Nginx 总结

安装 Nginx

参考:

安装 nginx

1
sudo yum install -y nginx

启动 nginx

1
sudo systemctl start nginx

开机自启动 nginx

1
sudo systemctl enable nginx

补充:

关闭 nginx

1
sudo systemctl stop nginx

重启 nginx

1
sudo systemctl restart nginx

查看状态 nginx

1
sudo systemctl status nginx

配置

  • 网站文件存放默认位置(Welcome to nginx 页面)

    /usr/share/nginx/html

  • 网站默认站点配置

    /etc/nginx/conf.d/default.conf

  • 自定义 nginx 站点配置文件存放目录

    /etc/nginx/conf.d/

  • nginx 全局配置文件

    /etc/nginx/nginx.conf

Nginx 命令

参考:

  • Beginner’s Guide | Nginx Docs

  • nginx -s stop :快速关闭Nginx,可能不保存相关信息,并迅速终止web服务。
  • nginx -s quit :平稳关闭Nginx,保存相关信息,有安排的结束web服务。
  • nginx -s reload :因改变了Nginx相关配置,需要重新加载配置而重载。
  • nginx -s reopen :重新打开日志文件。
  • nginx -c filename :为 Nginx 指定一个配置文件,来代替缺省的。
  • nginx -t :不运行,而仅仅测试配置文件。nginx将检查配置文件的语法的正确性,并尝试打开配置文件中所引用到的 文件。
  • nginx -v:显示 nginx 的版本。
  • nginx -V:显示 nginx 的版本,编译器版本和配置参数

配置 HTTPS

参考:

/etc/nginx/conf.d/default.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
# HTTP 跳转到 HTTPS
server {
listen 80;
server_name example.com www.example.com;
return 301 https://$server_name$request_uri;
}

server {
listen 443 ssl; # 此处如未添加ssl,可能造成Nginx无法启动。
server_name example.com www.example.com; # 证书绑定的域名,例如:www.example.com。多个域名用空格分开。
ssl_certificate /etc/nginx/ssl/example/example.com.pem; # 证书的文件名
ssl_certificate_key /etc/nginx/ssl/example/example.com.key; # 证书的密钥文件名
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_ciphers HIGH:!aNULL:!MD5;
#access_log off; # 反向代理如果并发大,务必要关闭日志,否则IO吃紧。

# 方式1: 反向代理: 将请求转发到 ASP.NET Core 端口 5000
location / {
proxy_pass http://localhost:5000;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

# 方式2: 静态站点
location / {
root /usr/share/nginx/html; # 站点目录。
index index.html index.htm; # 默认索引页
}
}

server_namessl_certificatessl_certificate_keyproxy_pass 需替换为你自己的值。

只需要选择一个方式即可,而不是两个 location / 都写

补充:

HTTP 跳转到 HTTPS 方法2:

重写:

1
2
3
4
5
server {
listen 80;
server_name www.example.com example.com;
rewrite ^(.*)$ https://$host$1 permanent; # 将所有http请求通过rewrite重定向到https。
}

拆分配置文件

nginx.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
user  www www;
worker_processes auto;
error_log /www/wwwlogs/nginx_error.log crit;
pid /www/server/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;

events
{
use epoll;
worker_connections 51200;
multi_accept on;
}

http
{
include mime.types;
#include luawaf.conf;

include proxy.conf;

default_type application/octet-stream;

server_names_hash_bucket_size 512;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 50m;

sendfile on;
tcp_nopush on;

keepalive_timeout 60;

tcp_nodelay on;

fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;

gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml;
gzip_vary on;
gzip_proxied expired no-cache no-store private auth;
gzip_disable "MSIE [1-6]\.";

limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_conn_zone $server_name zone=perserver:10m;

server_tokens off;
access_log off;

include /www/server/panel/vhost/nginx/*.conf; # 引入 /www/server/panel/vhost/nginx/ 位置的全部配置文件
}

配置跨域

/Upload 开头 url 允许跨域

1
2
3
4
location /Upload {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
}

补充

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
server
{
listen 80;
listen 443 ssl http2;
server_name api-onetree.moeci.com;
root /www/wwwroot/api-onetree.moeci.com;
location /api {
proxy_pass http://localhost:5000;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /install {
proxy_pass http://localhost:5000;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /Upload {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
}
}

注意:

发现 nginx 的 location 对大小写敏感

支持 WebSocket

参考:

编辑 nginx.conf 文件

http {} 中添加

1
2
3
4
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}

在你的 server {} location / {} 中添加

1
2
3
4
# websocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";

例如下方

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
server
{
listen 80;
listen 443 ssl http2;
server_name plugincore.moeci.com;
#index index.php index.html index.htm default.php default.htm default.html;
root /www/wwwroot/plugincore.moeci.com;

# proxy
location / {
proxy_pass http://localhost:5007;

# websocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}

参考

感谢帮助!