You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4.8 KiB
4.8 KiB
nginx安装与配置
准备环境
yum -y install gcc
yum install -y pcre pcre-devel
yum install -y zlib zlib-devel
下载
nginx官方下载指定版本源码压缩包
上传到服务器解压
编译与安装
./configure --prefix=指定安装目录前缀 --with指定额外的模块
make
make install DESTDIR=指定安装目录后缀
http反向代理配置
- 根据路径分发到不同端口参数配置示例
http {
include mime.types;
default_type application/octet-stream;
server {
listen 80;
server_name localhost;
location / {
root proxy_pass http://127.0.0.1:8080;
index index.html index.htm;
}
location /fence {
root proxy_pass http://127.0.0.1:8081;
index index.html index.htm;
}
location /RfsSniffer {
root proxy_pass http://127.0.0.1:8433;
index index.html index.htm;
}
}
}
- 根据域名分发到不同端口参数配置示例
http {
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://127.0.0.1:8081;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 80;
server_name location.xumy.vip;
location / {
proxy_pass http://127.0.0.1:8081;
index index.html index.htm;
}
}
}
tcp转发
转发https请求,无需在nginx配置ssl证书,nginx版本号必须 >1.15.2,编译时必须配置以下模块
--with-http_stub_status_module --with-http_ssl_module --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module
- 同一个端口监听http与https请求配置示例,$ssl_preread_protocol,可以让stream区分web ssl/tls和其他协议
stream {
upstream http{
server 127.0.0.1:8081;
}
upstream https{
server 127.0.0.1:8433;
}
map $ssl_preread_protocol $upstream{
default http;
"TLSv1.3" https;
"TLSv1.2" https;
"TLSv1.1" https;
"TLSv1.0" https;
"TLSv1" https;
"TLSv2" https;
"SSLv2" https;
"SSLv3" https;
}
server {
listen 0.0.0.0:28181;
ssl_preread on;
proxy_pass $upstream;
}
}
- http与stream混合使用
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://127.0.0.1:8081;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 80;
server_name location.xumy.vip;
location / {
proxy_pass http://127.0.0.1:8081;
index index.html index.htm;
}
}
server {
listen 80;
server_name monitor.xumy.vip;
location / {
proxy_pass http://127.0.0.1:8082;
index index.html index.htm;
}
}
server {
listen 80;
server_name whims.xumy.vip;
location / {
proxy_pass http://127.0.0.1:801;
index index.html index.htm;
}
}
server {
listen 80;
server_name license.xumy.vip;
location / {
proxy_pass http://127.0.0.1:88;
index index.html index.htm;
}
}
server {
listen 80;
server_name robust.xumy.vip;
location / {
proxy_pass http://127.0.0.1:89;
index index.html index.htm;
}
}
server {
listen 80;
server_name dzwl.xumy.vip;
location / {
proxy_pass http://127.0.0.1:805;
index index.html index.htm;
}
}
}
stream{
log_format proxy '$remote_addr - [$time_local] $protocol $status "$upstream_addr" $remote_addr $remote_port ';
access_log /home/work/logs/nginx/tcp-access.log proxy;
open_log_file_cache off;
map_hash_bucket_size 64;
map $ssl_preread_protocol $upstream{
default http;
"TLSv1.3" $https;
"TLSv1.2" $https;
"TLSv1.1" $https;
"TLSv1.0" $https;
"TLSv1" $https;
"TLSv2" $https;
"SSLv2" $https;
"SSLv3" $https;
}
map $ssl_preread_server_name $https{
default dzwl;
}
upstream http {
server 127.0.0.1:80;
}
upstream dzwl {
server 127.0.0.1:806;
}
server{
listen 8080;
ssl_preread on;
proxy_pass $upstream;
proxy_connect_timeout 15s;
proxy_timeout 15s;
proxy_next_upstream_timeout 15s;
}
}