Nginx学习(十三)centos7部署nginx并配置负载均衡、反向代理、websocket、限流、https、http转https

最新推荐文章于 2024-07-20 17:25:30 发布

码农-文若书生

最新推荐文章于 2024-07-20 17:25:30 发布

阅读量562

点赞数

分类专栏： nginx 文章标签： nginx nginx安装 nginx部署 nginx配置https nginx依赖包

本文链接：https://blog.csdn.net/u011943534/article/details/118384917

版权

nginx 专栏收录该内容

14 篇文章 1 订阅

订阅专栏

1、安装依赖包

yum install -y  gcc gcc-c++ make automake autoconf libtool pcre* zlib openssl openssl-devel

2、下载nginx
下载地址：http://nginx.org/download/

3、安装nginx

	tar -zvxf nginx-1.20.0.tar.gz
	mv nginx-1.20.0.tar.gz nginx
	cd nginx
	./configure --prefix=/usr/local/nginx --with-http_ssl_module
	make & make install

4、准备ssl证书
进入nginx目录

	mkdir sslkey
	cd sslkey
	openssl genrsa -des3 -out server.key 1024
	openssl req -new -key server.key -out server.csr
	openssl req -x509 -days 3650 -key server.key -in server.csr > server.crt
	openssl rsa -in server.key -out server.key.unsecure

5、替换nginx/conf/nginx.conf文件


#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;
	
	geo $limited {
		default 1;
		127.0.0.1/32 0;
		192.168.100.0/24 0;
	}
	map $limited $limit {
		1 $binary_remote_addr;
		0 "";
	}
	limit_req_zone $limit zone=req_aming:80m rate=800r/s;
	limit_conn_zone $binary_remote_addr zone=conn_aming:80m;
	
	upstream newframe {
       server    192.168.100.88:7901;
	}

    server {
        limit_conn conn_aming 600;
        listen   81;
        server_name  172.16.10.168;
			#以前转发写法，现在还可以用
    		#rewrite ^(.*) https://172.16.10.168:1443$1 permanent;
			#新的转发写法
			return 301 https://172.16.10.168:1443$request_uri;
    }

    server {
		    limit_conn conn_aming 600;
	
        listen   1443 ssl;
        server_name  172.16.10.168;
		
    		ssl_certificate ../sslkey/server.crt;
    		ssl_certificate_key ../sslkey/server.key.unsecure;
    		ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    		ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
		    ssl_prefer_server_ciphers on;
		
		location /* {
			root html;
			index index.html index.htm;
		}

		location /demo {
			proxy_pass http://newframe/demo;
			proxy_set_header X-forward-for $proxy_add_x_forwarded_for;
			proxy_set_header Host $host;
			proxy_set_header X-Real-Ip $remote_addr;
			limit_rate_after 51200k;
			limit_rate 800000k;
			limit_req zone=req_aming burst=500;
			client_max_body_size 512m;
			
		}
		
		location /demo/webSocketServer {
			proxy_pass http://newframe/demo/webSocketServer;
			proxy_http_version 1.1;
			proxy_set_header Upgrade $http_upgrade;
			proxy_set_header Connection "Upgrade";
			
		}


        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            root   html;
            index  index.html index.htm;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

}

配置文件说明如下：
1）限流

	geo $limited {
		default 1;
		127.0.0.1/32 0;
		192.168.100.0/24 0;
	}
	map $limited $limit {
		1 $binary_remote_addr;
		0 "";
	}
	limit_req_zone $limit zone=req_aming:80m rate=800r/s;
	limit_conn_zone $binary_remote_addr zone=conn_aming:80m;

 server {
		    limit_conn conn_aming 600;
	
        ......省略

		location /demo {
			......省略
			limit_rate_after 51200k;
			limit_rate 800000k;
			limit_req zone=req_aming burst=500;
			client_max_body_size 512m;
			
		}
		......省略
}

2）负载均衡

	upstream newframe {
       server    192.168.100.88:7901;
	}

可以配置多个server地址，达到负载的目的

3）反向代理

		location /demo {
			proxy_pass http://newframe/demo;
			proxy_set_header X-forward-for $proxy_add_x_forwarded_for;
			proxy_set_header Host $host;
			proxy_set_header X-Real-Ip $remote_addr;
			......省略
		}

4）静态资源服务

		location /* {
			root html;
			index index.html index.htm;
		}

静态资源，比如前端可以放在nginx/html下

5）websocket代理

		location /demo/webSocketServer {
			proxy_pass http://newframe/demo/webSocketServer;
			proxy_http_version 1.1;
			proxy_set_header Upgrade $http_upgrade;
			proxy_set_header Connection "Upgrade";
			
		}

6、https配置

server {
		......省略		   
        listen   1443 ssl;
        server_name  172.16.10.168;
        ......省略
	}

7、http转https配置

    server {
        limit_conn conn_aming 600;
	
        listen   81;
        server_name  172.16.10.168;
		
    	rewrite ^(.*) https://172.16.10.168:1443$1 permanent;

    }

码农-文若书生

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
Nginx学习(十三)centos7部署nginx并配置负载均衡、反向代理、websocket、限流、https、http转https

1、安装依赖包yum install -y gcc gcc-c++ make automake autoconf libtool pcre* zlib openssl openssl-devel2、下载nginx下载地址：http://nginx.org/download/3、安装nginx tar -zvxf nginx-1.20.0.tar.gz mv nginx-1.20.0.tar.gz nginx cd nginx ./configure --prefix=/usr/local
复制链接

扫一扫

专栏目录