Nginx 安装、使用

1. Nginx 安装

在CentOS 7 及以上版本，可通过 yum 安装 Nginx

1. 安装 yum-utils
yum install yum-utils

2. 创建 repo 文件 输入以下信息
vim /etc/yum.repos.d/nginx.repo

#@@@
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
#@@@

3. 安装
yum install nginx

4. 查看安装结果
rpm -qa | grep nginx

5. Nginx 状态
启动：systemctl start nginx
重启：systemctl restart nginx
开机自启：systemctl enable nginx
查看状态：systemctl status nginx
重新加载：cd /usr/sbin   nginx -s reload

2. Nginx 配置

通过修改 nginx.conf 文件来实现请求代理

user  nginx;
worker_processes  1;

# 指定日志地址
error_log  /var/log/nginx/error.log warn;
# 设置进程ID
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

# 设置 HTTP 请求代理
http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    # 日志格式化
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    # 日志地址
    access_log  /var/log/nginx/access.log  main;

    sendfile        on;

    #  Nginx安全基线漏洞：server_tokens指令负责在错误页面和ServerHTTP响应头字段中显示NGINX版本号和操作系统版本。 不应显示此信息
    server_tokens off;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
        # 负载均衡：指定别名服务端地址
        upstream server-api {
                server 192.168.255.139:26666;
         }
        # 服务端配置
        server {
                # 指定监听端口
                listen       31666;
                # 设置域名
                server_name  super.vms.com;
                
                # 静态代理配置
                location / {
                        # IP白名单，即仅127.0.0.1准入
                        #allow 127.0.0.1;
                        #deny all;
                        #IP黑名单，即仅127.0.0.1拦截
                        #deny 127.0.0.1;
                        # 静态代理：指定代理的静态资源文件地址
                        root /usr/local/vms-vue/;
                        # 请求转发：将转发到该链接
                        #proxy_pass http://baidu.com;

                        #proxy_cache cache_image;
                        #proxy_cache_key $uri$is_args$args;
                        #proxy_cache_valid 200 206 14d;
                        # 设置请求头跨域参数
                        add_header Access-Control-Allow-Origin '*';
                        add_header Access-Control-Allow-Credentials 'true';
                        add_header Access-Control-Allow-Methods 'POST, PUT, GET, OPTIONS, DELETE';
                        add_header Access-Control-Allow-Headers 'x-requested-with, Authorization, Content-Type, syId, timestamp,appCode,token,If-None-Match,brand,channel,signature,appId,nonce,mils,sign,clientId,reqTime';
                }
                
                # 通过该 URL 路径节替换请求后端地址
                location /prod-api/ {
                        rewrite ^/prod-api/(.*) /$1  break;
                        proxy_pass  http://server-api;
                }
                
                # Nginx安全基线漏洞：禁用隐藏文件是一种深度防御机制，有助于防止意外泄露敏感信息。
                location ~ /\. { 
                        deny all; 
                }
        }

}