nginx安装与代理配置
Nginx编译脚本
把该一键执行脚本与nginx-1.18.0.tar.gz安装脚本上传到服务器,执行脚本即可
tar -zxvf nginx-1.18.0.tar.gz -C /usr/local/
cd /usr/local/nginx-1.18.0
groupadd www
useradd -g www www
./configure --user=www --group=www --prefix=/usr/local/nginx --with-stream --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-stream_realip_module --with-threads
make
make install
/usr/local/nginx/sbin/nginx -V
systemd系统启停服务
echo "
[Unit]
Description=nginx service
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/lolca/nginx/sbin/nginx -s quit
PrivateTmp=true
[Install]
WantedBy=multi-user.target" >>/etc/systemd/system/nginx.service
Nginx配置httpss
首先获取ssl证书,这里配置的是从腾讯云获取的免费证书。配置如下
server {
listen 443 ssl;
server_name pan.codehome.vip;
ssl_certificate /usr/local/nginx/ssl/pan.crt;
ssl_certificate_key /usr/local/nginx/ssl/pan.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root /var/www/html;
index index.html index.htm;
}
}
Nginx配置Tcp代理
这里演示是Nginx代理Emqx
stream {
upstream mqtt1883 {
server tcpip:tcp端口 weight=1;
server 172.19.1.4:1883 weight=1;
server 172.19.1.5:1883 weight=1;
}
server {
listen 1883;
proxy_pass mqtt1883;
proxy_buffer_size 3M;
tcp_nodelay on;
}
}
Nginx代理websocket
server {
listen 8083;
server_name localhost;
client_max_body_size 100M;
location / {
proxy_redirect off;
proxy_pass http://127.0.0.1:8083; #这里为http和上面的https有所区别
proxy_set_header Host $host;
# 反向代理保留客户端地址
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
# WebSocket 额外请求头
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
Nginx代理后台接口
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
client_max_body_size 20m;
#增加安全同源策略
#add_header X-Frame-Options DENY #表示该页面不允许在 frame 中展示,即便是在相同域名的页面中嵌套也不允许
#add_header X-Frame-Options SAMEORIGIN #表示该页面可以在相同域名页面的 frame 中展示。
#add_header X-Frame-Options "ALLOW-FROM domain.com" #表示该页面可以在指定来源的 frame 中展示。
# add_header Content-Security-Policy "frame-ancestors domain.com" #表示该页面可以在指定来源的 frame 中展示
#开启zip压缩
gzip on;
#大于1k开始压缩
gzip_min_length 1k;
#压缩缓冲区大小4个32k的内存作为压缩结果流缓存
gzip_buffers 4 32k;
#压缩比例越大越压缩多,但是消耗cpu资源多
gzip_comp_level 6;
gzip_types text/css text/xml application/javascript application/json;
upstream api {
server 192.30.1.1:9000 max_fails=3 fail_timeout=60s;
server 192.30.1.2:9000 max_fails=3 fail_timeout=60s;
}
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root /var/www/html;
index index.html index.htm;
}
location /nginx_status {
stub_status on;
access_log off;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location ^~ /api/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://api/;
}
}
}
版权声明:
本站所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来自
编程之家!
喜欢就支持一下吧
