在网上找了比较多的安装nginx案例,觉得都很麻烦,现在分享一个直接用yum安装的案例:
1、添加源
默认情况Centos7中无Nginx的源,最近发现Nginx官网提供了Centos的源地址。因此可以如下执行命令添加源:
rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
2、安装Nginx
通过yum search nginx看看是否已经添加源成功。如果成功则执行下列命令安装Nginx。
yum install -y nginx
3、启动Nginx并设置开机自动运行
systemctl start nginx.service
systemctl enable nginx.service
4、查看Nginx安装位置
whereis nginx
nginx: /usr/sbin/nginx /usr/lib64/nginx /etc/nginx /usr/share/nginx /usr/share/man/man8/nginx.8.gz
5、配置Nginx
cd /etc/nginx
vim /etc/nginx/nginx.conf
#====================配置如下===============================
#定义nginx运行的用户和用户组
user nginx;
#nginx进程数,建议设置为CPU总核心数
worker_processes 1;
#全局错误日志定义类型,[ debug | info | notice | warn | error | crit ]
error_log /var/log/nginx/error.log warn;
#进程文件
pid /var/run/nginx.pid;
#工作模式与连接数上限
events {
#单个进程最大连接数(最大连接数=连接数*进程数)
worker_connections 1024;
}
http {
include /etc/nginx/mime.types; #文件扩展名与文件类型映射表
default_type application/octet-stream; #默认文件类型
#默认日志格式
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#配置日志格式,可以通过脚本统计PV/UV/独立IP访问量等
log_format main 'WebAcessLogInformation dateTime="[$time_local]" '
'xForwardedFor="$http_x_forwarded_for" sourceAddress=$remote_addr sourcePort="$remote_port" '
'dstAddress=$server_addr dstHostName="$server_name" dstPort="$server_port" '
'userAgent="$http_user_agent" bytesOutInfo=$bytes_sent sourceUserName="$remote_user" '
'responseCode=$status httpRerfer="$http_referer" logSessionNum="-" '
'responseTimems=$request_time responseTimes=- requestRInfo="$request" ';
#access_log /var/log/nginx/access.log main;
# 关闭nginx访问日志
access_log /var/log/nginx/null;
sendfile on;#开启高效文件传输模式
#tcp_nopush on;#防止网络阻塞
keepalive_timeout 65;#长连接超时时间,单位是秒
#gzip on; #开启gzip压缩输出
types_hash_max_size 2048;
client_max_body_size 100m; #限制最大上传文件为100M 全局变量
include /etc/nginx/conf.d/*.conf;
#--------------------------------------------目标服务器----------------------------------------------------
#企业端-前端
upstream pc-web {
server 127.0.0.1:8080;
}
#boss管理后台-前端
upstream admin-web {
server 127.0.0.1:8800;
}
#微信等分享-前端
upstream share-web {
server 127.0.0.1:8088;
}
#用于用户端接口
upstream api-portals{
# server 127.0.0.1:9110 weight=2;
# server 127.0.0.1:9110 weight=1;
server 127.0.0.1:9110;
}
# 用于管理后台 接口
upstream admin-portals{
server 127.0.0.1:9220;
}
# 强制使用https
server {
listen 80;
server_name www.xxxxx.com xxxxx.com;
if ($host != "www.xxxxx.com") {
rewrite ^/(.*)$ https://www.xxxxx.com/$1 permanent;
}
# return 301 https://$server_name$request_uri;
if ($host = "www.xxxxx.com") {
rewrite ^/(.*)$ https://www.xxxxx.com permanent;
}
}
# 企业端
server {
listen 80;
server_name xx.xxxxx.com;
server_tokens off; #隐藏nginx版本号,增加攻击难度
# 访问地址 http:// xx.xxxxx.com/share/index.html
location /share {
alias /usr/share/nginx/fenxiang;
index index.html;
}
# 访问地址 http:// dev.xxxxx.com
location / {
root /usr/share/nginx/enterprise;
index index.html index.htm;
}
}
# 管理后台
server {
listen 80;
server_name xxx.xxxxx.com;
root /usr/share/nginx/admini;
index index.html index.htm;
server_tokens off; #隐藏nginx版本号,增加攻击难度
}
# 分享
server {
listen 80;
server_name xx.xxxxx.com;
root /usr/share/nginx/fenxiang;
index index.html index.htm;
server_tokens off; #隐藏nginx版本号,增加攻击难度
}
#测试环境-接口
server {
listen 80;
server_name xx.xxxxx.com;
root html;
index index.html index.htm;
server_tokens off; #隐藏nginx版本号,增加攻击难度
location /admin/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://admin-portals/;
}
location /api/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://api-portals/;
}
}
}
以上是在做测试用的,nginx做为前端服务器,和反向代理及负载均衡。
如果想全部用https链接,可把监听的80端口改成如下:
#不带www的域名加301跳转到www域名
server
{
listen 80;
server_name xxxx.com;
rewrite ^/(.*) https://www.xxxx.com/$1 permanent;
}
# 强制使用https return 301 307
server {
listen 80;
server_name www.xxxx.com;
return 301 https://$server_name$request_uri;
}
#-----------------------------TLS----------------------------------
server {
listen 443 ssl;
server_name www.xxxx.com;
root enterprise;
index index.html index.htm;
ssl_certificate /etc/nginx/cert/2654222_www.xxxx.com.pem;
ssl_certificate_key /etc/nginx/cert/2654222_www.xxxx.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://www-web/;
}
location /enterprise/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://pc-web/enterprise/; #企业后台地址
}
location /share/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://pc-web/share/; #分享链接地址
}
}