安装Nginx1.12
将nginx-1.12.0.tar 和nginx.init 拷贝到/soft下
下载地址:http://nginx.org/en/download.html
-
安装ssl
yum -y install zlib zlib-devel openssl openssl-devel pcre pcre-devel
-
创建用户
useradd nginx -s /sbin/nologin -M
-
直接下载
.tar.gz
安装包,地址:https://nginx.org/en/download.html -
编译并安装ssl模块
tar -xvf nginx-1.12.0.tar
cd nginx-1.12.0
./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module
make && make install
-
软连接执行文件和配置文件
ln -s /usr/local/nginx/sbin/nginx /usr/sbin/
ln -s /usr/local/nginx/conf /etc/nginx
-
制作自启动
mv nginx.init /etc/init.d/nginx
chmod +x /etc/init.d/nginx
chkconfig --add nginx
chkconfig nginx on
-
创建服务器私钥
cd /etc/nginx
输入一个口令openssl genrsa -des3 -out server.key 1024
将口令制作成签名证书openssl req -new -key server.key -out server.csr
制作解密后的私钥openssl rsa -in server.key -out server_nopwd.key
openssl x509 -req -days 365 -in server.csr -signkey server_nopwd.key -out server.crt
-
修改配置文件
mkdir /etc/nginx/conf.d
mkdir /var/log/nginx
vi /etc/nginx/nginx.conf
# 指定服务器运行账户
user nginx;
# 开启进程数
worker_processes auto;
worker_rlimit_nofile 100000;
#全局错误日志定义类型
error_log logs/error.log info;
#进程号保存文件
pid /var/run/nginx.pid;
events {
worker_connections 2048;
multi_accept on;
use epoll;
}
http {
include /usr/local/nginx/conf/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log off;
charset UTF-8;
server_tokens off;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
client_header_timeout 10;
client_body_timeout 10;
gzip on;
gzip_comp_level 6;
gzip_proxied any;
gzip_min_length 1000;
open_file_cache max=100000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
limit_conn_zone $binary_remote_addr zone=addr:5m;
limit_conn addr 100;
}
制作反向代理vi /etc/nginx/conf.d/www.test.com.conf
server {
listen 80;
server_name www.test.com;
location / {
root html;
index index.html index.htm;
proxy_redirect off;
#这里指向你要代理的地址
proxy_pass http://127.0.0.1:8012;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
#后端的Web服务器可以通过X-Forwarded-For获取用户真实IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
client_max_body_size 1024m;
client_body_buffer_size 128k;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location ~ /.ht {
deny all;
}
}
制作SSL监听vi /etc/nginx/conf.d/www.testssl.com.conf
server {
listen 443 ssl;
listen 80;#用户习惯用http访问,加上80,后面通过497状态码让它自动跳到443端口
server_name 127.0.0.1;
ssl_certificate cert.pem;
ssl_certificate_key cert.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
#配置反向代理
location /matsuoka_japan/ {
#root html;
#index index.html index.htm;
#这里指向你要代理的地址
proxy_pass http://127.0.0.1:8001/matsuoka_japan/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
#后端的Web服务器可以通过X-Forwarded-For获取用户真实IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
client_max_body_size 1024m;
client_body_buffer_size 128k;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
#代理本地文件
location /var/ {
root /;
rewrite ^/var/(.*)$ /var/$1 break;
}
#图片缓存时间
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 10d;
}
#js和css缓存时间
location ~ .*\.(js|css)?$
{
expires 1h;
}
#让http请求重定向到https请求
error_page 497 https://$host$uri?$args;
}