一介闲人
一介闲人
到zlib官网(https://zlib.net/)下载安装包(本文示例:zlib-1.2.13.tar.gz),并上传至安装主机的指定目录(本文以/zlib目录示例)下。
进入安装目录
cd /zlib
解压zlib安装包
tar -vxzf zlib-1.2.13.tar.gz
进去安装包内部
cd zlib-1.2.13
进行编译
./configure --prefix="/zlib"
进行安装
make & make install
到pcre官网提供的下载地址(https://sourceforge.net/projects/pcre/files/pcre/8.45/pcre-8.45.tar.gz/download)下载安装包(本文示例:pcre-8.45.tar.gz),并上传至安装主机的指定目录(本文以/pcre目录示例)下。
注意:pcre推出了pcre2,所以pcre8.45预计将是旧 PCRE 库的最终版本
进入安装目录
cd /pcre
解压pcre安装包
tar -vxzf pcre-8.45.tar.gz
进去安装包内部
cd pcre-8.45
进行编译
./configure --prefix="/pcre"
进行安装
make & make install
到openssl官网(https://www.openssl.org/source/old/1.1.1/openssl-1.1.1w.tar.gz )下载安装包(本文示例:openssl-1.1.1w.tar.gz),并上传至安装主机的指定目录(本文以/openssl目录示例)下。
注意:需下载1.1.1版本使用,字母排序越大,版本越新。
进入安装目录
cd /openssl
解压openssl安装包
tar -vxzf openssl-1.1.1w.tar.gz
进去安装包内部
cd openssl-1.1.1w
进行编译
./config --prefix="/openssl"
进行安装
make & make install
到nginx官网(https://nginx.org/download/nginx-1.24.0.tar.gz )下载安装包(本文示例:nginx-1.24.0.tar.gz),并上传至安装主机的指定目录(本文以/nginx目录示例)下。
进入安装目录
cd /nginx
解压nginx安装包
tar -vxzf nginx-1.24.0.tar.gz
进去安装包内部
cd nginx-1.24.0
进行编译
./configure --prefix="/nginx" --with-zlib=/zlib/zlib-1.2.13 --with-pcre=/pcre/pcre-8.45 --with-openssl=/openssl/openssl-1.1.1w --with-http_stub_status_module --with-http_ssl_module --with-stream
进行安装
make & make install
切换到配置文件目录
cd /nginx/conf
编辑配置文件
vim nginx.conf
编辑内容
#隐藏版本号
server_tokens off;
#负载均衡
upstream xxx {
server 127.0.0.1:85;
server 127.0.0.1:86;
keepalive 256;
}
# http请求转发到https
server {
listen 80;
server_name xxx.com;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection 1;
add_header Content-Security-Policy "default-src 'self'; style-src * 'unsafe-inline'; img-src * data:; object-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; font-src * data:; worker-src * blob:;";
add_header Referrer-Policy value;
add_header X-Permitted-Cross-Domain-Policies value;
add_header X-Download-Options value;
dd_header X-Frame-Options SAMEORIGIN;
#proxy_cookie_path / "/; httponly; secure; SameSite=Lax";
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header Set-Cookie "Path=/; HttpOnly; Secure";
location ^~ / {
rewrite ^(.*)$ https://www.xxx.com$1 permanent;
}
error_page 500 502 503 504 /502.html;
location = /502.html {
root html;
}
error_page 404 /404.html;
location = /404.html {
root html;
}
}
# 前后端分离做转发
server {
listen 80;
server_name xxx.xxx.com;
location / {
root /xxx/xxx/html;
index index.html index.htm;
}
location /xxx.action {
proxy_pass http://127.0.0.1:81/xxx.action ;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
#根据域名后缀区分系统
location /aaa {
alias /xxx/xxx/xxx/html/;
index index.html;
}
location /aaa/bbb {
proxy_pass http://127.0.0.1:88/bbb;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
#正则适配后缀转发策略
location ~ \.php$ {
proxy_pass http://127.0.0.1:89;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
error_page 500 502 503 504 /502.html;
location = /502.html {
root html;
}
error_page 404 /404.html;
location = /404.html {
root html;
}
}
# https配置
server {
listen 443 ssl;
server_name xxx.com;
ssl_certificate /nginx/ssl/xxx.com_chain.crt;
ssl_certificate_key /nginx/ssl/xxx.com_key.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache shared:SSL:1m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location /xxx {
proxy_pass http://127.0.0.1:82 ;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location / {
root /xxx/html;
index index.html index.htm;
}
error_page 500 502 503 504 /502.html;
location = /502.html {
root html;
}
error_page 404 /404.html;
location = /404.html {
root html;
}
}
若是需要tcp配置 在与http同一级别目录下配置以下信息
stream{
upstream tcp_xxx {
hash $remote_addr consistent;
server 127.0.0.1:8080 max_fails=5 fail_timeout=60s;
}
server{
listen 87;
proxy_connect_timeout 60s;
proxy_timeout 5m;
proxy_pass tcp_xxx;
}
}
切换到执行文件目录下
cd /nginx/sbin
常用命令
#查看版本
./nginx -v 或 ./nginx -V
#检查配置文件
./nginx -t
#启动nginx服务
./nginx
#停止nginx服务
./nginx -s stop 或 ./nginx -s quit
#重启nginx服务
./nginx -s reload
#指定配置文件启动
./nginx -c ../conf/nginx.conf
#帮助
./nginx -?,-h
评论