# nginx安装与配置 ## 准备环境 ```shell yum -y install gcc yum install -y pcre pcre-devel yum install -y zlib zlib-devel ``` ## 下载 nginx官方下载指定版本源码压缩包 上传到服务器解压 ## 编译与安装 ```shell ./configure --prefix=指定安装目录前缀 --with指定额外的模块 make make install DESTDIR=指定安装目录后缀 ``` ## http反向代理配置 * 根据路径分发到不同端口参数配置示例 ``` http { include mime.types; default_type application/octet-stream; server { listen 80; server_name localhost; location / { root proxy_pass http://127.0.0.1:8080; index index.html index.htm; } location /fence { root proxy_pass http://127.0.0.1:8081; index index.html index.htm; } location /RfsSniffer { root proxy_pass http://127.0.0.1:8433; index index.html index.htm; } } } ``` - 根据域名分发到不同端口参数配置示例 ``` http { server { listen 80; server_name localhost; location / { proxy_pass http://127.0.0.1:8081; index index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } server { listen 80; server_name location.xumy.vip; location / { proxy_pass http://127.0.0.1:8081; index index.html index.htm; } } } ``` ## tcp转发 转发https请求,无需在nginx配置ssl证书,nginx版本号必须 >1.15.2,编译时必须配置以下模块 `--with-http_stub_status_module --with-http_ssl_module --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module` - 同一个端口监听http与https请求配置示例,$ssl_preread_protocol,可以让stream区分web ssl/tls和其他协议 ``` stream { upstream http{ server 127.0.0.1:8081; } upstream https{ server 127.0.0.1:8433; } map $ssl_preread_protocol $upstream{ default http; "TLSv1.3" https; "TLSv1.2" https; "TLSv1.1" https; "TLSv1.0" https; "TLSv1" https; "TLSv2" https; "SSLv2" https; "SSLv3" https; } server { listen 0.0.0.0:28181; ssl_preread on; proxy_pass $upstream; } } ``` - http与stream混合使用 ``` http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; server { listen 80; server_name localhost; location / { proxy_pass http://127.0.0.1:8081; index index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } server { listen 80; server_name location.xumy.vip; location / { proxy_pass http://127.0.0.1:8081; index index.html index.htm; } } server { listen 80; server_name monitor.xumy.vip; location / { proxy_pass http://127.0.0.1:8082; index index.html index.htm; } } server { listen 80; server_name whims.xumy.vip; location / { proxy_pass http://127.0.0.1:801; index index.html index.htm; } } server { listen 80; server_name license.xumy.vip; location / { proxy_pass http://127.0.0.1:88; index index.html index.htm; } } server { listen 80; server_name robust.xumy.vip; location / { proxy_pass http://127.0.0.1:89; index index.html index.htm; } } server { listen 80; server_name dzwl.xumy.vip; location / { proxy_pass http://127.0.0.1:805; index index.html index.htm; } } } stream{ log_format proxy '$remote_addr - [$time_local] $protocol $status "$upstream_addr" $remote_addr $remote_port '; access_log /home/work/logs/nginx/tcp-access.log proxy; open_log_file_cache off; map_hash_bucket_size 64; map $ssl_preread_protocol $upstream{ default http; "TLSv1.3" $https; "TLSv1.2" $https; "TLSv1.1" $https; "TLSv1.0" $https; "TLSv1" $https; "TLSv2" $https; "SSLv2" $https; "SSLv3" $https; } map $ssl_preread_server_name $https{ default dzwl; } upstream http { server 127.0.0.1:80; } upstream dzwl { server 127.0.0.1:806; } server{ listen 8080; ssl_preread on; proxy_pass $upstream; proxy_connect_timeout 15s; proxy_timeout 15s; proxy_next_upstream_timeout 15s; } } ```