1.下载nginx
下载地址:https://nginx.org/en/download.html
选择稳定版本 下的镜像文件进行下载
2.解压Nginx包
cd /root/nginx
tar -zxvf nginx-1.26.0.tar.gz
cd nginx-1.26.0
3.安装nginx相关依赖
yum -y install gcc zlib zlib-devel pcre-devel openssl openssl-devel
4.生成 Makefile 可编译文件
./configure --with-http_ssl_module --with-http_stub_status_module
参数说明:
- –prefix=PATH:指定 nginx 的安装目录(默认/usr/local/nginx)
- –conf-path=PATH:指定 nginx.conf 配置文件路径
- –user=NAME:nginx 工作进程的用户
- –with-pcre:开启 PCRE 正则表达式的支持
- with-http-realip_module:允许改变客户端请求头中客户端 IP 地址
- –with-file-aio:启用 File AIO
- –add-module=PATH:添加第三方外部模块
5.编译和安装
# 编译
make
# 安装
make install
默认的安装路径为:/usr/local/nginx
6.启动
cd /usr/local/nginx/sbin
# 启动
./nginx
# 查看进程
ps -ef | grep nginx
# 停止
/usr/local/nginx/sbin/nginx -s stop
# 重启
/usr/local/nginx/sbin/nginx -s restart
7.配置
非https配置
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
#gzip on;
upstream reverseProxyServer{
ip_hash;
#负载均衡应用服务器A: 权重为10,10s内连接请求失败2次,nginx在10s内认为server是不可用的,将不在发送请求给这台服务器
server xxx.xxx.xx.xxx:9090 weight=10 max_fails=2 fail_timeout=10s;
#负载均衡应用服务器B: 代理服务器权重为5,10s内连接请求失败2次,nginx在10s内认为server是不可用的,将不在发送请求给这台服务器
server xxx.xxx.xx.xxx:9090 weight=5 fail_timeout=10s max_fails=2;
}
upstream reverseGrafanaServer{
ip_hash;
server xxx.xxx.xx.xxx:3000 weight=10 max_fails=2 fail_timeout=10s;
server xxx.xxx.xx.xxx:3000 weight=8 max_fails=2 fail_timeout=10s;
}
server {
listen 80;
server_name xxx.com;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 30s;
proxy_read_timeout 30s;
#charset koi8-r;
#access_log logs/host.access.log main;
location /{
proxy_pass http://reverseProxyServer/;
}
location /grafana/{
proxy_buffering on;
proxy_buffer_size 4k;
proxy_buffers 8 4M;
proxy_busy_buffers_size 4M;
proxy_pass http://reverseGrafanaServer/;
}
}
}
https配置
http {
...
server {
listen 80;
server_name xxx.com;
#将请求转成https
rewrite ^(.*)$ https://$host$1 permanent;
}
server {
listen 443 ssl;
server_name xxx.com;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 30s;
proxy_read_timeout 30s;
#charset koi8-r;
#ssl证书的pem文件路径
ssl_certificate /usr/local/nginx/cert/server.crt;
#ssl证书的key文件路径
ssl_certificate_key /usr/local/nginx/cert/server.key;
....
}
}
FAQ:遇到问题总结
问题1:nginx: [emerg] unknown directive “ssl”
解决方法
1.nginx生成 Makefile可编译文件时没有开启ssl,请参考步骤4
2.旧版本配置ssl和新版本不一致
server{
listen 443;
xxx
ssl on;
#ssl证书的pem文件路径
ssl_certificate /usr/local/nginx/cert/server.crt;
#ssl证书的key文件路径
ssl_certificate_key /usr/local/nginx/cert/server.key;
}
应改为
server{
listen 443 ssl;
xxx
#ssl证书的pem文件路径
ssl_certificate /usr/local/nginx/cert/server.crt;
#ssl证书的key文件路径
ssl_certificate_key /usr/local/nginx/cert/server.key;
}
问题2:curl: (60) SSL certificate problem: self signed certificate
解决方法:curl命令向服务器发送https请求, curl https的时候需要加上-k参数
问题3:nginx配了证书显示站点连接不安全
解决方法:我手里有crt和key证书,因为我用crt证书使用openssl命令生成pem证书配置上去的原因
解决方法直接配置crt和key证书就行
