linux安装nginx

1、安装依赖包

yum -y install gcc pcre-devel zlib-devel openssl openssl-devel

2、wget -c https://nginx.org/download/nginx-1.16.1.tar.gz

3、tar -zxvf nginx-1.16.1.tar.gz

4、cd nginx-1.16.1

5、配置 ./configure --prefix=/usr/nginx --with-http_ssl_module

6、编译 

make

make install

7、./sbin/nginx -t  测试安装ok是否

8、cd sbin

./nginx   启动nginx

9、curl http://ip   回车  测试nginx启动与否

nginx配置ssl证书

1、/usr/nginx/sbin/nginx -V 查看是否支持ssl

如果出现 configure arguments: --with-http_ssl_module, 则已安装（下面的步骤可以跳过，进入 nginx.conf 配置）。

2、cd nginx  

mkdir cert

将ssl证书文件放在cert文件夹下

3、http{

    #http节点中可以添加多个server节点

    server{

        #监听443端口

        listen 443;

        #对应的域名，把baofeidyz.com改成你们自己的域名就可以了

        server_name baofeidyz.com;

        ssl on;

        #从腾讯云获取到的第一个文件的全路径

        ssl_certificate /etc/ssl/1_baofeidyz.com_bundle.crt;

        #从腾讯云获取到的第二个文件的全路径

        ssl_certificate_key /etc/ssl/2_baofeidyz.com.key;

        ssl_session_timeout 5m;

        ssl_protocols TLSv1 TLSv1.1TLSv1.2;

        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;

        ssl_prefer_server_ciphers on;

        #这是我的主页访问地址，因为使用的是静态的html网页，所以直接使用location就可以完成了。

        location / {

                #文件夹

                root /usr/local/service/ROOT;

                #主页文件

                index index.html;

        }

    }

    server{

        listen 80;

        server_name baofeidyz.com;

        rewrite ^/(.*)$ https://baofeidyz.com:443/$1 permanent;    }

}

4、重启nginx

【注】

nginx+lua实现oss private nginx转发

方法如下：

①安装nginx+lua

https://blog.csdn.net/qq_31725371/article/details/85226116

②配置nginx和lua脚本

https://developer.aliyun.com/article/8532

oss_auth.lua

-- has been sorted in alphabetical order

local signed_subresources = {

  'acl',

  'append',

  'bucketInfo',

  'cname',

  'commitTransition',

  'comp',

  'cors',

  'delete',

  'lifecycle',

  'location',

  'logging',

  'mime',

  'notification',

  'objectInfo',

  'objectMeta',

  'partData',

  'partInfo',

  'partNumber',

  'policy',

  'position',

  'referer',

  'replication',

  'replicationLocation',

  'replicationProgress',

  'requestPayment',

  'response-cache-control',

  'response-content-disposition',

  'response-content-encoding',

  'response-content-language',

  'response-content-type',

  'response-expires',

  'restore',

  'security-token',

  'tagging',

  'torrent',

  'uploadId',

  'uploads',

  'versionId',

  'versioning',

  'versions',

  'website'

}

function string.startswith(s, start)

  return string.sub(s, 1, string.len(start)) == start

end

local function get_canon_sub_resource()

  local args = ngx.req.get_uri_args()

  -- lower keys

  local keys = {}

  for k, v in pairs(args) do

      keys[k:lower()] = v

  end

  -- make resource string

  local s = ''

  local sep = '?'

  for i, k in ipairs(signed_subresources) do

      v = keys[k]

      if v then

        -- sub table

        v = type(v) == 'table' and v[1] or v

        s = s .. string.format("%s%s=%s", sep, k, v)

        sep = '&'

      end

  end

  return s

end

local function get_canon_resource()

  resource = ''

  object = ngx.unescape_uri(ngx.var.uri)

  sub = get_canon_sub_resource() 

  return string.format("/%s%s%s", ngx.var.oss_bucket, object, sub)

end 

local function get_canon_headers()

  -- default:

  local headers = ngx.req.get_headers()

  local keys = {}

  for k, v in pairs(headers) do

      if string.startswith(k, 'x-oss-') then

        -- client must assemble the same header keys

        if type(v) ~= 'string' then return nil end

        table.insert(keys, k)

      end

  end

  -- sorted in alphabetical order

  table.sort(keys)

  for i, key in ipairs(keys) do

      keys[i] = key .. ':' .. headers[key] .. '\n'

  end

  return table.concat(keys)

end

local function calc_sign(key, method, md5, type_, date, oss_headers, resource)

    -- string_to_sign:

    -- method + '\n' + content_md5 + '\n' + content_type + '\n'

    -- + date + '\n' + canonicalized_oss_headers + canonicalized_resource

    local sign_str = string.format('%s\n%s\n%s\n%s\n%s%s',

    method, md5, type_,

    date, oss_headers, resource)

    ngx.log(ngx.ERR, "SignStr:", sign_str, "\n")

    local sign_result = ngx.encode_base64(ngx.hmac_sha1(key, sign_str))

    return sign_result, sign_str

end 

local function oss_auth()

  -- ngx.log(ngx.INFO, 'auth')

  --local method = ngx.var.request_method

  local method = ngx.req.get_method()

  local content_md5 = ngx.var.http_content_md5 or ''

  local content_type = ngx.var.http_content_type or ''

  -- get date

  local date = ngx.var.http_x_oss_date or ngx.var.http_date or ''

  if date == '' then

      date = ngx.http_time(ngx.time())

      -- ngx.log(ngx.INFO, 'Date:', date)

      ngx.req.set_header('Date', date)

  end

  local resource = get_canon_resource()

  local canon_headers = get_canon_headers()

  local sign_result, sign_str = calc_sign(ngx.var.oss_auth_key, method, content_md5,

  content_type, date, canon_headers, resource)

  -- ngx.log(ngx.INFO, 'sign string:', sign_str)

  -- ngx.log(ngx.INFO, 'sign string len:', string.len(sign_str))

  local auth = string.format("OSS %s:%s", ngx.var.oss_auth_id, sign_result)

  ngx.req.set_header('Authorization', auth)

  ngx.exec("@oss")

end 

-- main

res = oss_auth()

if res then

  ngx.exit(res)

end

nginx.conf配置文件

location / {

            root  html;

            index  index.html index.htm;

            set $oss_bucket "xxxx";

            set $oss_auth_id "xxxx";

            set $oss_auth_key "xxxx";

            rewrite_by_lua_file "/soft/nginx/conf/oss_auth.lua";

        }

        location @oss {

            proxy_pass https://xxx.oss-cn-hangzhou.aliyuncs.com;

        }