linux centos安装nginx
1.安装依赖
yum -y install gcc-c++ pcre-devel zlib zlib-devel openssl openssl-devel
2.下载
wget http://nginx.org/download/nginx-1.18.0.tar.gz
3.解压缩
tar -zxvf nginx-1.18.0.tar.gz
4.进入目录
cd nginx-1.18.0
5.执行./configure
ps:可以使用./configure --prefix=/usr/nginx方式指定安装目录
可以通过whereis nginx查询安装位置
默认安装在/usr/local/nginx
./configure --with-http_ssl_module
6.执行make和make install
make
make install
7.配置nginx
进入配置文件夹
cd /usr/local/nginx/conf
打开配置文件
vim nginx.conf
增加配置
include vhost/*.conf;
注释原先的server配置
创建配置文件夹
mkdir vhost
进入vhost
cd vhost
创建配置文件
vim xxx.conf
增加http配置
server {
#default_type 'text/html';
#charset utf-8;
listen 80;
autoindex on;
server_name 地址;#如果拦截到此请求不用带http:// 多个地址用空格隔开
access_log /usr/local/nginx/logs/access.log combined;
index index.html index.htm index.jsp index.php;
#error_page 404 /404.html;
if ( $query_string ~* ".*[\;'\<\>].*" ){
return 404;
}
location / {
proxy_pass 地址;#转发到这里地址最后带/
add_header Access-Control-Allow-Origin *;
}
}
如果使用openssl自签名生成的证书实现的https访问则使用以下配置
server {
listen 80;
server_name xxx.com;#可以是ip
rewrite ^(.*) https://$server_name$1 permanent;
}
upstream backend {
server 127.0.0.1:3000;
}
server {
listen 443 ssl;
server_name xxx.com;#可以是ip
# You can increase the limit if your need to.
client_max_body_size 200M;
#error_log /var/log/nginx/rocketchat.access.log;
ssl_certificate /usr/local/nginx/conf/ssl/b/xxx.com.crt;#openssl生成
ssl_certificate_key /usr/local/nginx/conf/ssl/b/xxx.com.key;#openssl生成
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don’t use SSLv3 ref: POODLE
location / {
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;
}
}
重启nginx
nginx常用命令
测试配置是否正确
安装目录下的/nginx/sbin/nginx -t
启动命令
安装目录下的/nginx/sbin/nginx
停止命令
安装目录下的/nginx/sbin/nginx -s stop
重启命令
安装目录下的/nginx/sbin/nginx -s reload
查看nginx进程
ps -ef|grep nginx
平滑重启
Kill -HUP (nginx进程号)
增加防火墙的访问权限
vim /etc/sysconfig/iptables
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
service iptables restart