nginx配置
运行库
yum -y install pcre pcre-devel
yum -y install zlib zlib-devel
yum -y install openssl openssl-devel
配置带ssl模块
./configure \
--prefix=/home/appjava/nginx \
--pid-path=/home/appjava/temp/nginx/nginx.pid \
--lock-path=home/appjava/temp/nginx/nginx.lock \
--error-log-path=/home/appjava/logs/nginx/error.log \
--http-log-path=/home/appjava/logs/nginx/access.log \
--with-http_gzip_static_module \
--with-http_realip_module \
--with-http_stub_status_module \
--with-http_ssl_module \
--with-file-aio \
--http-client-body-temp-path=/home/appjava/temp/nginx \
--http-proxy-temp-path=/home/appjava/temp/nginx/proxy \
--http-fastcgi-temp-path=/home/appjava/temp/nginx/fastcgi \
--http-uwsgi-temp-path=/home/appjava/temp/nginx/uwsgi \
--http-scgi-temp-path=/home/appjava/temp/nginx/scgi
自定义代理路径
server {
listen 80;
server_name 39.106.208.71;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location ^~ /api/ {#必须这么配置否则静态资源无法访问
proxy_pass http://127.0.0.1:8080/;#一定要加/
proxy_connect_timeout 600;
proxy_read_timeout 600;
proxy_set_header X-Real-IP $remote_addr;
proxy_cookie_path / /api;#cookie路径
}
location /calendarapi/ {
proxy_pass http://127.0.0.1:8081/;
proxy_connect_timeout 600;
proxy_read_timeout 600;
proxy_cookie_path / /calendarapi;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ^~ / {
proxy_pass http://127.0.0.1:9090/user/;
proxy_connect_timeout 600;
proxy_read_timeout 600;
proxy_cookie_path /user/ /;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
https代理配置
服务端
server {
listen 443 ssl;
server_name ${domain};
access_log /home/app/logs/www/wwwlogs/${domain}.access.log;
#证书文件名称
ssl_certificate /home/app/config/nginx/ssl/${domain}/1_${domain}_bundle.crt;
#私钥文件名称
ssl_certificate_key /home/app/config/nginx/ssl/${domain}/2_${domain}.key;
ssl_session_timeout 5m;
#请按照以下协议配置
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#请按照以下套件配置,配置加密套件,写法遵循 openssl 标准。
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location ^~ / {
proxy_pass http://127.0.0.1:8080;
}
}
#监听http跳转https
server {
listen 80;
server_name ${domain};
return 301 https://$host$request_uri;
}
web前端
server {
listen 443 ssl;
server_name ${domain};
access_log /home/app/logs/www/wwwlogs/${domain}.access.log;
#证书文件名称
ssl_certificate /home/app/config/nginx/ssl/${domain}/1_${domain}_bundle.crt;
#私钥文件名称
ssl_certificate_key /home/app/config/nginx/ssl/${domain}/2_${domain}.key;
ssl_session_timeout 5m;
#请按照以下协议配置
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#请按照以下套件配置,配置加密套件,写法遵循 openssl 标准。
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
root /home/app/www/${domain};
index index.html index.htm;
}
}
#监听http跳转https
server {
listen 80;
#填写绑定证书的域名
server_name ${domain};
#把http的域名请求转成https
return 301 https://$host$request_uri;
}
nginx常用命令
#检查配置文件是否正确
nginx -t