1. Nginx 安装
在CentOS 7 及以上版本,可通过 yum 安装 Nginx
1. 安装 yum-utils
yum install yum-utils
2. 创建 repo 文件 输入以下信息
vim /etc/yum.repos.d/nginx.repo
#@@@
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
#@@@
3. 安装
yum install nginx
4. 查看安装结果
rpm -qa | grep nginx
5. Nginx 状态
启动:systemctl start nginx
重启:systemctl restart nginx
开机自启:systemctl enable nginx
查看状态:systemctl status nginx
重新加载:cd /usr/sbin nginx -s reload
2. Nginx 配置
通过修改 nginx.conf 文件来实现请求代理
user nginx;
worker_processes 1;
# 指定日志地址
error_log /var/log/nginx/error.log warn;
# 设置进程ID
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
# 设置 HTTP 请求代理
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
# 日志格式化
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
# 日志地址
access_log /var/log/nginx/access.log main;
sendfile on;
# Nginx安全基线漏洞:server_tokens指令负责在错误页面和ServerHTTP响应头字段中显示NGINX版本号和操作系统版本。 不应显示此信息
server_tokens off;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
# 负载均衡:指定别名服务端地址
upstream server-api {
server 192.168.255.139:26666;
}
# 服务端配置
server {
# 指定监听端口
listen 31666;
# 设置域名
server_name super.vms.com;
# 静态代理配置
location / {
# IP白名单,即仅127.0.0.1准入
#allow 127.0.0.1;
#deny all;
#IP黑名单,即仅127.0.0.1拦截
#deny 127.0.0.1;
# 静态代理:指定代理的静态资源文件地址
root /usr/local/vms-vue/;
# 请求转发:将转发到该链接
#proxy_pass http://baidu.com;
#proxy_cache cache_image;
#proxy_cache_key $uri$is_args$args;
#proxy_cache_valid 200 206 14d;
# 设置请求头跨域参数
add_header Access-Control-Allow-Origin '*';
add_header Access-Control-Allow-Credentials 'true';
add_header Access-Control-Allow-Methods 'POST, PUT, GET, OPTIONS, DELETE';
add_header Access-Control-Allow-Headers 'x-requested-with, Authorization, Content-Type, syId, timestamp,appCode,token,If-None-Match,brand,channel,signature,appId,nonce,mils,sign,clientId,reqTime';
}
# 通过该 URL 路径节替换请求后端地址
location /prod-api/ {
rewrite ^/prod-api/(.*) /$1 break;
proxy_pass http://server-api;
}
# Nginx安全基线漏洞:禁用隐藏文件是一种深度防御机制,有助于防止意外泄露敏感信息。
location ~ /\. {
deny all;
}
}
}