菜鸟教程的配置教程
跟着上面的配置就行。
配置环境变量:
在根目录下运行 vim /etc/profile
在最后面加入:
export NGINX_HOME=/usr/local/webserver/nginx
export PATH=$PATH:$NGINX_HOME/sbin
这里找到你自己的nginx文件所在位置,不用照着我填
然后运行:
source /etc/profile
让配置文件生效,输入nginx -v,出现版本信息就代表环境变量配置成功。
进入nginx目录的conf,对nginx.conf进行修改。
这里我的修改是增加了一个conf.d文件夹,以后所有的conf文件放在这里,所以增加了以下配置,注意文件路径,需要自己创建一个文件夹:
include /usr/local/webserver/nginx/conf.d/*.conf;
user root;
worker_processes auto;
error_log /usr/local/webserver/nginx/logs/error.log;
error_log /usr/local/webserver/nginx/logs/error.log notice;
error_log /usr/local/webserver/nginx/logs/error.log info;
# pid run/nginx.pid;
include /usr/local/webserver/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
# include mime.types;
# default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /usr/local/webserver/nginx/logs/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
# keepalive_timeout 0;
keepalive_timeout 65;
types_hash_max_size 2048;
#gzip on;
include /usr/local/webserver/nginx/conf/mime.types;
default_type application/octet-stream;
include /usr/local/webserver/nginx/conf.d/*.conf;
#server {
# listen 80;
# server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
# location / {
# root html;
# index index.html index.htm;
# }
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root html;
#}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
#}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
带#的都是注释,可以删掉。
下面一个https文件配置,就是将80端口强制重定向到443端口,增加了一些配置和ssl证书,需要放入上面说的conf.d文件夹中。下面的示例是监听了10000端口,根据你的项目端口自行修改。
## Basic reverse proxy server ##
upstream pay {
server 127.0.0.1:10000;
}
server {
listen 443;
server_name xx.xx.xx; # localhost修改为您证书绑定的域名。
ssl on; #设置为on启用SSL功能。
# root html;
#index index.html index.htm;
ssl_certificate https_file/xx.xx.xx.pem; #将domain name.pem替换成您证书的文件名。
ssl_certificate_key https_file/xx.xx.xx.key; #将domain name.key替换成您证书的密钥文件名。
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; #使用此加密套件。
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #使用该协议进行配置。
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://pay;
#Proxy Settings
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_max_temp_file_size 0;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
# root html; #站点目录。
# index index.html index.htm;
}
}
server {
listen 80;
server_name xx.xx.xx;
rewrite ^(.*) https://$host$1 permanent;
access_log /usr/local/webserver/nginx/logs/pay.access.log main;
error_log /usr/local/webserver/nginx/logs/pay.error.log;
#root html;
#index index.html index.htm index.php;
location / {
}
}
最后记得修改文件路径和域名。安全组开放对应端口,域名解析到该服务器,阿里云可以申请到免费的ssl证书,一次管一年,如果没有证书,删掉ssl相关配置即可,监听80端口,不要重定向rewrite到443。