安装 sudo yum install nginx
启动 sudo nginx
使用的版本:1.10.3
默认配置文件的路径:/etc/nginx/sites-available/default
sudo vim /etc/nginx/sites-available/default
在默认的server配置上添加跨域访问配置(如果需要的话,但是服务器也开了跨域允许会报双重跨域的错误 不能访问,需要注意)
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
默认https配置(不需要就跳过):
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name _;
root /var/www/html;
ssl_certificate "/etc/pki/nginx/server.crt";
ssl_certificate_key "/etc/pki/nginx/private/server.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
必须保证ssl证书和密钥有可读权限。
服务器代理配置:
在location / {} 配置下面添加:
location /api/ {
proxy_pass http://localhost:9988;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
该配置表示把 "http://域名/api/*" 的地址映射到9988端口,这么做的好处是可以隐藏服务器
:wq保存并退出
配置结束,重启nginx
sudo nginx -s stop
sudo nginx
########################################################################################
cdn资源代理配置:
cd /etc/nginx/sites-enabled
sudo vim 域名(比如sudo vim cdn.myresources.cn,方便管理)
下面用域名 cdn.myresources.cn 为例
server {
server_name cdn.myresources.cn;
root /root/resources;
index index.php index.html;
}
:wq保存退出
这样就可以把域名地址映射到资源目录(cdn.myresources.cn------->/root/resources)
如果需要https:
sudo vim cdn.myresources.cn
追加配置
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name cdn.myresources.cn;
ssl on;
ssl_certificate "/etc/nginx/cert/cdn.myresources.cn/cdn.myresources.cn.chained.crt";
ssl_certificate_key "/etc/nginx/cert/cdn.myresources.cn/cdn.myresources.cn.key";
ssl_session_timeout 5m;
# ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# ssl_ciphers HIGH:!aNULL:!MD5;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
root /root/resources;
index index.php index.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
必须保证ssl证书和密钥有可读权限。
配置结束,重启nginx
sudo nginx -s stop
sudo nginx