mengyxu
/
note
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
个人笔记
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
4.8 MiB
Tree: edcda14c35
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'edcda14c35'
${ noResults }
note/5.linux环境/3.nginx.md

343 lines
6.9 KiB
Raw Normal View History Unescape

update
3 years ago
# 安装卸载
## 使用源码
- 准备环境
```shell
yum -y install gcc
yum install -y pcre pcre-devel
yum install -y zlib zlib-devel
```
- 下载
[官方下载页面](http://nginx.org/en/download.html)
```shell
wget http://nginx.org/download/nginx-1.16.1.tar.gz
```
下载后需解压解压
- 编译与安装
```shell
./configure --prefix=指定安装目录前缀 --with指定额外的模块
make
make install DESTDIR=指定安装目录后缀
```
将安装目录的`bin`目录下可执行文件`nginx`拷贝到`/sbin`目录下,这样可以在任意目录下执行`nginx`命令
- 运行与停止
```shell
ningx
nginx -s stop
nginx -s reload
```
- 卸载
删除安装目录,删除`/sbin/nginx`文件
## 使用docker
- 安装**docker**
- 下载镜像
```shell
docker pull nginx
```
- 创建挂载目录
```
mkdir /home/ningx
cd /home/ningx/
mkdir data log
touch nginx/conf
```
- 创建并运行容器
```shell
docker run -d --name nginx --restart=always -p 80:80 -v /home/nginx/nginx.conf:/etc/nginx/nginx.conf -v /home/nginx/logs:/var/log/nginx -v /home/nginx/data:/home nginx
```
容器配置文件位置:`/etc/nginx/nginx.conf`
容器日志目录:`/var/log/nginx`
容器数据目录:`/home`
- 运行与重启
```shell
docker start nginx
docker stop nginx
docker restart nginx
```
- 卸载
删除容器与镜像
```shell
docker rm -f nginx
docker rm nginx
```
删除数据
```shell
rm -rf /home/nginx
```
# 配置
## http反向代理配置
* 根据路径分发到不同端口参数配置示例
```tex
http {
include mime.types;
default_type application/octet-stream;
server {
listen 80;
server_name localhost;
location / {
root proxy_pass http://127.0.0.1:8080;
index index.html index.htm;
}
location /fence {
root proxy_pass http://127.0.0.1:8081;
index index.html index.htm;
}
location /RfsSniffer {
root proxy_pass http://127.0.0.1:8433;
index index.html index.htm;
}
}
}
```
- 根据域名分发到不同端口参数配置示例
```tex
http {
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://127.0.0.1:8081;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 80;
server_name location.xumy.vip;
location / {
proxy_pass http://127.0.0.1:8081;
index index.html index.htm;
}
}
}
```
## tcp转发
转发https请求,无需在nginx配置ssl证书,nginx版本号必须 >1.15.2,编译时必须配置以下模块
`--with-http_stub_status_module --with-http_ssl_module --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module`
- 同一个端口监听http与https请求配置示例,$ssl_preread_protocol,可以让stream区分web ssl/tls和其他协议
```tex
stream {
upstream http{
server 127.0.0.1:8081;
}
upstream https{
server 127.0.0.1:8433;
}
map $ssl_preread_protocol $upstream{
default http;
"TLSv1.3" https;
"TLSv1.2" https;
"TLSv1.1" https;
"TLSv1.0" https;
"TLSv1" https;
"TLSv2" https;
"SSLv2" https;
"SSLv3" https;
}
server {
listen 0.0.0.0:28181;
ssl_preread on;
proxy_pass $upstream;
}
}
```
- http与stream混合使用
```tex
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://127.0.0.1:8081;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 80;
server_name location.xumy.vip;
location / {
proxy_pass http://127.0.0.1:8081;
index index.html index.htm;
}
}
server {
listen 80;
server_name monitor.xumy.vip;
location / {
proxy_pass http://127.0.0.1:8082;
index index.html index.htm;
}
}
server {
listen 80;
server_name whims.xumy.vip;
location / {
proxy_pass http://127.0.0.1:801;
index index.html index.htm;
}
}
server {
listen 80;
server_name license.xumy.vip;
location / {
proxy_pass http://127.0.0.1:88;
index index.html index.htm;
}
}
server {
listen 80;
server_name robust.xumy.vip;
location / {
proxy_pass http://127.0.0.1:89;
index index.html index.htm;
}
}
server {
listen 80;
server_name dzwl.xumy.vip;
location / {
proxy_pass http://127.0.0.1:805;
index index.html index.htm;
}
}
}
stream{
log_format proxy '$remote_addr - [$time_local] $protocol $status "$upstream_addr" $remote_addr $remote_port ';
access_log /home/work/logs/nginx/tcp-access.log proxy;
open_log_file_cache off;
map_hash_bucket_size 64;
map $ssl_preread_protocol $upstream{
default http;
"TLSv1.3" $https;
"TLSv1.2" $https;
"TLSv1.1" $https;
"TLSv1.0" $https;
"TLSv1" $https;
"TLSv2" $https;
"SSLv2" $https;
"SSLv3" $https;
}
map $ssl_preread_server_name $https{
default dzwl;
}
upstream http {
server 127.0.0.1:80;
}
upstream dzwl {
server 127.0.0.1:806;
}
server{
listen 8080;
ssl_preread on;
proxy_pass $upstream;
proxy_connect_timeout 15s;
proxy_timeout 15s;
proxy_next_upstream_timeout 15s;
}
}