nginx
安装
wget -c https://nginx.org/download/nginx-1.11.6.tar.gz
tar -zxvf nginx-1.11.6.tar.gz
cd nginx-1.11.6
// 安装依赖
yum install gcc-c++
yum install -y pcre pcre-devel
yum install -y zlib zlib-devel
yum install -y openssl openssl-devel
//配置
./configure
//安装
make install
//检测是否成功
whereis nginx
目录
/usr/local/nginx/sbin/ 命令目录
/usr/local/nginx/conf 配置目录
nginx.conf 配置文件
cp nginx.conf nginx.conf.back 配置前先备份
基本操作
./nginx 开启
./nginx -s stop 先查出nginx进程id再使用kill命令强制杀掉进程
./nginx -s quit 待nginx进程处理任务完毕进行停止
./nginx -s reload 重启
ps aux|grep nginx 查看进程
配置开机自启
vi /etc/rc.local
添加 /usr/local/nginx/sbin/nginx
chmod 755 /etc/rc.local
配置静态目录
1.配置alias目录方式 虚拟方式,暴露出来的并不是服务器上的真实路径
location / {
alias /var/www/static/;
index index.html index.htm;
}
2.配置root目录方式,暴露出来的是服务器上的真实路径
location / {
root /var/www/static/;
index index.html index.htm;
}
如果是
location /abc {
root /var/www/static/;
index index.html index.htm;
}
服务器上必须有对应的/var/www/static/abc
check interval=10000 rise=2 fall=5 timeout=1000 type=http;
check\_http\_send "HEAD / HTTP/1.0";
check\_http\_expect\_alive http\_2xx http\_3xx http\_4xx http_5xx;
nginx -t
ps -ef | grep nginx
upstream moiot_b {
server 10.221.39.144:8011 weight=1;
check interval=10000 rise=2 fall=5 timeout=1000 type=http;
check_http_send "HEAD / HTTP/1.0\r\n\r\n";
check_http_expect_alive http_2xx http_3xx http_4xx http_5xx;
}
upstream moiot_a {
server 10.221.39.79:8011 weight=1;
check interval=10000 rise=2 fall=5 timeout=1000 type=http;
check_http_send "HEAD / HTTP/1.0\r\n\r\n";
check_http_expect_alive http_2xx http_3xx http_4xx http_5xx;
}
server {
listen 80;
server_name moiot.jd.com;
access_log /xxxx main;
error_log /xxx warn;
proxy_intercept_errors off;
ignore_invalid_headers off;
client_max_body_size 512M;
proxy_send_timeout 600s;
proxy_read_timeout 600s;
gzip on;
gzip_http_version 1.1;
gzip_buffers 256 64k;
gzip_comp_level 5;
gzip_min_length 1000;
gzip_types application/x-javascript text/javascript text/css;
location /pass/{
rewrite ^/pass/(.*)$ /$1 break;
proxy_buffering off;
proxy_pass http://moiot_b;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /pass_a/{
rewrite ^/pass_pre/(.*)$ /$1 break;
proxy_buffering off;
proxy_pass http://moiot_a;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
白名单
location ^~ /test/ {
allow 10.xx.xxx.172;
deny all;
location 内
如果不匹配121.42.0.19 和192.168.0.0/24 则返回403
if $http_x_forwarded_for !~ (121.42.0.19|192.168.0")) {
return 403;
break;
}
- 重新赋值真实ip方法,因为如果没有额外的代理服务器,真实ip是$remote_addr,http_x_forwarded_for 为空,所以此方法兼容用代理和不用代理
写在location 外
map $http_x_forwarded_for $clientRealIp {
"" $remote_addr;
~^(?P<firstAddr>[0-9\.]+),?.*$ $firstAddr;
}
location 内
如果不匹配121.42.0.19 和192.168.0.0/24 则返回403
if ($clientRealIp !~ (121.42.0.19|192.168.0")) {
return 403;
break;
}