前提
- centos服务器
- nginx 1.20.2,nginx.org/download/ng…
- PCRE,让 Nginx 支持 Rewrite 功能。downloads.sourceforge.net/project/pcr…
- 安装目录 /usr/local/nginx
- 源码下载目录 /usr/local/src
安装编译工具及库文件
yum -y install make zlib zlib-devel gcc-c++ libtool openssl openssl-devel
安装 PCRE
1.进入指定目录 cd /usr/local/src/
2. 下载安装包 wget http://downloads.sourceforge.net/project/pcre/pcre/8.35/pcre-8.35.tar.gz
3. 解压 tar zxvf pcre-8.35.tar.gz
4. 进入源码目录 cd pcre-8.35
5. 编译安装 ./configure
6. 编译安装 make && make install
7. 验证 pcre-config --version
安装 Nginx
1. cd /usr/local/src/
2. wget http://nginx.org/download/nginx-1.20.2.tar.gz
3. tar zxvf nginx-1.20.2.tar.gz
4. cd nginx-1.20.2
5. 配置nginx支持ssl,并把nginx安装再/usr/local/nginx中 ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-pcre=/usr/local/src/pcre-8.35
6. make
7. make install
8. /usr/local/nginx/sbin/nginx -v
nginx配置
server {
# listen 80 default backlog=2048;
# ssl证书默认监听端口443
listen 443 ssl;
# 域名
server_name xxxx.com;
charset utf-8;
fastcgi_buffers 256 4k;
proxy_buffering on;
proxy_buffer_size 1024k;
proxy_buffers 100 1024k;
proxy_busy_buffers_size 2048k;
# 证书目录
ssl_certificate xx/xx/xx.crt;
ssl_certificate_key xxx/xxx/xx.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
# 前端的安装包部署目录
root /root/webapp/dist/;
index index.html index.htm;
try_files $uri $uri/ /index.html;
if (!-e $request_filename){
rewrite ^(.*)$ /index.html last;
}
tcp_nodelay on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
# 当接口https:
location /xxapi/ {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http:
}
# 静态资源缓存
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|ico)$ {
root /root/webapp/dist/;
if (-f $request_filename) {
expires 30d;
break;
}
}
# 静态资源缓存
location ~ .*\.(js|css)?$ {
root /root/webapp/dist/;
if (-f $request_filename) {
expires 15d;
break;
}
}
access_log off;
}
ngix 命令
进入到nginx的安装目录:/usr/local/nginx
启动 ./nginx
指定配置文件启动 ./nginx -c /usr/local/nginx/conf/nginx.conf
停止 ./nginx -s quit或者 ./nginx -s stop
重启 ./nginx -s reload
查看进程 ps aux |grep nginx
其他相关
sudo lsof -i -P -n | grep LISTEN
sudo netstat -tulpn | grep LISTEN
前端让http自定升级成https
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
nginx遇到的故障
- http status报423错误,nginx默认的请求最大size是2m,通过 client_max_body_size 8m;改大即可
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 8m;
- 前端显示nginx 500 error,可能的原因有两个。nginx指定的root目录路径不对,或者使用的用户不对,所以解决方案有两个:
检查root的目录
或者 user root;
- open() "/usr/local/nginx/logs/nginx.pid" failed (2: No such file or directory)
指定nginx的配置文件即可
./nginx -c /usr/local/nginx/conf/nginx.conf
- 保护多版本库:zlib-1.2.7-19.el7_9.x86_64 != zlib-1.2.7-15.el7.i686
yum install --setopt=protected_multilib=false zlib
- File contains no section headers.
file: file:///etc/yum.repos.d/CentOS-Base.repo, line: 1
'--2022-03-18 06:48:14-- mirrors.aliyun.com/repo/Centos…'
yum源没有安装
rm -f /etc/yum.repos.d/CentOS-Base.repo
wget -O /etc/yum.repos.d/CentOS-Base.repo http:
yum clean all
- 开放80端口
firewall-cmd --zone=public --add-port=80/tcp --permanent
systemctl restart firewalld.service
- 浏览器输入域名自动跳转成https
通过301的状态跳转到https的地址
server {
listen 80;
server_name xxxx.com;
return 301 https://$server_name$request_uri;
}
- 升级http2.0
1. 先编译http2模块
./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module --with-http_v2_module
2. 启动http2协议
listen 443 ssl http2;
