1 基础知识
1.1 Nginx的简介
Nginx是一个高性能的HTTP和反向代理web服务器
Nginx同时也提供IMAP/POP3/SMTP服务
Nginx有伊戈尔.赛索耶夫为俄罗斯访问量第二的Rambler.ru站点开发
Nginx第一个公开版本0.1。0发布于2004年10月4日
1.2 Nginx的优点
Nginx可在大多数Unix或Linux OS上编译运行(有Windows移植版)
Nginx是一个强大的高性能Web和反向代理服务
Nginx可以支持50,000并发链接响应(以epool and kqueue作为开发模型)
Nginx基于C语言从头开发并拥有自己的函数库(系统库只使用C函数库)
2 最佳实践
2.1 安装前的准备
2.1.1 系统环境
OS = CentOS 8.x x86_64
Host Name = any
IP Address = 10.168.0.80
2.1.2 安装常用工具
yum install -y vim
2.2 使用安装配置Nginx
2.2.1 安装Nginx
yum install -y nginx
2.2.2 启动Nginx服务
systemctl start nginx.service systemctl enable nginx.service systemctl status nginx.service
2.2.3 开启防火墙
firewall-cmd --permanent --add-service http --add-service https firewall-cmd --reload firewall-cmd --list-all
2.2.4 关闭SElinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config setenforce 0
2.2.5 配置Nginx
cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.default vim /etc/nginx/nginx.conf
修改主配置如下,
user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream; # Load modular configuration files from the /etc/nginx/conf.d directory. # See http://nginx.org/en/docs/ngx_core_module.html#include # for more information. include /etc/nginx/conf.d/*.conf; }
以上通过“include”关键字引入目录“/etc/nginx/conf.d”的配置文件,使用如下命令增加引入的配置文件(默认网站),
vim /etc/nginx/conf.d/default.conf
加入如下内容,
server { listen 80 default_server; listen [::]:80 default_server; server_name _; root /usr/share/nginx/html; # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; location / { } error_page 404 /404.html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } }
以上创建的是http协议的默认站点,https默认站点使用如下命令配置,
vim /etc/nginx/conf.d/default_ssl.conf
加入如下内容,
server { listen 443 ssl http2 default_server; listen [::]:443 ssl http2 default_server; server_name _; root /usr/share/nginx/html; ssl_certificate "/etc/nginx/server.crt"; ssl_certificate_key "/etc/nginx/server.key"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers PROFILE=SYSTEM; ssl_prefer_server_ciphers on; # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; location / { } error_page 404 /404.html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } }
基于调试的目的,可以临时使用本机的证书,可使用以下命令搜索本地的证书并复制到目标目录,
find /usr/ /etc/ -name \*server.crt\* -exec cp {} /etc/nginx/server.crt \; find /usr/ /etc/ -name \*server.key\* -exec cp {} /etc/nginx/server.key \;
另外可以到以下链接申请一年免费证书,
https://console.cloud.tencent.com/ssl
配置完成后,我们建议你使用如下命令检查配置的语法,
nginx -t
配置完成后,你需要重启服务使配置生效,
systemctl restart nginx.service
2.2.6 测试默认站点的访问
http://10.168.0.80
https://10.168.0.80
可见如下显示,
参阅文档
===================
https://baike.baidu.com/item/nginx/3817705?fr=aladdin
没有评论