朋友们,我们通过工作中实际应用到的技术,需要进行ningx配置,通过nginx配置,可以通过实现一下几点:
https访问项目
配置域名
http转化https路径访问
通过代理路径访问不同项目
解决安全报告问题
解决密码套件问题
固定访问静态文件夹
通过设置服务进行负载均衡
进行IP代理
一、配置ssl证书
通常我们购买私人服务器,一定会想着买一个ssl证书,那我们通过ssl证书,在这里默认使用nginx进行配置访问443端口
1.1、SSL证书
以下我通过腾讯云举例进行:
进入网页链接: 腾讯云官网,搜索SSL,进行购买,购买完成之后,进行下载证书
我们会下载nginx的版本
下载完成会有这样的4个文件,但是部署到服务器上只需要两个即可
server {
#SSL 访问端口号为 443
listen 443 ssl;
#填写绑定证书的域名
server_name cloud.tencent.com;
#证书文件名称
ssl_certificate cloud.tencent.com_bundle.crt;
#私钥文件名称
ssl_certificate_key cloud.tencent.com.key;
ssl_session_timeout 5m;
#请按照以下协议配置
ssl_protocols TLSv1.2 TLSv1.3;
#请按照以下套件配置,配置加密套件,写法遵循 openssl 标准。
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
#网站主页路径。此路径仅供参考,具体请您按照实际目录操作。
#例如,您的网站运行目录在/etc/www下,则填写/etc/www。
root html;
index index.html index.htm;
}
}
重新启动nginx服务器
./nginx -s reload
二、监听其他端口,映射静态文件
配置服务访问端口
与server平级即可
server {
listen 8005;
location / {
try_files $uri $uri/ @router;
root /project/xxx/dist;
index index.html index.htm;
}
location @router{
rewrite ^.*$ /index.html last;
}
}
三、指定端口监听路径,访问地址
在监听端口中,重新指向其他端口进行配合,总体与《二》进行配合使用
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8005/;
}
四、基础配置
通过以下配置可以达到:
https访问项目
http转化https路径访问
解决密码套件问题
固定访问静态文件夹
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 8005;
location / {
try_files $uri $uri/ @router;
root /project/soft-emoji-frontend/dist;
index index.html index.htm;
}
location @router{
rewrite ^.*$ /index.html last;
}
}
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
#### http_referer fix
if ($http_Host !~* ^127.0.0.1$|^xxx.xxx.xxx.xxx$) {
return 403;
}
#### http_referer fix
valid_referers none blocked server_names xxx.xxx.xxx.xxx *.baidu.com;
if ($invalid_referer) {
return 403;
}
location / {
rewrite ^(.*)$ https://xxx.xxx.xxx.xxx$1 permanent;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
server {
listen 443 ssl;
server_name www.xxx.com;
ssl_certificate /home/config/xxx.cn_bundle.crt;
ssl_certificate_key /home/config/xxx.cn.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8005/;
}
}
}
启动时,报错pid找不到执行一下命令
./nginx -c /usr/local/nginx-1.18.0/conf/nginx.conf
./configure --add-module=/usr/local/fastdfs-nginx-module-1.22/src --prefix=/usr/local/nginx --with-http_ssl_module
停止服务
ps aux|grep nginx
kill -QUIT