Nginx
# Nginx
# 安装
安装相关依赖项
debian
sudo apt-get install build-essential libpcre3 libpcre3-dev zlib1g zlib1g-dev libssl-dev
1
centos
sudo yum -y install openssl openssl-devel pcre pcre-devel zlib zlib-devel gcc gcc-c++
1
接下来我以debian为例,首先下载源码、并解压
wget http://nginx.org/download/nginx-1.21.6.tar.gz
tar -zxvf nginx-1.21.6.tar.gz
cd nginx-1.21.6
1
2
3
2
3
编译配置选项
./configure --prefix=/usr/local/nginx --with-http_ssl_module
1
--prefix= 用来指定nginx 编译安装的位置
--with- 用来指定需要编译的功能(可以使用该命令查看有哪些功能 ./configure --help)
编译安装
make && make install
1
然后启动nginx
cd /usr/local/nginx/sbin/
./nginx
1
2
2
关闭
./nginx -s stop
1
重新加载配置文件
./nginx -s reload
1
检查配置文件是否有语法错误
./nginx -t
1
负载均衡
python快速启动一个web服务
python3 -m http.server 8080
1
例一
user nginx;
worker_processes auto;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream backend {
server server1:8080;
server server2:8080;
}
server {
listen 80;
server_name test.861975.xyz;
location / {
proxy_pass http://backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
例二
http {
upstream backend {
server 192.168.1.101:8080;
server 192.168.1.102:6666;
server 192.168.1.103:4561;
}
server {
listen 80;
server_name example.com;
# Redirect HTTP to HTTPS
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /path/to/your/example.com.crt;
ssl_certificate_key /path/to/your/example.com.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_pass http://backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
反向代理
反向代理:反向代理是指一种服务器配置模式,其中代理服务器接收客户端请求并将其转发给后端服务器,然后将后端服务器的响应返回给客户端。反向代理服务器在客户端和后端服务器之间充当中介,帮助处理请求和响应。
user nginx;
worker_processes auto;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name test.861975.xyz;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name test.861975.xyz;
ssl_certificate /opt/nginx/ssl/cert1.pem;
ssl_certificate_key /opt/nginx/ssl/privkey1.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass https://blog.861975.xyz;
proxy_set_header Host blog.861975.xyz; # 显式传递主机名
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $sche
proxy_ssl_name blog.861975.xyz; # 明确指定 SNI 名称
proxy_ssl_server_name on; # 启用 SNI 支持
proxy_ssl_protocols TLSv1.2 TLSv1.3; # 确保使用安全的 TLS 协议
proxy_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt; # 系统根证书
proxy_ssl_verify on; # 启用 SSL 验证
proxy_ssl_verify_depth 2; # 设置验证深
# 超时设置
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
send_timeout 60s;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
改完配置文件后要
/opt/nginx/sbin/nginx -s reload
1