某些系统中需要设置用户为root才可以运行nginx
user root;
worker_processes 1;
安装nginx是添加配置
--with-http_stub_status_module --with-http_ssl_module --with-stream --with-http_realip_module --with-stream_ssl_preread_module
stream配置
stream {
# http配置和访问路径
upstream web_http {
server 127.0.0.1:4700;
}
# https配置和访问路径
upstream web_https {
server 127.0.0.1:4600;
}
# ssl配置和tls协议配置
map $ssl_preread_protocol $upstream {
default web_http;
"TLSv1.2" web_https;
"TLSv1.3" web_https;
}
# 监听端口和相关配置
server {
listen 0.0.0.0:6300;
proxy_pass $upstream;
# ip地址获取
proxy_protocol on;
# 协议检测和访问控制
ssl_preread on;
}
}
http和https配置
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
limit_conn_zone $binary_remote_addr zone=one:500m;
sendfile on;
keepalive_timeout 65;
client_header_timeout 180;
client_body_timeout 180;
client_max_body_size 5000M;
server_tokens off;
include conf/*.conf;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server{
listen 4600 ssl proxy_protocol;
server_name localhost;
ssl_certificate server.crt;
ssl_certificate_key server.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
set_real_ip_from 127.0.0.1;
set_real_ip_from 192.168.44.158;
real_ip_header proxy_protocol;
charset utf-8;
proxy_connect_timeout 180;
proxy_send_timeout 180;
proxy_read_timeout 180;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
error_page 404 /404.html;
location = /404.html {
root html;
}
location / {
proxy_pass http://127.0.0.1:9500;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
}
server {
listen 4700 proxy_protocol;
server_name localhost;
set_real_ip_from 127.0.0.1;
real_ip_header proxy_protocol;
charset utf-8;
proxy_connect_timeout 180;
proxy_send_timeout 180;
proxy_read_timeout 180;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
error_page 404 /404.html;
location = /404.html {
root html;
}
location / {
proxy_pass http://127.0.0.1:9500;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
}
server {
listen 9500 ;
server_name localhost;
set_real_ip_from 127.0.0.1;
real_ip_header proxy_protocol;
proxy_connect_timeout 180;
proxy_send_timeout 180;
proxy_read_timeout 180;
root html;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# 接口代理
location /api {
proxy_pass http://127.0.0.1:6201/api;
proxy_http_version 1.1;
proxy_connect_timeout 14s;
proxy_read_timeout 60s;
proxy_send_timeout 12s;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
# 文件访问代理
location /file/api {
proxy_pass http://127.0.0.1:9000/api;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
# vue代理
location /vue {
try_files $uri $uri /vue/index.html;
index vue/index.html vue/index.htm;
}
}
}
整体conf配置
user root;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
stream {
# http配置和访问路径
upstream web_http {
server 127.0.0.1:4700;
}
# https配置和访问路径
upstream web_https {
server 127.0.0.1:4600;
}
# ssl配置和tls协议配置
map $ssl_preread_protocol $upstream {
default web_http;
"TLSv1.2" web_https;
"TLSv1.3" web_https;
}
# 监听端口和相关配置
server {
listen 0.0.0.0:6300;
proxy_pass $upstream;
# ip地址获取
proxy_protocol on;
# 协议检测和访问控制
ssl_preread on;
}
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
limit_conn_zone $binary_remote_addr zone=one:500m;
sendfile on;
keepalive_timeout 65;
client_header_timeout 180;
client_body_timeout 180;
client_max_body_size 5000M;
server_tokens off;
include conf/*.conf;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server{
listen 4600 ssl proxy_protocol;
server_name localhost;
ssl_certificate server.crt;
ssl_certificate_key server.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
set_real_ip_from 127.0.0.1;
set_real_ip_from 192.168.44.158;
real_ip_header proxy_protocol;
charset utf-8;
proxy_connect_timeout 180;
proxy_send_timeout 180;
proxy_read_timeout 180;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
error_page 404 /404.html;
location = /404.html {
root html;
}
location / {
proxy_pass http://127.0.0.1:9500;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
}
server {
listen 4700 proxy_protocol;
server_name localhost;
set_real_ip_from 127.0.0.1;
real_ip_header proxy_protocol;
charset utf-8;
proxy_connect_timeout 180;
proxy_send_timeout 180;
proxy_read_timeout 180;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
error_page 404 /404.html;
location = /404.html {
root html;
}
location / {
proxy_pass http://127.0.0.1:9500;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
}
server {
listen 9500 ;
server_name localhost;
set_real_ip_from 127.0.0.1;
real_ip_header proxy_protocol;
proxy_connect_timeout 180;
proxy_send_timeout 180;
proxy_read_timeout 180;
root html;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# 接口代理
location /api {
proxy_pass http://127.0.0.1:6201/api;
proxy_http_version 1.1;
proxy_connect_timeout 14s;
proxy_read_timeout 60s;
proxy_send_timeout 12s;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
# 文件访问代理
location /file/api {
proxy_pass http://127.0.0.1:9000/api;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
# vue代理
location /vue {
try_files $uri $uri /vue/index.html;
index vue/index.html vue/index.htm;
}
}
}