Nginx-安装配置

middleware , 评论

Nginx-安装配置

版本

centos 7

nginx 1.2x

安装

1
2
3
4
5
6
7
8
9
10
11
yum -y install gcc gcc-c++ make automake autoconf pcre \
pcre-devel zlib zlib-devel openssl openssl-devel libtool

./configure --prefix=/usr/local/nginx \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_gzip_static_module \
--with-pcre --with-stream \
--with-http_v2_module  ## 开启 HTTP/2 

make && make install

配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
user root;
worker_processes auto;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
use epoll;
worker_connections 65535;
#worker工作方式:串行
multi_accept on;
}

#stream {
# log_format proxy '$remote_addr [$time_local] '
# '$protocol $status $bytes_sent $bytes_received '
# '$session_time "$upstream_addr" '
# '"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';
# access_log /var/log/nginx/tcp-access.log proxy ;
# open_log_file_cache off;
# include /etc/nginx/conf.d/*.stream;
#}

http {
include mime.types;
default_type application/octet-stream;

sendfile on;
tcp_nopush on;

## upload
client_max_body_size 2g;

#keepalive_timeout 0;
keepalive_timeout 65;

#### gzip module begin ###
#gzip on;
#gzip_comp_level 4;
#gzip_buffers 4 16k;
#gzip_types text/plain application/javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
#gzip_min_length 5k;
#gzip_vary on;
#gzip_proxied any
#### gzip module end ###

include /usr/local/nginx/conf/conf.d/*.conf;

server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
location = /50x.html {
root html;
}

}

stream模块

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
## nginx从1.9.0开始,新增加了一个stream模块,用来实现四层协议的转发、代理或者负载均衡等
## stream模块的用法和http模块差不多,语法基本一致,支持server,hash, listen, proxy_pass等指令

stream {
    upstream cloudsocket {
       hash $remote_addr consistent;
      # $binary_remote_addr;
       server 172.19.20.7:3306 weight=5 max_fails=3 fail_timeout=300s;
    }

    server {
       listen 3306;#数据库服务器监听端口
       server_name mysql1.tools.hrtop.net;
       proxy_connect_timeout 120s;
       proxy_send_timeout 120;
       proxy_read_timeout 120;
       proxy_buffer_size 256k;
       proxy_buffers 8 128k;
       proxy_pass cloudsocket;
}

ssl配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
server {
        listen       443 ssl;
        server_name  sit.biglovewheat.com;

        ssl_certificate      certs/ssl.crt;
        ssl_certificate_key  certs/ssl.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

        location / {
            root   /nfsdata/dist;
            index  index.html index.htm;
        }
}

websocket

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
upstream websocket{
server hx-app-01:8100 weight=1;
}

server {
listen 8100;

location / {
client_max_body_size 100M;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade; #支持wss
proxy_set_header Connection "upgrade"; #支持wss
proxy_pass http://websocket;
}
location = /50x.html {
root /usr/share/nginx/html;
}
}

重定向问题

1
2
3
4
## https://blog.csdn.net/weixin_34186128/article/details/91742483
if (-d $request_filename){
rewrite [^/]$ $scheme://$http_host$uri/ permanent;
}

retry

1
2
3
4
5
6
location / {
    add_header 'Access-Control-Allow-Origin' '*' always;
    root /opt/nginx/dist-saas-operation-new;
    try_files $uri $uri/ /index.html;
    index  index.html index.htm;
}

自动目录

1
2
3
4
5
6
  location / {
    autoindex on; #是否打开配置自动列目录
    autoindex_exact_size on; #是否打开文件大小展示
    autoindex_localtime on;  #是否打开显示文件的时间
    root /filepath/
}

允许参数带有下划线

1
2
## http模块增加
underscores_in_headers on

biglovewheat老年佛系运维

老年佛系运维 | biglovewheat@126.com