Centos6.9 安装Nginx


安装Nginx1.12

将nginx-1.12.0.tar 和nginx.init 拷贝到/soft下

  1. 安装ssl
    yum -y install zlib zlib-devel openssl openssl-devel pcre pcre-devel

  2. 创建用户
    useradd nginx -s /sbin/nologin -M
    编译并安装ssl模块
    tar -xvf nginx-1.12.0.tar
    cd nginx-1.12.0
    ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module
    make && make install

  3. 软连接执行文件和配置文件
    ln -s /usr/local/nginx/sbin/nginx /usr/sbin/
    ln -s /usr/local/nginx/conf /etc/nginx

  4. 制作自启动
    mv nginx.init /etc/init.d/nginx
    chmod +x /etc/init.d/nginx
    chkconfig --add nginx
    chkconfig nginx on

  5. 创建服务器私钥
    cd /etc/nginx
    输入一个口令
    openssl genrsa -des3 -out server.key 1024
    将口令制作成签名证书
    openssl req -new -key server.key -out server.csr
    制作解密后的私钥
    openssl rsa -in server.key -out server_nopwd.key
    openssl x509 -req -days 365 -in server.csr -signkey server_nopwd.key -out server.crt

  6. 修改配置文件
    mkdir /etc/nginx/conf.d
    mkdir /var/log/nginx
    vi /etc/nginx/nginx.conf

# 指定服务器运行账户  
user  nginx;
# 开启进程数  
worker_processes  1;
#全局错误日志定义类型
error_log  /var/log/nginx/error.log warn;
#进程号保存文件  
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       /usr/local/nginx/conf/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;
    sendfile        on;
    #tcp_nopush     on;
    keepalive_timeout  65;
    charset utf-8; 
    #gzip  on;
    include /usr/local/nginx/conf/conf.d/*.conf;
}

制作反向代理
vi /etc/nginx/conf.d/www.test.com.conf

server {
    listen       80;
    server_name  www.test.com;
    
    location / {
            root   html;
            index  index.html index.htm;

            proxy_redirect off;
            #这里指向你要代理的地址
            proxy_pass http://127.0.0.1:8012; 
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $host;
            #后端的Web服务器可以通过X-Forwarded-For获取用户真实IP
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_connect_timeout 90;
            proxy_send_timeout 90;
            proxy_read_timeout 90;

            client_max_body_size    1024m;
            client_body_buffer_size 128k;

            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }

        location ~ /.ht {
                deny all;
        }
}

制作SSL监听
vi /etc/nginx/conf.d/www.testssl.com.conf

server {
       listen 443;
       listen 80;#用户习惯用http访问,加上80,后面通过497状态码让它自动跳到443端口    
       server_name  www.testssl.com;

       ssl on;
       ssl_certificate /usr/local/nginx/conf/server.crt;
       ssl_certificate_key /usr/local/nginx/conf/server_nopwd.key;

       location / {
            #try_files $uri $uri/ /index.php$is_args$args;
            index  index.php index.html index.htm;
        }

        #让http请求重定向到https请求     
        error_page 497  https://$host$uri?$args;   
}

你可能感兴趣的:(Centos6.9 安装Nginx)