柚子快報邀請碼778899分享：運維 歐拉部署nginx

http://yzkb.51969.com/

1.下載nginx

下載地址：https://nginx.org/en/download.html

選擇穩(wěn)定版本 下的鏡像文件進行下載

2.解壓Nginx包

cd /root/nginx

tar -zxvf nginx-1.26.0.tar.gz

cd nginx-1.26.0

3.安裝nginx相關(guān)依賴

yum -y install gcc zlib zlib-devel pcre-devel openssl openssl-devel

4.生成 Makefile 可編譯文件

./configure --with-http_ssl_module --with-http_stub_status_module

參數(shù)說明：

–prefix=PATH：指定 nginx 的安裝目錄（默認/usr/local/nginx）–conf-path=PATH：指定 nginx.conf 配置文件路徑–user=NAME：nginx 工作進程的用戶–with-pcre：開啟 PCRE 正則表達式的支持with-http-realip_module：允許改變客戶端請求頭中客戶端 IP 地址–with-file-aio：啟用 File AIO–add-module=PATH：添加第三方外部模塊

5.編譯和安裝

# 編譯

make

# 安裝

make install

默認的安裝路徑為：/usr/local/nginx

6.啟動

cd /usr/local/nginx/sbin

# 啟動

./nginx

# 查看進程

ps -ef | grep nginx

# 停止

/usr/local/nginx/sbin/nginx -s stop

# 重啟

/usr/local/nginx/sbin/nginx -s restart

7.配置

非https配置

worker_processes 1;

events {

worker_connections 1024;

}

http {

include mime.types;

default_type application/octet-stream;

sendfile on;

keepalive_timeout 65;

#gzip on;

upstream reverseProxyServer{

ip_hash;

#負載均衡應(yīng)用服務(wù)器A: 權(quán)重為10,10s內(nèi)連接請求失敗2次,nginx在10s內(nèi)認為server是不可用的，將不在發(fā)送請求給這臺服務(wù)器

server xxx.xxx.xx.xxx:9090 weight=10 max_fails=2 fail_timeout=10s;

#負載均衡應(yīng)用服務(wù)器B: 代理服務(wù)器權(quán)重為5,10s內(nèi)連接請求失敗2次,nginx在10s內(nèi)認為server是不可用的，將不在發(fā)送請求給這臺服務(wù)器

server xxx.xxx.xx.xxx:9090 weight=5 fail_timeout=10s max_fails=2;

}

upstream reverseGrafanaServer{

ip_hash;

server xxx.xxx.xx.xxx:3000 weight=10 max_fails=2 fail_timeout=10s;

server xxx.xxx.xx.xxx:3000 weight=8 max_fails=2 fail_timeout=10s;

}

server {

listen 80;

server_name xxx.com;

proxy_redirect off;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_connect_timeout 30s;

proxy_read_timeout 30s;

#charset koi8-r;

#access_log logs/host.access.log main;

location /{

proxy_pass http://reverseProxyServer/;

}

location /grafana/{

proxy_buffering on;

proxy_buffer_size 4k;

proxy_buffers 8 4M;

proxy_busy_buffers_size 4M;

proxy_pass http://reverseGrafanaServer/;

}

}

}

https配置

http {

...

server {

listen 80;

server_name xxx.com;

#將請求轉(zhuǎn)成https

rewrite ^(.*)$ https://$host$1 permanent;

}

server {

listen 443 ssl;

server_name xxx.com;

proxy_redirect off;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_connect_timeout 30s;

proxy_read_timeout 30s;

#charset koi8-r;

#ssl證書的pem文件路徑

ssl_certificate /usr/local/nginx/cert/server.crt;

#ssl證書的key文件路徑

ssl_certificate_key /usr/local/nginx/cert/server.key;

....

}

}

FAQ：遇到問題總結(jié)

問題1：nginx: [emerg] unknown directive “ssl”

解決方法 1.nginx生成 Makefile可編譯文件時沒有開啟ssl，請參考步驟4 2.舊版本配置ssl和新版本不一致 server{ listen 443; xxx ssl on; #ssl證書的pem文件路徑 ssl_certificate /usr/local/nginx/cert/server.crt; #ssl證書的key文件路徑 ssl_certificate_key /usr/local/nginx/cert/server.key; } 應(yīng)改為 server{ listen 443 ssl; xxx #ssl證書的pem文件路徑 ssl_certificate /usr/local/nginx/cert/server.crt; #ssl證書的key文件路徑 ssl_certificate_key /usr/local/nginx/cert/server.key; }

問題2：curl: (60) SSL certificate problem: self signed certificate

解決方法：curl命令向服務(wù)器發(fā)送https請求, curl https的時候需要加上-k參數(shù)

問題3：nginx配了證書顯示站點連接不安全

解決方法：我手里有crt和key證書，因為我用crt證書使用openssl命令生成pem證書配置上去的原因 解決方法直接配置crt和key證書就行

柚子快報邀請碼778899分享：運維 歐拉部署nginx

http://yzkb.51969.com/

好文推薦