Nginx常用命令

一、常用命令

停止服务：nginx -s stop
         nginx -s quit
nginx停止命令stop与quit参数的区别在于stop是快速停止nginx，可能并不保存相关信息，quit是完整有序的停止nginx  ，并保存相关信息。
nginx启动与停止命令的效果都可以通过Windows任务管理器中的进程选项卡观察。
重启服务：nginx -s reload

Windows 操作

启动
直接点击Nginx目录下的nginx.exe    或者    cmd运行start nginx
查看nginx是否启动
     1）命令方式   tasklist /fi "imagename eq nginx.exe"

动静分离要点，必须把访问服务器的端口写成nginx监听的端口，这样才能避免跨域

配置参数说明：
nigix做反向代理

注意  :$proxy_port  与 :$server_port 区别

$server_port ：nigix监听的端口

$proxy_port ： 服务器真正访问的端口

一般情况都用这个host

proxy_set_header   Host             $host;

获取到用户真实IP配置

proxy_set_header   X-Real-IP        $remote_addr;
proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;

二、平常http请求配置
一、前后端分离普通配置

    listen       8203;

    location / {
        root   /usr/www/validation-demo/h5-1-advance;
        index  index.html;
        try_files $uri $uri/ /index.html;
        if ($request_filename ~* .*\.(?:htm|html)$){
            add_header Cache-Control "private, no-store, no-cache, must-revalidate, proxy-revalidate";
        }
    }

     location /api/ {
        proxy_pass   http://192.168.8.10:5001/;
    }

}
增加了HTTPS的前后端分离配置
server {
    listen 443;
    server_name www.huzhihui.com;
    ssl on;
    ssl_certificate   /etc/nginx/cert/5673168_www.huzhihui.com.pem;
    ssl_certificate_key  /etc/nginx/cert/5673168_www.huzhihui.com.key;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    location / {
      root   /alidata/view/eip-home;
      index  index.html;
      try_files $uri $uri/ /index.html;
      if ($request_filename ~* .*\.(?:htm|html)$){
        add_header Cache-Control "private, no-store, no-cache, must-revalidate, proxy-revalidate";
      }
      expires 7d;
    }
    location /api/ {
      proxy_pass  http://127.0.0.1:56000/;
    }
  }
  server{
    listen 80;
    server_name www.huzhihui.com;
    rewrite  ^/(.*)$ https://www.huzhihui.com/$1 permanent;
  }
老项目强制HTTPS POST出现问题的解决方案
server{
    listen 80;
    server_name wx.huzhihui.cn;
    add_header Strict-Transport-Security max-age=15768000;
    location / {
      if ($request_method ~ ^(POST|DELETE|OPTIONS)$) {
        proxy_pass https://wx.huzhihui.cn;
          break ;
      }
      rewrite ^/(.*)$   https://wx.huzhihui.cn/$1 permanent;
    }
  }

二、普通前后端一起的工程网站部署

server{
    listen 80;
    server_name www.huzhihui.com;
    location /{
        proxy_redirect default;
        proxy_pass http://127.0.0.1:8093;
        proxy_set_header Host $host;
        proxy_set_header Referer $http_referer；
        proxy_set_header X-Real-Ip $remote_addr;
        proxy_set_header  X-Forwarded-For  $proxy_add_x_forwarded_for;
    }

}
# 动静分离+负载均衡配置
upstream web_servers {  
    server localhost:8080;  
    server localhost:8081;  
}  

server {
    listen       80;
    server_name  www.huzhihui.com;

    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header REMOTE-HOST $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://web_servers;
    }

    location ~.*\.(js|css)$ {
        root    /opt/static-resources;
        expires     12h;
    }

    location ~.*\.(html|jpg|jpeg|png|bmp|gif|ico|mp3|mid|wma|mp4|swf|flv|rar|zip|txt|doc|ppt|xls|pdf)$ {
        root    /opt/static-resources;
        expires     7d;
    }

    error_page  404              /404.html;

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

}

三、通用https配置

server {
    listen 443;
    server_name www.huzhihui.com;
    ssl on;
    ssl_certificate   cert-tues/214069203020278.pem;
    ssl_certificate_key  cert-tues/214069203020278.key;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    location / {
        proxy_pass http://127.0.0.1:9002/;
        proxy_redirect default;
        proxy_http_version 1.1;
        proxy_set_header   Host             $host;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
    }
}
server{
    listen 80;
    server_name www.huzhihui.com;
    rewrite  ^/(.*)$ https://server.ourtues.com/$1 permanent;
}

三、平常TCP请求配置

    upstream backend {
        hash $remote_addr consistent;
        server 127.0.0.1:7100 max_fails=3 fail_timeout=10s;
        server 127.0.0.1:7102 max_fails=3 fail_timeout=10s;
    }

    server {
        listen 8000;
        proxy_connect_timeout 2s;
        proxy_timeout 5m;
        proxy_pass backend;
    }

}

Nginx基于连接探测，如果发现后端异常，在单位周期为fail_timeout设置的时间，中达到max_fails次数，
这个周期次数内，如果后端同一个节点不可用，那么接将把节点标记为不可用，并等待下一个周期（同样时常为fail_timeout）再一次去请求，判断是否连接是否成功。
如果成功，将恢复之前的轮询方式，如果不可用将在下一个周期(fail_timeout)再试一次。

默认：fail_timeout为10s,max_fails为1次

特别注意TCP模块的反向代理配置在 stream模块的