----------------------------2020-09-11 重新总结一次
1)下载资源,准备了百度网盘:
连接: https://pan.baidu.com/s/1oqgOxgJbBJC9hoUsp4_fgg 密码: ntd6
nginx-1.14.2.tar.gz
nginx-goodies-nginx-sticky-module-ng-08a395c66e42.tar.gz
2)解压
tar -xf nginx-1.14.2.tar.gz
tar -xf nginx-goodies-nginx-sticky-module-ng-08a395c66e42.tar.gz
– 改个名
mv nginx-goodies-nginx-sticky-module-ng-08a395c66e42 nginx-sticky-module
3)创建localhost-nginx文件夹–>将来所有配置在此
mkdir localhost-nginx
4)配置参数,添加ssl模块(注意下面是- -两横,和目录路径)
./configure --with-http_ssl_module
– add-module=/usr/local/nginx/nginx-sticky-module
– prefix=/usr/local/nginx/localhost-nginx
5)编译安装
make install
6)去到localhost-nginx/sbin
cd localhost-nginx/sbin
7)启动nginx
nginx
8)本地测试访问–>有结果返回说明启动正常
curl 127.0.0.1
9)完结
------------------------>以下常用命令
1)启动nginx ->进入nginx可执行目录sbin下,输入命令./nginx -s reload 即可
2)验证nginx配置文件是否正确
进入nginx安装目录sbin下,输入命令./nginx -t
看到如下显示nginx.conf syntax is ok
nginx.conf test is successful
说明配置文件正确
3)重新编译和启动nginx ->注意目录路径 --> 我一般用这个简单快捷
/usr/local/nginx/localhost-nginx/sbin/nginx -c /usr/local/nginx/localhost-nginx/conf/nginx.conf -s reload
4)监听nginx
ps -ef | grep nginx
5)杀死所有nginx进程
killall -9 nginx
我的配置文件:nginx.conf
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
fastcgi_intercept_errors on;
client_max_body_size 50m;
server {
listen 80 default;
server_name _;
return 403;
}
server {
listen 80;
server_name ‘你的域名’;
# 访问http直接跳转https
rewrite ^(.*)$ https://$host$1 permanent;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
# 传递请求头
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:8035;
}
# 代理WebScoket
location /socket.io/ {
# WebScoket 支持
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_pass http://127.0.0.1:8036;
}
}
server {
listen 443 ssl;
server_name ‘你的域名’;
# ssl证书
#ssl_certificate /usr/local/nginx/localhost-nginx/ssl/***.pem;
#ssl_certificate_key /usr/local/nginx/localhost-nginx/ssl/***.key;
# 分配10MB的共享内存缓存,不同工作进程共享TLS会话信息
ssl_session_cache shared:SSL:10m;
# 设置会话缓存过期时间24h
ssl_session_timeout 1440m;
ssl_ciphers HIGH:!aNULL:!MD5;
# 启用ssl_prefer_server_ciphers,用来告诉Nginx在TLS握手时启用服务器算法优先,由服务器选择适配算法而不是客户端
ssl_prefer_server_ciphers on;
# TLS协议的合理配置
# 指定TLS协议的版本,不安全的SSL2和SSL3要废弃掉
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location / {
# 传递请求头
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:8035;
}
# 代理WebScoket
location /socket.io/ {
# WebScoket 支持
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_pass http://127.0.0.1:8036;
}
}
}