Nginx的安装并配置http和https域名,将内网IP映射到公网IP
Nginx安装˃+安装依赖包:yum-yinstallpcre-developensslopenssl-devel˃+下载Nginix安装包:wget-chttp://teng
Nginx安装
- 安装依赖包:yum -y install pcre-devel openssl openssl-devel
- 下载Nginix安装包: wget -c http://tengine.taobao.org/download/tengine-2.2.0.tar.gz
- 授予压缩包执行权:chmod +x tengine-2.2.0.tar.gz
- 解压压缩包:tar -zxvf tengine-2.2.0.tar.gz
- 进入解压后的文件夹:cd tengine-2.2.0
- 执行:./configure –prefix=/usr/local/nginx
- 编译,在tengine-2.2.0文件夹目录下执行:make
- 安装,在tengine-2.2.0文件夹目录下执行:make install
- Nginx配置http域名,并使访问http强制跳转到https
- 编辑Nginx的配置文件:vim /usr/local/nginx/conf/nginx.conf
- 在http节点下,添加upstream srmweb节点:
upstream srmweb { dynamic_resolve fallback=stale fail_timeout=30s; server 10.111.100.71:8080; check interval=3000 rise=2 fall=5 timeout=1000 default_down=true type=http; check_http_send "HEAD / HTTP/1.0\r\n\r\n"; check_http_expect_alive http_2xx http_3xx; session_sticky; }- 在http节点下,添加upstream itfapp节点:
upstream itfapp { dynamic_resolve fallback=stale fail_timeout=30s; server 10.111.100.71:8081; session_sticky; }- 在server节点中修改需要配置的:server_name srmtest.qdama.cn;
- 在server节点中添加,访问http的重定向到https:rewrite ^(.*)$ https://$host$1 permanent;
- 在server节点中添加srm的location节点:
location / { proxy_pass http://srmweb; client_max_body_size 50m; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; }- 在server节点中添加itf的location节点:
location /itf { proxy_pass http://itfapp; client_max_body_size 50m; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; }- Nginx配置https域名
- 编辑Nginx的配置文件:vim /usr/local/nginx/conf/nginx.conf
- 找到最下面的HTTPS server节点,将server节点全部取消注释
- 修改server节点的配置,如下:
```server { listen 443 ssl; server_name srmtest.qdama.cn; ssl_certificate keys/214831783700027.pem; ssl_certificate_key keys/214831783700027.key; ssl_session_cache shared1m; ssl_session_timeout 5m;
#ssl_ciphers HIGH:!aNULL:!MD5;
#ssl_prefer_server_ciphers on;
error_page 500 502 503 504 /50x.html;
error_page 404 /404.html;
error_page 403 /403.html;
location = /50x.html {
root html;
}
location = /404.html {
root html;
}
location = /403.html {
root html;
}
location ^~ /maintain/ {
index index.html;
root html;
}
- 在HTTPS server里面添加srmweb的location节点:
location / {
proxy_pass http://srmweb;
client_max_body_size 50m;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
>+ 在HTTPS server里面添加itfapp的location节点:location /itf {
proxy_pass https://itfapp;
client_max_body_size 50m;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;}
- 配置完成,启动Nginx,先进入到Nginx的sbin目录下:cd /usr/local/nginx/sbin
- 启动Nginx命令:./nginx -s start
- 关闭Nginx命令:./nginx -s stop
- 重启Nginx命令:./nginx -s reload
- 启动Nginx访问页面进行测试: https://srmtest.qdama.cn/
- Nginx附录
- 该次项目的完整Nginx配置
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
# load modules compiled as Dynamic Shared Object (DSO)
#
#dso {
# load ngx_http_fastcgi_module.so;
# load ngx_http_rewrite_module.so;
#}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
upstream srmweb {
dynamic_resolve fallback=stale fail_timeout=30s;
server 10.111.100.71:8080;
check interval=3000 rise=2 fall=5 timeout=1000 default_down=true type=http;
check_http_send "HEAD / HTTP/1.0\r\n\r\n";
check_http_expect_alive http_2xx http_3xx;
session_sticky;
}
upstream itfapp {
dynamic_resolve fallback=stale fail_timeout=30s;
server 10.111.100.71:8081;
session_sticky;
}
#gzip on;
server {
listen 80;
server_name srmtest.qdama.cn;
rewrite ^(.*)$ https://$host$1 permanent;
error_page 500 502 503 504 /50x.html;
error_page 404 /404.html;
error_page 403 /403.html;
location = /50x.html {
root html;
}
location = /404.html {
root html;
}
location = /403.html {
root html;
}
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
proxy_pass http://srmweb;
client_max_body_size 50m;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /itf {
proxy_pass http://itfapp;
client_max_body_size 50m;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
#
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
server {
listen 443 ssl;
server_name srmtest.qdama.cn;
ssl_certificate keys/214831783700027.pem;
ssl_certificate_key keys/214831783700027.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
#ssl_ciphers HIGH:!aNULL:!MD5;
#ssl_prefer_server_ciphers on;
error_page 500 502 503 504 /50x.html;
error_page 404 /404.html;
error_page 403 /403.html;
location = /50x.html {
root html;
}
location = /404.html {
root html;
}
location = /403.html {
root html;
}
location ^~ /maintain/ {
index index.html;
root html;
}
location / {
proxy_pass http://srmweb;
client_max_body_size 50m;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /itf {
proxy_pass https://itfapp;
client_max_body_size 50m;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
- Nginx 文件结构
... #全局块
events { #events块
...
}
http #http块
{
... #http全局块
server #server块
{
... #server全局块
location [PATTERN] #location块
{
...
}
location [PATTERN]
{
...
}
}
server
{
...
}
... #http全局块
}
- 全局块:配置影响nginx全局的指令。一般有运行nginx服务器的用户组,nginx进程pid存放路径,日志存放路径,配置文件引入,允许生成worker process数等
- events块:配置影响nginx服务器或与用户的网络连接。有每个进程的最大连接数,选取哪种事件驱动模型处理连接请求,是否允许同时接受多个网路连接,开启多个网络连接序列化等
- http块:可以嵌套多个server,配置代理,缓存,日志定义等绝大多数功能和第三方模块的配置。如文件引入,mime-type定义,日志自定义,是否使用sendfile传输文件,连接超时时间,单连接请求数等
- server块:配置虚拟主机的相关参数,一个http中可以有多个server
- location块:配置请求的路由,以及各种页面的处理情况。
- Nginx配置详解
########### 每个指令必须有分号结束。#################
#user administrator administrators; #配置用户或者组,默认为nobody nobody。
#worker_processes 2; #允许生成的进程数,默认为1
#pid /nginx/pid/nginx.pid; #指定nginx进程运行文件存放地址
error_log log/error.log debug; #制定日志路径,级别。这个设置可以放入全局块,http块,server块,
级别以此为:debug|info|notice|warn|error|crit|alert|emerg
events {
accept_mutex on; #设置网路连接序列化,防止惊群现象发生,默认为on
multi_accept on; #设置一个进程是否同时接受多个网络连接,默认为off
#use epoll; #事件驱动模型,select|poll|kqueue|epoll|resig|/dev/poll|eventport
worker_connections 1024; #最大连接数,默认为512
}
http {
include mime.types; #文件扩展名与文件类型映射表
default_type application/octet-stream; #默认文件类型,默认为text/plain
#access_log off; #取消服务日志
log_format myFormat '$remote_addr–$remote_user [$time_local] $request $status $body_bytes_sent $http_referer $http_user_agent $http_x_forwarded_for'; #自定义格式
access_log log/access.log myFormat; #combined为日志格式的默认值
sendfile on; #允许sendfile方式传输文件,默认为off,可以在http块,server块,location块。
sendfile_max_chunk 100k; #每个进程每次调用传输数量不能大于设定的值,默认为0,即不设上限。
keepalive_timeout 65; #连接超时时间,默认为75s,可以在http,server,location块。
upstream mysvr {
server 127.0.0.1:7878;
server 192.168.10.121:3333 backup; #热备
}
error_page 404 https://www.baidu.com; #错误页
server {
keepalive_requests 120; #单连接请求上限次数。
listen 4545; #监听端口
server_name 127.0.0.1; #监听地址
location ~*^.+$ { #请求的url过滤,正则匹配,~为区分大小写,~*为不区分大小写。
#root path; #根目录
#index vv.txt; #设置默认页
proxy_pass http://mysvr; #请求转向mysvr 定义的服务器列表
deny 127.0.0.1; #拒绝的ip
allow 172.18.5.54; #允许的ip
}
}
}
相关文章
- okhttp、okhttp3使用post方式发送form-data数据
- JAVA字符串逗号分隔并对每个字符串添加引号
- [Docker系列] Install BaoTa with Docker
- [信创系列]银河麒麟安装nodejs18和npm2,并启动对应工程
- EasyExcel导出Excel并合并单元格
- Python3安装pip及pip安装whl包
- [Ubuntu系列]Ubuntu 安装 Harbor
- [Ubuntu系列]Ubuntu 安装 docker 及修改 docker 存储位置
- [Centos系列]CentOS 修改 DNS
- [Centos系列]source /etc/profile 无法永久生效问题
发表评论
评论列表
- 这篇文章还没有收到评论,赶紧来抢沙发吧~