1.上传软件到 /usr/local/src/
cd /usr/local/src/
2.解压nginx 安装装依赖
yum -y install gcc gcc-c++ autoconf automake make pcre-devel zlib-devel openssl openssl-devel tar xvf nginx-1.21.3.tar.gz
3.预编译
cd nginx-1.21.3 ./configure --prefix=/usr/local/nginx
也可以根据自己需求安装
./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_v2_module --with-http_stub_status_module --with-pcre --with-http_gzip_static_module
解释
--with-http_gzip_static_module :支持压缩
--with-http_stub_status_module :支持nginx状态查询
--with-http_ssl_module :支持https
--with-http_spdy_module :支持google的spdy,想了解请百度spdy,这个必须有ssl的支持
--with-pcre :为了支持rewrite重写功能,必须制定pcre
4.编译
make && make install
5.添加系统变量 在文件 /etc/profile
在最后一行添加 export PATH=$PATH:/usr/local/nginx/sbin
6.测试浏览器打开ip
/usr/local/nginx/sbin/nginx
浏览器打开输入对应的ip
注意:如果浏览器出不来,有可能是防火墙
如过防火墙开的
7.如不能访问,添加防火墙
firewall-cmd --permanent --zone=public --add-port=80/tcp ##添加80端口到白名单 执行 firewall-cmd --reload ##重启防火墙 firewall-cmd --zone=public --list-ports ##查看已开放的端口
再次访问就好了
添加配置
client_max_body_size 100M; client_body_buffer_size 100M; server_tokens off; #关闭版本显示
添加配置 autoindex on;
可以访问目录结构
添加软连 ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/
生成服务启动脚本
vim /etc/init.d/nginx
#!/bin/bash # chkconfig: - 99 2 # description: Nginx Service Control Script PROG="/usr/local/nginx/sbin/nginx" PIDF="/usr/local/nginx/logs/nginx.pid" case "$1" in start) $PROG ;; stop) kill -3 $(cat $PIDF) ;; restart) $0 stop &> /dev/null if [ $? -ne 0 ] ; then continue ; fi $0 start ;; reload) kill -1 $(cat $PIDF) ;; *) echo "Userage: $0 { start | stop | restart | reload }" exit 1 esac exit 0
配置服务开机自动启动
[root@localhost ~]# chmod +x /etc/init.d/nginx
[root@localhost ~]# chkconfig --add nginx
[root@localhost ~]# chkconfig nginx on
[root@localhost ~]# chkconfig --list
nginx配置ip限制 只允许特定ip访问
server { listen 80; server_name localhost; location / { allow 192.168.11.15;#允许访问 deny all;#别的都不能访问 root /www/page; index index.html index.htm; } }
配置转发
server { listen 443 ssl; server_name XXX.XXX.com; ssl_certificate cert/XXX.XXX.com.pem; ssl_certificate_key cert/XXX.XXX.com.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location /api { rewrite ^/api(.*)$ $1 break; #加上这个,就把api过滤了,原来的接口不变 proxy_set_header Host $host:$server_port; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Proto https; proxy_pass http://127.0.0.1:8080; } location / { proxy_set_header Host $host:$server_port; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Proto https; proxy_pass http://127.0.0.1/api/; } }
------------------
nginx 常用配置
rewrite ^(.*)$ https://$host$1 permanent;
rewrite ^/api(.*)$ $1 break;
server { listen 443 ; server_name xxx.xxx.com; ssl_certificate cert/xxx.xxx.com.pem; ssl_certificate_key cert/xxx.xxx.com.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location /api { #带api的重写 rewrite ^/api(.*)$ $1 break; proxy_set_header Host $host:$server_port; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; proxy_pass http://127.0.0.1:7888/api; } location / { root /www/www/page; index index.html index.htm; } }
跨域问题添加:
server { listen 8878; server_name localhost; location / { add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS'; add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization'; root /www/www; index index.html index.htm; } }
