在服务器没安装任何软件的情况下:
一、安装nginx
-
安装相关依赖及库(pcre库、zlib库)
yum -y install pcre pcre-devel
yum -y install openssl openssl-devel
yum -y install gcc gcc-c++
-
下载安装包
yum -y install wget
-
编译安装
-
-
cd nginx-1.8.0
-
./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module
-
make && make install
二、mkdir -p /usr/local/nginx/conf/conf.d /usr/local/nginx/conf/key
三、创建日志文件
mkdir -p /data/logs
touch /data/logs/app.access.log
ln -s /usr/local/nginx/sbin/nginx /sbin
四、编写systmctl支持(vi /usr/lib/systemd/system/nginx.service)
[Unit]
Description=nginx
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s quit
PrivateTmp=true
[Install]
WantedBy=multi-user.target
使用systemctl daemon-reload重新加载配置
五、加载配置,启动服务并设置开机自启
-
加载配置
systemctl reload nginx.service
-
启动服务
systemctl start nginx.service
-
设置开机自启
systemctl enable nginx.service
首先:主配置文件:/usr/local/nginx/conf/nginx.conf
http {
include mime.types;
default_type application/octet-stream;
log_format access '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log access;
#最后添加网站配置文件加载
include /usr/local/nginx/conf/conf.d/*.conf; #与网站配置文件绝对路径一致
}
修改配置文件(添加配置文件:使用负载均衡(upstream集群池)进行多域名跳转(主盘口server的ip),固定IP)
网站文件位置:/usr/local/nginx/conf/conf.d/
第一份是80端口的 名字_proxy.conf 文件
upstream hbsfs_Server(需更改的集群池名称) {
server 192.168.1.1(需更改的主ip);
}
server {
listen 80;
server_name xxx.com;(需要更改的域名)
location /
{
proxy_next_upstream http_500 http_502 http_504 error timeout invalid_header;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X_FORWARED_HOST $host;
client_max_body_size 200M;
proxy_pass http://hbsfs_Server;
}
# access_log /data/logs/ access.log access;
}
#多域名(加密和非加密)以下则需要多份配置文件
如果盘口主服务器有做了加密网站 还需要另外一份文件
可以用 名字_https_proxy.conf
upstream gbh_proxy(需要更改) {
server 192.168.1.2(需要更改);
}
server {
listen 443;
server_name 05300.com www.05300.com(需要更改);
index index.php index.html;
ssl on;
ssl_certificate /usr/local/nginx/conf/key/05300.com.nginx.crt(需要更改);
ssl_certificate_key /usr/local/nginx/conf/key/05300.com.key(需要更改);
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
location /
{
proxy_next_upstream http_500 http_502 http_504 error timeout invalid_header;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X_FORWARED_HOST $host;
client_max_body_size 200M;
proxy_pass http://gbh_proxy(需要更改);
}
access_log /data/logs/159_proxy.log access;
} 有几个域名 就复制几份
添加完之后要把原来的证书密钥 拷贝的新的防御机里面去
最后conf.d文件修改完之后 并且把相应的key弄好 再用nginx -s reload重新加载配置文件
六、使用域名逐个打开网页检查 写下相对应的页面功能 证书