本系列文章记录“智能提醒助理”wx公众号 建设历程。
nginx 是产品搭建中不可缺失的一环,对接小程序前端,域名解析,证书配置,静态资源缓存。。。
1、linux 下安装nginx
sudo yum install epel-release
sudo yum install nginx
nginx -v
2、安装后设置开机启动
sudo systemctl start nginx
sudo systemctl enable nginx
# 或
systemctl enable nginx.service
# 启动Nginx服务
systemctl start nginx.service
netstat -anp | grep 80
3、nginx配置文件关闭版本号
不向外暴露nginx具体版本号,防止漏洞版本暴露,被攻击。
upstream znzlapps {
server localhost:9000;
}
server {
listen 80;
server_name c.znzl.cc;
server_tokens off; #不展示nginx 版本号
charset utf-8;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
if ( !-f $request_filename) {#-f
proxy_pass http://znzlapps;
}
}
}
4、nginx关闭版本号的效果
5、nginx.conf 配置文件示例
一般按照 主配置文件,加载 各应用配置文件 的方式。例如:
/etc/nginx/nginx.conf
/etc/nginx/conf.d/c-pruduct1.conf
/etc/nginx/conf.d/c-pruduct2.conf
/etc/nginx/nginx.conf 示例:
#user nobody; # 工作进程的宿主 默认nobody即可
worker_processes auto; # 工作进程数,一般与 CPU 核数等同
error_log /etc/nginx/logs/error.log; #全局错误日志及PID文档
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
#工作模式及连接数上限
events {
#use epoll;#Linux 下性能最好的 event 模式
worker_connections 1024;# 每个工作进程允许最大的同时连接数
}
#设定http服务器,利用他的反向代理功能提供负载均衡支持
http {
include mime.types;
default_type application/octet-stream;
#设定日志格式
log_format main '$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$gzip_ratio"';
log_format download '$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$http_range" "$sent_http_content_range"';
#设定请求缓冲
client_header_buffer_size 1k;
large_client_header_buffers 4 4k;
#设定access log
access_log /etc/nginx/logs/access.log main;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
#开启gzip模块
gzip on;
gzip_comp_level 5;
gzip_min_length 1k;
gzip_buffers 4 8k;
gzip_types text/plain text/css application/x-javascript application/json application/xml application/plain;
output_buffers 1 32k;
postpone_output 1460;
gzip_vary on;
# 代理设置
proxy_set_header X-Real-IP $remote_addr; #后端的Web服务器可以通过X-Forwarded-For获取用户真实IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#以下是一些反向代理的配置,可选。
proxy_set_header Host $host;
#client_max_body_size 10m; #允许客户端请求的最大单文件字节数
#client_body_buffer_size 512k; #缓冲区代理缓冲用户端请求的最大字节数,
#proxy_connect_timeout 90; #nginx跟后端服务器连接超时时间(代理连接超时)
#proxy_send_timeout 90; #后端服务器数据回传时间(代理发送超时)
#proxy_read_timeout 90; #连接成功后,后端服务器响应时间(代理接收超时)
#proxy_buffer_size 4k; #设置代理服务器(nginx)保存用户头信息的缓冲区大小
#proxy_buffers 4 32k; #proxy_buffers缓冲区,网页平均在32k以下的设置
#proxy_busy_buffers_size 64k; #高负荷下缓冲大小(proxy_buffers*2)
#proxy_temp_file_write_size 64k; #设定缓存文件夹大小,大于这个值,将从upstream服务器传
#缓存设置
proxy_cache_path /etc/nginx/cache levels=1:2 keys_zone=cache_one:200m inactive=1d max_size=3g;
include /etc/nginx/conf.d/*.conf;
}
/etc/nginx/conf.d/c-pruduct1.conf
#vue 前端 + 后台服务
server {
listen 80;
server_name xx.xx.com;
#后台服务
location /xxx/ {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8004;
}
#Vue 前端
location @router {
rewrite ^.*$ /index.html last;
}
location / {
root /root/cdf_scan_h5_test;
try_files $uri $uri/ @router; #需要指向下面的@router否则会出现vue的路由在nginx中刷新出现404
index index.html index.htm;
}
}
# 单独Vue 前端
server {
listen 80;
server_name vue.xx.com;
location @router {
rewrite ^.*$ /index.html last;
}
location / {
root /root/h5;
try_files $uri $uri/ @router; #需要指向下面的@router否则会出现vue的路由在nginx中刷新出现404
index index.html index.htm;
}
}
# 后端服务集群配置
upstream apps {
server localhost:8088;
}
# 单独的服务 http 配置
server {
listen 80;
server_name xx.com;
#rewrite ^/(.*)$ https://x.x.com/$1 permanent;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://apps;
}
}
# https 配置
server {
listen 443 ssl;
server_name xx.com.cn;
charset utf-8;
ssl_certificate /usr/local/nginx/cert/1_.crt;
ssl_certificate_key /usr/local/nginx/cert/2_.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://apps;
}
}