nginx是一个高性能的网页服务器,它能反向代理HTTP, HTTPS, SMTP, POP3, IMAP的协议链接,以及一个负载均衡器和一个HTTP缓存。这里简单介绍在Centos7上部署nginx
使用root执行如下命令,将会成功安装nginx,并设置为开机启动:
yum install epel-release
yum install nginx
systemctl start nginx
systemctl enable nginx
我们可以通过如下命令验证nginx已经成功运行:
systemctl status nginx
nginx的默认配置(/etc/nginx/nginx.conf)已经将nginx配置为静态文件web服务器,需要注意的参数包括(都位于http -> server下):
- 端口配置:listen
- 静态文件存放地点:root
配置反向代理的需求:
- 客户端和nginx之间通过http/https连接
- nginx和web服务器端之间通过http连接
- web服务器和ngxin安装在同一台机器上,并且监听3000端口
配置过程:
1. 证书:准备私钥文件private-key.pem,自签名的证书文件self-cert.pem,并复制到/etc/nginx目录下,具体参考Generating a Self‑Signed Certificate
2. 修改nginx配置文件(/etc/nginx/nginx.conf),注释掉http下面所有的server块(server block directive)
3. 添加nginx配置文件/etc/nginx/conf.d/local-3000.conf,具体参考nginx反向代理配置文件-2nginx反向代理配置文件
4. 生效新的配置文件:
nginx -s reload
验证nginx安装geoip
nginx -V
看输出中是否包含“with-http_geoip_module”。如果没有包含,则需要重新安装nginx
下载地域识别数据库
mkdir /etc/nginx/geoip
cd /etc/nginx/geoip
wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
gunzip GeoIP.dat.gz
wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
gunzip GeoLiteCity.dat.gz
修改nginx配置文件/etc/nginx/nginx.conf,在http块中添加如下配置:
geoip_country /etc/nginx/geoip/GeoIP.dat; # the country IP database
geoip_city /etc/nginx/geoip/GeoLiteCity.dat; # the city IP database
在配置文件的其它地方(例如log_format),可以使用如下变量:
$geoip_country_code - two-letter country code, for example, RU, US.
$geoip_country_code3 - three-letter country code, for example, RUS, USA.
$geoip_country_name - the (verbose) name of the country, for example, Russian Federation, United States, etc.
$geoip_city_country_code - two-letter country code, for example, RU, US.
$geoip_city_country_code3 - three-letter country code, for example, RUS, USA.
$geoip_city_country_name - the name of the country, for example, Russian Federation, United States - if available.
$geoip_region - the name of region (province, region, state, province, federal land, and the like), for example, Moscow City, DC - if available.
$geoip_city - the name of the city, for example, Moscow, Washington, Lisbon, etc. - if available.
$geoip_postal_code - zip code or postal code - if available.
$geoip_city_continent_code - if available.
$geoip_latitude - latitude - if available.
$geoip_longitude - longitude - if available.
配置完成后,记得执行如下命令生效配置:
bash
nginx -s reload
问题描述:nginx作为反向代理时,不能连接到服务器,报错类似:
2017/03/31 14:52:15 [crit] 14406#0: *44 connect() to 172.16.3.171:3000 failed (13: Permission denied) while connecting to upstream, client: 172.16.0.234, server: _, request: “GET / HTTP/1.1”, upstream: “http://172.16.3.171:3000/“, host: “172.16.0.234”
问题原因:SELinux禁止nginx访问Server
问题解决:修改配置文件/etc/selinux/config,将SELINUX设置为disabled,重新启动机器
问题描述:nginx是高性能服务器,有可能需要使用大量的文件句柄
问题解决:修改配置文件/etc/systemd/system/multi-user.target.wants/nginx.service,在Service节中添加: LimitNOFILE=655350
如下命令使得配置生效:
systemctl daemon-reload
systemctl restart nginx