先准备好域名,并且将域名解析到装载nginx的服务器。域名可以上阿里云、百度云上申请
然后安装一些重要的依赖包gcc、pcre-devel、zlib-devel、openssl-dev
yum -y install gcc pcre-devel zlib-devel openssl openssl-dev
yum -y install openssl openssl-devel
下载Nginx包:
[root@BigBoss software]# wget http://nginx.org/download/nginx-1.18.0.tar.gz
解压Nginx包:
tar -zxvf nginx-1.18.0.tar.gz
进入解压后的文件夹,:
cd nginx-1.18.0
然后进行编译安装(PS: --with-http_ssl_module --with-http_v2_module 表示增强配置ssl、http2;http2要求 nginx1.9.5以上 --prefix=/usr/local/nginx表示指定安装目录,如不指定则默认在/usr/local/文件夹下):
./configure --with-http_ssl_module --with-http_v2_module --prefix=/usr/local/nginx
[root@BigBoss nginx-1.18.0]# make && make install
待安装完成后,Nginx的安装目录会放在/usr/local文件夹下:
启动Nginx:进入Nginx所安装的目录,找到sbin文件夹并进入
[root@BigBoss /]# cd /usr/local/nginx/sbin/
[root@BigBoss sbin]# ll
total 3764
-rwxr-xr-x 1 root root 3851976 Apr 9 12:10 nginx
执行启动命令 , 然后再用管道命令查看Nginx运行状态:
[root@BigBoss sbin]# ./nginx
[root@BigBoss sbin]# ps -ef|grep nginx
root 21553 1 0 12:19 ? 00:00:00 nginx: master process ./nginx
nobody 21554 21553 0 12:19 ? 00:00:00 nginx: worker process
root 21556 11122 0 12:19 pts/0 00:00:00 grep --color=auto nginx
nginx安装完成,接下来就是对ssl以及http2的增强配置了。
修改nginx配置文件中的server模块,具体如下:
server{
listen 80;
listen 443 ssl http2;
ssl_certificate /etc/letsencrypt/live/www.babygirls.buzz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.babygirls.buzz/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_buffer_size 1400;
add_header Strict-Transport-Security max-age=15768000;
ssl_stapling on;
ssl_stapling_verify on;
server_name www.babygirls.buzz;
access_log /usr/local/nginx/logs/www.babygirls.buzz/access.log combined;
index index.html index.htm index.php;
if ($ssl_protocol = "") { return 301 https://$host$request_uri; }
location /v2ray {
proxy_pass http://127.0.0.1:1314;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
}
}
其中ssl_certificate是ssl证书的证书路径,ssl_certificate_key是证书私钥路径。server_name 对应映射到本机的域名地址。proxy_pass 代理的是服务器中的另一个服务。
来测试下配置文件是否OK:
[root@BigBoss sbin]# pwd
/usr/local/nginx/sbin
[root@BigBoss sbin]# ./nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
配置文件没问题,然后平滑重启下Nginx:
[root@BigBoss sbin]# ./nginx -s reload
再通过域名测试下nginx是否配置成功:
搞定!!!