//系统
CentOS Linux release 7.7.1908 (AltArch)
//firewall设置
//开始安装
//nginx版本信息
nginx version: nginx/1.16.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --with-http_ssl_module --with-pcre --with-http_stub_status_module
//自定义配置文件,进行配置调整
./cert/
├── webb.hgtop.xyz.key
└── webb.hgtop.xyz.pem
//webb.hgtop.xyz是我使用的域名
//检查nginx配置文件语法
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /usr/local/nginx/conf/vhost/vhost.co
nf:11nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
//配置nginx启动脚本、启动Nginx、配置开机启动服务
//浏览器访问,成功即可
https://webb.hgtop.xyz
/注意:要使用nginx_status 模块,不能使用https访问,如 https://webb.hgtop.xyz/nginx_status。
//不能使用rewrite语句,实现http访问自动跳转到https页面,否则nginx_status 模块失效
//测试nginx_status 模块
Active connections: 1
server accepts handled requests
92 92 65
Reading: 0 Writing: 1 Waiting: 0
user apache apache;
worker_processes auto;
error_log /usr/local/nginx/logs/nginx_error.log crit;
pid /usr/local/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 1024;
}
http
{
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 3526;
server_names_hash_max_size 4096;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /usr/local/nginx/logs/access.log main;
sendfile on;
tcp_nopush on;
keepalive_timeout 30;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
connection_pool_size 256;
client_header_buffer_size 1k;
large_client_header_buffers 8 4k;
request_pool_size 4k;
output_buffers 4 32k;
postpone_output 1460;
client_max_body_size 10m;
client_body_buffer_size 256k;
client_body_temp_path /usr/local/nginx/client_body_temp;
proxy_temp_path /usr/local/nginx/proxy_temp;
fastcgi_temp_path /usr/local/nginx/fastcgi_temp;
fastcgi_intercept_errors on;
tcp_nodelay on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 8k;
gzip_comp_level 5;
gzip_http_version 1.1;
gzip_types text/plain application/x-Javascript text/css text/htm
application/xml;
include vhost/*.conf;
}
server {
listen 80;
server_name localhost;
rewrite ^(.*)$ https://$host$1 permanent;
root html;
index index.html index.htm;
location / {
index index.html index.htm;
}
location = /nginx_status {
stub_status on;
access_log off;
}
}
server {
listen 443 ssl;
server_name localhost;
root html;
index index.html index.htm;
ssl_certificate cert/webb.hgtop.xyz.pem;
ssl_certificate_key cert/webb.hgtop.xyz.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
index index.html index.htm;
}
}
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target