CentOS安装Nginx及其使用攻略

Linux中nginx的安装

首先是系统环境:CentOS7,Nginx版本:1.62(如需其他版本自行到官网下载)

我安装参考的是菜鸟教程的安装方式,附链接:Nginx安装配置

下面是安装教程:

Nginx 安装

一、安装编译工具及库文件

1
yum -y install make zlib zlib-devel gcc-c++ libtool  openssl openssl-devel

二、首先要安装 PCRE

PCRE 作用是让 Nginx 支持 Rewrite 功能。

  1. 下载 PCRE 安装包,下载地址: http://downloads.sourceforge.net/project/pcre/pcre/8.35/pcre-8.35.tar.gz
    1
    2
    [root@bogon src]# cd /usr/local/src/
    [root@bogon src]# wget http://downloads.sourceforge.net/project/pcre/pcre/8.35/pcre-8.35.tar.gz
    image-1647245456603
  2. 解压安装包:
    1
    [root@bogon src]# tar zxvf pcre-8.35.tar.gz
  3. 进入安装包目录
    1
    [root@bogon src]# cd pcre-8.35
  4. 编译安装 
    1
    2
    [root@bogon pcre-8.35]# ./configure
    [root@bogon pcre-8.35]# make && make install
  5. 查看pcre版本
    1
    [root@bogon pcre-8.35]# pcre-config --version
    image-1647245517484

    安装 Nginx

  6. 下载 Nginx,下载地址:https://nginx.org/en/download.html
    1
    2
    [root@bogon src]# cd /usr/local/src/
    [root@bogon src]# wget http://nginx.org/download/nginx-1.6.2.tar.gz
    image-1647245537740
  7. 解压安装包
    1
    [root@bogon src]# tar zxvf nginx-1.6.2.tar.gz
  8. 进入安装包目录
    1
    [root@bogon src]# cd nginx-1.6.2
  9. 编译安装
    1
    2
    3
    [root@bogon nginx-1.6.2]# ./configure --prefix=/usr/local/webserver/nginx --with-http_stub_status_module --with-http_ssl_module --with-pcre=/usr/local/src/pcre-8.35
    [root@bogon nginx-1.6.2]# make
    [root@bogon nginx-1.6.2]# make install
  10. 查看nginx版本
    1
    [root@bogon nginx-1.6.2]# /usr/local/webserver/nginx/sbin/nginx -v
    image-1647245608098
    到此,nginx安装完成。

Nginx 配置

  1. 创建 Nginx 运行使用的用户 www:
    1
    2
    [root@bogon conf]# /usr/sbin/groupadd www 
    [root@bogon conf]# /usr/sbin/useradd -g www www
  2. 配置nginx.conf ,将/usr/local/webserver/nginx/conf/nginx.conf替换为以下内容
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63
    64
    65
    66
    67
    68
    69
    70
    71
    72
    73
    74
    75
    76
    [root@bogon conf]#  cat /usr/local/webserver/nginx/conf/nginx.conf

    user www www;
    worker_processes 2; #设置值和CPU核心数一致
    error_log /usr/local/webserver/nginx/logs/nginx_error.log crit; #日志位置和日志级别
    pid /usr/local/webserver/nginx/nginx.pid;
    #Specifies the value for maximum file descriptors that can be opened by this process.
    worker_rlimit_nofile 65535;
    events
    {
      use epoll;
      worker_connections 65535;
    }
    http
    {
      include mime.types;
      default_type application/octet-stream;
      log_format main  '$remote_addr - $remote_user [$time_local] "$request" '
                   '$status $body_bytes_sent "$http_referer" '
                   '"$http_user_agent" $http_x_forwarded_for';
      
    #charset gb2312;
         
      server_names_hash_bucket_size 128;
      client_header_buffer_size 32k;
      large_client_header_buffers 4 32k;
      client_max_body_size 8m;
         
      sendfile on;
      tcp_nopush on;
      keepalive_timeout 60;
      tcp_nodelay on;
      fastcgi_connect_timeout 300;
      fastcgi_send_timeout 300;
      fastcgi_read_timeout 300;
      fastcgi_buffer_size 64k;
      fastcgi_buffers 4 64k;
      fastcgi_busy_buffers_size 128k;
      fastcgi_temp_file_write_size 128k;
      gzip on; 
      gzip_min_length 1k;
      gzip_buffers 4 16k;
      gzip_http_version 1.0;
      gzip_comp_level 2;
      gzip_types text/plain application/x-javascript text/css application/xml;
      gzip_vary on;
     
      #limit_zone crawler $binary_remote_addr 10m;
     #下面是server虚拟主机的配置
     server
      {
        listen 80;#监听端口
        server_name localhost;#域名
        index index.html index.htm index.php;
        root /usr/local/webserver/nginx/html;#站点目录
          location ~ .*\.(php|php5)?$
        {
          #fastcgi_pass unix:/tmp/php-cgi.sock;
          fastcgi_pass 127.0.0.1:9000;
          fastcgi_index index.php;
          include fastcgi.conf;
        }
        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|ico)$
        {
          expires 30d;
      # access_log off;
        }
        location ~ .*\.(js|css)?$
        {
          expires 15d;
       # access_log off;
        }
        access_log off;
      }

    }
  3. 检查配置文件nginx.conf的正确性命令:
    1
    [root@bogon conf]# /usr/local/webserver/nginx/sbin/nginx -t
    image-1647245666324

启动 Nginx

  1. Nginx 启动命令如下:
    1
    [root@bogon conf]# /usr/local/webserver/nginx/sbin/nginx
    image-1647245699680

访问站点

  1. 从浏览器访问我们配置的站点ip:
    image-1647245716561

Linux中Nginx常用命令

1
2
3
4
5
6
7
8
9
10
11
查询Nginx端口号
ps -ef|grep nginx
从容停止nginx
kill - QUIT nginx 主进程号
停止Nginx的所有进程
pkill -9 nginx

/usr/local/webserver/nginx/sbin/nginx -s reload # 重新载入配置文件
/usr/local/webserver/nginx/sbin/nginx -s reopen # 重启 Nginx
/usr/local/webserver/nginx/sbin/nginx -s stop # 停止 Nginx
/usr/local/webserver/nginx/sbin/nginx #启动Nginx

Linux中nginx配置多个访问渠道

实用场景:两个Tomcat,通过域名Https访问

配置server针对性进行修改即可,下面代码中已有注释,不理解可以评论留言,看到会及时回复的

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
 server {
        listen       443  ssl; #这个地方监听443  ssl不写可能会报错
        server_name  xxx.com; #这里填写自己的域名信息  
	ssl_certificate /usr/local/webserver/nginx/xxx.com.pem;  # 指定证书的位置,绝对路径
        ssl_certificate_key /usr/local/webserver/nginx/xxx.com.key;  # 绝对路径,同上

	ssl_session_timeout 5m;
    	ssl_session_cache shared:SSL:10m;
   	ssl_protocols TLSv1 TLSv1.1 TLSv1.2 SSLv2 SSLv3;
   	ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    	ssl_prefer_server_ciphers on;
    	ssl_verify_client off;
       # ssl_session_timeout 5m;
       # ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置
       # ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
       # ssl_prefer_server_ciphers on;

	location /wss {
		proxy_redirect off;
        	proxy_pass http://127.0.0.1:8888; 
        	proxy_set_header Host $host;
        	proxy_set_header X-Real_IP $remote_addr;
        	proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
        	proxy_http_version 1.1;
        	proxy_set_header Upgrade $http_upgrade;
        	proxy_set_header Connection upgrade;
		proxy_read_timeout 60000s; 
        }
#下面的配置大同小异,基本就是制定项目的访问路径,照猫画虎即可。
	location /mblog{
		proxy_set_header Host $host;
		proxy_pass http://127.0.0.1/mblog/;  
		client_max_body_size 200m;  
		proxy_set_header X-Forwarded-Proto  $scheme;  
            #root   html; #站点目录,绝对路径
           #	        index  index.html index.htm;
        	}
	location /ry {
		proxy_set_header Host $host;
		proxy_pass http://127.0.0.1/ry;  
		client_max_body_size 200m;  
		proxy_set_header X-Forwarded-Proto  $scheme;  
            #root   html; #站点目录,绝对路径
           #	        index  index.html index.htm;
        }


	location /jeesite{
		proxy_set_header Host $host;
		proxy_pass http://127.0.0.1:8080/jeesite/;    
		client_max_body_size 200m;
		proxy_set_header X-Forwarded-Proto  $scheme; 
		proxy_redirect http:// $scheme://;  
	}

        #charset koi8-r;

        #access_log  logs/host.access.log  main;
	

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }

Nginx配置多域名在同一服务器

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
server {
        listen       80;
        server_name  xxx.xx xxx1.xx;
		charset utf-8;
		if ($host = 'xxx.xx')
		{
			rewrite ^/(.*) https://xxx.xx/$1 permanent;
		}
		if ($host = 'xxx1.xx')
		{
			rewrite ^/(.*) https://xxx1.xx/$1 permanent;
		}
			return 301 https://$host$request_uri;

        location / {
            root   html;
            index  index.html index.htm;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

    }
    server {
        listen       443  ssl;
        server_name  xxx1.xx;
		ssl_certificate xxx;  # 指定证书的位置,绝对路径
        ssl_certificate_key xxx;  # 绝对路径,同上

	ssl_session_timeout 5m;
    	ssl_session_cache shared:SSL:10m;
   	ssl_protocols TLSv1 TLSv1.1 TLSv1.2 SSLv2 SSLv3;
   	ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    	ssl_prefer_server_ciphers on;
    	ssl_verify_client off;
       # ssl_session_timeout 5m;
       # ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置
       # ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
       # ssl_prefer_server_ciphers on;
	location / {
			#gzip_static on; # 静态压缩
			add_header Cache-Control public,max-age=60,s-maxage=60; # 配置缓存
            proxy_pass http://127.0.0.1:xxxx/;
			proxy_set_header HOST $host;
			client_max_body_size 200m;
			proxy_set_header X-Forwarded-Proto $scheme;
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

	location /upload/ {
	  access_log off;
	  # 域名白名单,去掉则阻止所有非本站请求
	  valid_referers none blocked server_names *.bbchin.com 127.0.0.1 localhost ~\.google\. ~\.baidu\. ~\.qq\.;
	  if ($invalid_referer) {
		rewrite ^/ https://cdn.jsdelivr.net/gh/qinhua/cdn_assets/img/robber.jpg;
	  }
	  proxy_pass http://127.0.0.1:xxxx;
	}
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

    }
	
	server {
		listen       443  ssl;
		server_name  xxx.xx;
		ssl_certificate xxx;  # 指定证书的位置,绝对路径
		ssl_certificate_key xxx;  # 绝对路径,同上

		ssl_session_timeout 5m;
			ssl_session_cache shared:SSL:10m;
		ssl_protocols TLSv1 TLSv1.1 TLSv1.2 SSLv2 SSLv3;
		ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
			ssl_prefer_server_ciphers on;
			ssl_verify_client off;
		   # ssl_session_timeout 5m;
		   # ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置
		   # ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
		   # ssl_prefer_server_ciphers on;
		location / {
				#gzip_static on; # 静态压缩
				add_header Cache-Control public,max-age=60,s-maxage=60; # 配置缓存
				proxy_pass http://127.0.0.1:xxxx/;
				proxy_set_header HOST $host;
				client_max_body_size 200m;
				proxy_set_header X-Forwarded-Proto $scheme;
				proxy_set_header X-Real-IP $remote_addr;
				proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		}
		location /upload/ {
		  access_log off;
		  # 域名白名单,去掉则阻止所有非本站请求
		  valid_referers none blocked server_names *.bbchin.com 127.0.0.1 localhost ~\.google\. ~\.baidu\. ~\.qq\.;
		  if ($invalid_referer) {
			rewrite ^/ https://cdn.jsdelivr.net/gh/qinhua/cdn_assets/img/robber.jpg;
		  }
		  proxy_pass http://127.0.0.1:xxxx;
		}
    }

Nginx中Https不跳转Http解决方法

在代理中配置如下指令

1
proxy_redirect http:// $scheme://;

以上指令会将后端响应header location内容中的http:替换成用户端协议https:。 NGINX访问https跳转到http的解决了~