proxy_redirect off;}}
Nginx其他配置
1、配置静态文件访问,autoindex on可以设置为开启索引,可自行设置
server {listen 80;server_name pic.yuming.com;charset utf-8;location / {# 配置静态目录root /data/upimgs;autoindex off; # on显示资源目录,off不显示autoindex_exact_size off; # on以bytes显示大小,off以KB、MB、GB显示文件大小autoindex_format html; # 以html的方式进行格式化,可选参数有 html | json | xmlautoindex_localtime off; # 显示的⽂件时间为⽂件的服务器时间。默认为off,显示的⽂件时间为GMT时间}}
2、nginx限制ip访问 + 反向代理
server {listen 80; #监听端口server_name api.yuming.com; #域名#自定义变量set $serverip $server_addr; # 服务器地址放在变量里,避免重复取#allow 61.18.22.155; # 限制固定ip访问#allow 61.18.22.0/24; # 0/24意思是ip的前3段一致,值范围[8,16,24]#deny all; # 拒绝所有的location / {root /data/website/goapp/dist; # 配置静态目录index index.html; # 配置默认首页try_files $uri $uri/ /index.html; # 解决刷新问题}location /api {client_max_body_size 12m; #此处修改上传文件大小限制proxy_pass http://127.0.0.1:8083; #反向代理地址+端口proxy_set_header Host $http_host; #设置Hostproxy_set_header X-Real-Ip $remote_addr; #设置客户端远程地址proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Server-Ip $serverip; #设置服务器内网地址proxy_set_header X-NginX-Proxy true; # 下面暂时没啥用set_real_ip_from 0.0.0.0/0; #从哪个信任前代理处获得真实用户ipreal_ip_header X-Forwarded-For; #接收到报文的哪个http首部去获取前代理传送的用户ipreal_ip_recursive on; #是否递归地排除直至得到用户ip(默认为off)}}
nginx加websocket配置
location /ws {proxy_http_version 1.1;proxy_pass http://localhost:8009;proxy_set_header Upgrade $http_upgrade;proxy_set_header Connection "upgrade"; }