引言
1. 通过yum安装nginx
安装环境基于linux centos7。
1.1 安装依赖包
yum -y install gcc gcc-c++ autoconf pcre pcre-devel make automake zlib zlib-devel
yum -y install wget httpd-tools vim
1.2 查找nginx yum源
在nginx官网查找yum源信息 nginx.org/en/download…
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
系统是centos7,修改配置$releasever为7
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
1.3 配置nginx yum源
/etc/yum.repos.d文件夹下新建文件nginx.repo
将1.3中的配置文件复制进去。
[root@VM-8-16-centos yum.repos.d]# ls
CentOS-Base.repo CentOS-Epel.repo nginx.repo
1.4 列出nginx相关版本
yum list|grep nginx
1.5 安装nginx
yum install nginx
1.6 查看nginx版本信息
[root@VM-8-16-centos yum.repos.d]# nginx -v
nginx version: nginx/1.24.0
2. nginx常用命令
# 开启nginx
nginx
# 指定配置文件开启nginx
nginx -c [path]
# nginx平滑重启
nginx -s reload
# nginx立即停止
nginx -s stop
# nginx平滑停止
nginx -s quit
4. Nginx使用示例
配置静态资源
配置服务端口
location / {
if ($request_filename ~* .*\.(?:htm|html)$){
add_header Cache-Control "private, no-store, no-cache, must-revalidate, proxy-revalidate";
add_header Content-Security-Policy "script-src * 'unsafe-inline' 'unsafe-eval'";
add_header Referrer-Policy origin;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header X-Content-Type-Options nosniff;
add_header X-Download-Options noopen;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Permitted-Cross-Domain-Policies master-only;
add_header X-Xss-Protection "1;mode=block";
}
root /***/***;
index index.html index.htm;
if (!-e $request_filename) {
rewrite ^/(.*) /index.html last;
break;
}
}
# 转发接口
location /**** {
proxy_pass http://0.0.0.0/****/;
}
配置WebSocket
Nginx map指令是由ngx_http_map_module模块提供的。
map的主要作用是创建自定义变量,用Nginx的内置变量去匹配某些特定规则,如果匹配成功则设置某个值给自定义变量。而这个自定义变量又可以作于他用。
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
$http_upgrade就是Nginx的一个内置变量,用来表示Http请求头Upgrade。如果Upgrade请求头为'',则$connection_upgrade自定义变量为close。否则,自定义变量默认为upgrade。
以下示例。
# 自定义变量 $connection_upgrade
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 8090;
server_name localhost;
location / {
proxy_pass http://localhost:8090;
proxy_redirect off;
proxy_set_header Host $host;
proxy_read_timeout 3600s;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1; #http版本是1.1
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
配置HTTPS
server {
listen 443;
# localhost可以替换为域名
server_name localhost;
ssl on;
root html;
index index.html index.htm;
# .pem采用Base64-encoded的PEM格式文本文件
ssl_certificate ****/****.pem;
# .key文件:证书的私钥文件
ssl_certificate_key ****/****.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
4. Nginx配置文件
4.1 Nginx层级
- 全局块
- Server
- events
- server
Access Log
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
}
$remote_addr请求者IP$remote_userHTTP授权用户,如果不使用Http-based认证方式,其值为空[$time_local]服务器时间戳$requestHTTP请求类型(如GET,POST等)+HTTP请求路径(不含参数)+HTTP协议版本$status服务器返回的状态码(如200,404,5xx等)$body_bytes_sent服务器响应报文大小,单位byte$http_refererreferer字段值$http_user_agentUser Agent字段
proxy_set_header是nginx设置请求头给上游服务器, add_header是nginx设置响应头信息给浏览器。
proxy_set_header:即允许重新定义或添加字段传递给代理服务器的请求头。该值可以包含文本、变量和它们的组合。
