nginx1.21.3 的安装并添加开机启动
目录
1.上传软件到 /usr/local/src/
2.解压nginx
3.预编译
4.编译
5.添加系统变量 在文件 /etc/profile
在最后一行添加 export PATH=$PATH:/usr/local/nginx/sbin
6.测试浏览器打开ip
7.如不能访问,添加防火墙
1.上传软件到 /usr/local/src/
cd /usr/local/src/
2.解压nginx 安装装依赖
yum -y install gcc gcc-c++ autoconf automake make pcre-devel zlib-devel openssl openssl-devel
tar xvf nginx-1.21.3.tar.gz
3.预编译
cd nginx-1.21.3
./configure --prefix=/usr/local/nginx 
也可以根据自己需求安装
./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_v2_module --with-http_stub_status_module --with-pcre --with-http_gzip_static_module
解释
--with-http_gzip_static_module :支持压缩
--with-http_stub_status_module :支持nginx状态查询
--with-http_ssl_module :支持https
--with-http_spdy_module :支持google的spdy,想了解请百度spdy,这个必须有ssl的支持
--with-pcre :为了支持rewrite重写功能,必须制定pcre
4.编译
make && make install 
5.添加系统变量 在文件 /etc/profile
在最后一行添加 export PATH=$PATH:/usr/local/nginx/sbin
6.测试浏览器打开ip
/usr/local/nginx/sbin/nginx
浏览器打开输入对应的ip
注意:如果浏览器出不来,有可能是防火墙
如过防火墙开的
7.如不能访问,添加防火墙
firewall-cmd --permanent --zone=public --add-port=80/tcp ##添加80端口到白名单 执行
firewall-cmd --reload ##重启防火墙
firewall-cmd --zone=public --list-ports ##查看已开放的端口再次访问就好了
添加配置
client_max_body_size 100M;
client_body_buffer_size 100M;
server_tokens off; #关闭版本显示
添加配置 autoindex on;
可以访问目录结构
添加软连 ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/
生成服务启动脚本
vim /etc/init.d/nginx
#!/bin/bash
# chkconfig: - 99 2
# description: Nginx Service Control Script
PROG="/usr/local/nginx/sbin/nginx"
PIDF="/usr/local/nginx/logs/nginx.pid"
case "$1" in
start)
$PROG
;;
stop)
kill -3 $(cat $PIDF)
;;
restart)
$0 stop &> /dev/null
if [ $? -ne 0 ] ; then continue ; fi
$0 start
;;
reload)
kill -1 $(cat $PIDF)
;;
*)
echo "Userage: $0 { start | stop | restart | reload }"
exit 1
esac
exit 0配置服务开机自动启动
[root@localhost ~]# chmod +x /etc/init.d/nginx
[root@localhost ~]# chkconfig --add nginx
[root@localhost ~]# chkconfig nginx on
[root@localhost ~]# chkconfig --list
nginx配置ip限制 只允许特定ip访问
server {
listen 80;
server_name localhost;
location / {
allow 192.168.11.15;#允许访问
deny all;#别的都不能访问
root /www/page;
index index.html index.htm;
}
}
配置转发
server {
listen 443 ssl;
server_name XXX.XXX.com;
ssl_certificate cert/XXX.XXX.com.pem;
ssl_certificate_key cert/XXX.XXX.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location /api {
rewrite ^/api(.*)$ $1 break; #加上这个,就把api过滤了,原来的接口不变
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://127.0.0.1:8080;
}
location / {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://127.0.0.1/api/;
}
}------------------
nginx 常用配置
rewrite ^(.*)$ https://$host$1 permanent;
rewrite ^/api(.*)$ $1 break;
server {
listen 443 ;
server_name xxx.xxx.com;
ssl_certificate cert/xxx.xxx.com.pem;
ssl_certificate_key cert/xxx.xxx.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location /api { #带api的重写
rewrite ^/api(.*)$ $1 break;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://127.0.0.1:7888/api;
}
location / {
root /www/www/page;
index index.html index.htm;
}
}跨域问题添加:
server {
listen 8878;
server_name localhost;
location / {
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
root /www/www;
index index.html index.htm;
}
}