文章目录
安装Nginx
- 添加nginx来源
使用wget下载nginx
#wget http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
- 安装nginx
#yum install -y nginx
- 启动nginx,并设置为开机自启
#systemctl start nginx
#systemctl enable nginx
- nginx主要目录
/etc/nginx # 配置目录
/usr/share/nginx # 站点目录
Nginx反向代理配置
- 反向代理http服务
#vi /etc/nginx/nginx.conf
or
#vi /etc/nginx/conf/nginx.conf
在http{…………}中加入
a.代理前端
server {
listen 80; # 监听端口
server_name localhost:80; # 访问地址,若在公网上则填写公网访问地址
rewrite ^ https://$host$request_uri? permanent;
#charset koi8-r;
#access_log logs/host.access.log main;
#location / {
# root /usr/local/liwx/dist;
# proxy_set_header Host $host;
# index index.html index.htm;
#}
}
b.代理后端
server {
listen 80; # 外部访问端口
server_name localhost:80; # 访问地址,若在公网上则填写公网访问地址
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
proxy_pass http://localhost:8000; # 内部访问地址
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_set_header X-NginX-Proxy true;
client_max_body_size 100m;
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
}
}
- 反向代理https服务
a.代理前端
server {
listen 443 ssl; # https服务端口
server_name localhost:80; # 访问地址,只能填写公网地址
#ssl on;
#cert目录与nginx.conf同级目录
ssl_certificate cert/web.pem; # https服务pem文件所在目录
ssl_certificate_key cert/web.key; # https 服务key文件所在目录
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root /usr/local/liwx/dist; # 文件所在目录
proxy_set_header Host $host;
index index.html index.htm;
client_max_body_size 60m;
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
}
}
b.代理后端
server {
listen 443 ssl; # HTTPS服务端口
server_name localhost:80; # 访问地址,只能填写公网访问地址
#ssl on;
ssl_certificate cert/api.pem; # https服务pem文件
ssl_certificate_key cert/api.key; # https服务key文件
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
proxy_pass http://localhost:8000; # 内部访问地址
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_set_header X-NginX-Proxy true;
client_max_body_size 60m;
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
}
}