title: Nginx
date: 2018-12-15 12:05:09
tags:
- Nginx
categories:
- 工具
💠
💠 2024-04-22 16:41:19
sudo apt install nginx
sudo nginx
sudo /etc/init.d/nginx start
systemctl start nginx
sudo nginx -s quit
sudo /etc/init.d/nginx stop
systemctl stop nginx
不建议使用这种方式进行安装,很容易出现兼容问题
配置各个包
./configure --sbin-path=/usr/local/nginx/nginx \
--conf-path=/usr/local/nginx/nginx.conf \
--pid-path=/usr/local/nginx/nginx.pid \
--with-http_stub_status_module \
--with-http_ssl_module \
--with-pcre=/home/kuang/pcre-8.20 \
--with-openssl=/home/kuang/openssl \
--with-zlib=/home/kuang/zlib-1.2.11
-s signal
-t
测试配置文件$remote_addr
客户端地址$remote_port
客户端端口nginx 配置文件的语法是自己独有的语法, 比较像 shell, 里面有用到正则, 变量等概念
include /etc/nginx/conf.d/*.conf;
error_page 404 /404.html;
也可以填完整URLnginx提供Http服务,但是反向代理了HTTPS地址时 需要注意证书的一致性问题
server {
client_max_body_size 4G;
listen 80;
# server_name static.me; # 如果需要使用域名 则需要在hosts文件配置
root /home/mini/Sync;
location / {
autoindex on; # 显示索引
autoindex_exact_size on; # 显示大小
autoindex_localtime on; # 显示时间
}
}
user nginx;
改成可访问静态文件目录的用户即可配置为文本文件类型
即 text/plain; 类型。例: 浏览器直接查看 code 目录下所有源代码 location /code/ {
# All files in it
location ~* {
add_header Content-Type text/plain;
}
}
如果有编码问题可配置成 add_header Content-Type 'text/plain;charset=UTF-8';
location ~* /.*\.(py|md|sql)${}
配置反向代理
/
路径的请求转发到9991端口 /myth
转发到7898端口 upstream one {
server 127.0.0.1:9991;
}
upstream two {
server 127.0.0.1:7898;
}
server {
listen 80;
server_name 1.1.1.1;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Nginx-Proxt true;
proxy_pass http://one;
proxy_redirect off;
}
location /myth{
proxy_pass http://two;
proxy_redirect off;
}
}
配置统一出口
server {
client_max_body_size 4G;
listen 80; # listen for ipv4; this line is default and implied
server_name static.me;
location / {
root /data/static;
# proxy_pass http://127.0.0.1:8889/; 如果静态资源在别的端口上,这样配置也可以
}
location /api/ {
# add_header 'Access-Control-Allow-Origin' '*';
proxy_pass http://127.0.0.1:8889/; # 去除请求的 api 路径,并访问后端
# proxy_pass http://127.0.0.1:8889; 这种方式不会去除 /api/
}
location /api/a-service {
proxy_pass http://127.0.0.1:8889/a-service; # 移除 /api/ 路径,保留a-service (api路径下多个服务时使用此类型配置)
}
}
注意,原先使用nginx反向代理tomcat,尝试配置后端为一个本地dns解析的域名。然后发现这是无法生效的,所以应该使用真实IP或公网域名
在需要被跨域访问的服务端,添加如下配置
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Headers X-Requested-With;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
配置HTTPS
upstream one {
server 127.0.0.1:8888;
}
server {
listen 443;
server_name web.me;
# 主要就是添加了这一块
ssl on;
ssl_certificate /data/https/server.crt;
ssl_certificate_key /data/https/server.key;
# http 转向 https
return 302 https://$host$request_uri;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Nginx-Proxt true;
proxy_pass https://one;
proxy_redirect off;
}
}
免费的网站, 并且现在支持泛域名了参考博客 | 参考博客
Nginx反向代理https
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
./certbot-auto #进行安装 但是过程中会有一些设置,
./certbot-auto certonly --email xxx@xxx --nginx -d xxx.domain # 生成 xxx.domain 证书
SSL 接收到一个超出最大准许长度的记录 要在端口后加上SSL nginx
upstream one {
server 127.0.0.1:8080;
}
server{
listen 443 ssl;
server_name xxx.domain
access_log /data/log/https.log;
# ssl配置
ssl on;
ssl_certificate /etc/letsencrypt/live/xxx.domain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xxx.domain/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/xxx.domain/chain.pem;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
location / {
proxy_pass https://one;
}
}
# 配置连接的配置信息
map $http_upgrade $connection_upgrade{
default upgrade;
'' close;
}
upstream back_end {
server 127.0.0.1:8888;
}
server {
listen 80;
server_name 127.0.0.1;
location / {
# 设置转发真实ip
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Nginx-Proxt true;
# 设置接收到的请求类型
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_pass http://back_end;
# 默认是 1.0 不支持 keepAlive
proxy_http_version 1.1;
proxy_redirect off;
proxy_read_timeout 300s;
}
}
绕过Grafana,免密登录,需要预先生成key
map $http_upgrade $connection_upgrade{
default upgrade;
'' close;
}
# http://grafana-user.test/d/spring_boot_21/shang-shu-tai-jian-kong-mian-ban?orgId=1
server {
listen 80;
server_name grafana-user.test;
location / {
proxy_pass http://192.168.1.1:9091/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Connection "";
proxy_set_header Authorization "Bearer xxxxx";
# add_header X-Frame-Options SAMEORIGIN;
proxy_hide_header X-Frame-Options;
}
location /api/live/ws {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Nginx-Proxt true;
proxy_set_header Authorization "Bearer cccc";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_http_version 1.1;
proxy_redirect off;
proxy_read_timeout 300s;
proxy_pass http://192.168.1.1:9091;
}
}
例如 aaa.com 需要VPN等方式才能访问,Nginx所在的主机能访问,就可以这么配置,然后配置DNS将 aaa.com 解析到Nginx的主机上,就可以实现其他客户机不安装VPN 直接访问 aaa.com
server {
server_name aaa.com;
listen 80;
location / {
proxy_pass http://aaa.com;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
gzip on;
gzip_comp_level 4;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
分为四层和七层:
从nginx改成upstream的IP
,修改返回时发送ip) #动态服务器组
upstream dynamic_server {
server localhost:8080 weight=2;
server localhost:8081;
server localhost:8082 backup;
server localhost:8083 max_fails=3 fail_timeout=20s;
}
least_conn;
即可ip_hash;
即可一致性hash
特性Q & A
对标 F5 BIG-IP
Keepalived软件起初是专为LVS负载均衡软件设计的,用来管理并监控LVS集群系统中各个服务节点的状态,后来又加入了可以实现高可用的VRRP功能。因此,Keepalived除了能够管理LVS软件外,还可以作为其他服务(例如:Nginx、Haproxy、MySQL等)的高可用解决方案软件。
具有丰富的插件支持, 配置简洁, 自动配置 HTTPS证书,相较于nginx资源消耗更多 吞吐量低一些
Official 企业级工具
Github
基于 HAProxy
client_max_body_size 80M;
lingering_timeout
access 日志中 upstream 408状态码 本身返回的502 实际上upstream没收到请求
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。