安装nginx

# 添加 Nginx 源
sudo rpm -Uvh http://nginx.org/packages/centos/8/x86_64/RPMS/nginx-1.18.0-1.el8.ngx.x86_64.rpm

# 安装 Nginx
sudo dnf install -y nginx

# 启动 Nginx
sudo systemctl start nginx.service

# 设置开机自启 Nginx
sudo systemctl enable nginx.service

配置nginx

nginx配置文件放在 /etc/nginx下边,一般为的nginx.conf文件和此目录下conf.d下的default.conf文件
我一般会直接修改nginx.conf文件

修改完毕后需要做几项操作
sudo systemctl stop nginx.service	#重启nginx服务
nginx -c /etc/nginx/nginx.conf      	#指定配置文件
sudo nginx -t                       	#测试配置文件是否有语法错误
sudo nginx -s reload		    	#重新加载Nginx配置文件,然后以优雅的方式重启Nginx
ps -ef|grep nginx		    	#查看nginx占用pid,我这执行完上边的reload有的时候不生效,所以只能强制关闭然后重启
kill -9 *****                       	#强制关掉nginx
sudo systemctl restart nginx.service	#重启nginx服务
sudo systemctl status nginx.service	#查看运行状态

nginx常用命令

start nginx		#打开 nginx
nginx -t		#测试配置文件是否有语法错误
nginx -s reopen		#重启Nginx
nginx -s reload		#重新加载Nginx配置文件,然后以优雅的方式重启Nginx
nginx -s stop		#强制停止Nginx服务
nginx -s quit		#优雅地停止Nginx服务(即处理完所有请求后再停止服务)

我的两套nginx完整配置
第一套--配置有强制跳转

events
    {
        use epoll;
        worker_connections 51200;
        multi_accept on;
    }
http{
  gzip on;
  gzip_min_length  1k;
  gzip_buffers     4 16k;
  gzip_http_version 1.1;
  gzip_comp_level 2;
  gzip_types     text/plain application/javascript application/x-javascript text/javascript text/css application/xml application/xml+rss;
  gzip_vary on;
  gzip_proxied   expired no-cache no-store private auth;
  gzip_disable   "MSIE [1-6]\.";

  server_tokens off;
  access_log off;

  upstream backend {
    server www.senziyu.com:1108; # halo 监听端口
  }

  server {
      listen 80;
      server_name my.senziyu.com;
      return 301 https://$server_name$request_uri;
      location  / {
        proxy_pass http://backend$request_uri;
        proxy_set_header  Host $http_host;
        proxy_set_header  X-Real-IP $remote_addr;
        client_max_body_size  10m;
      }
  }

  server {
    listen 443 ssl http2;
    server_name my.senziyu.com;
    ssl_certificate /etc/nginx/ssl/1_my.senziyu.com_bundle.crt;
    ssl_certificate_key /etc/nginx/ssl/2_my.senziyu.com.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
    ssl_session_cache builtin:1000 shared:SSL:10m;
    location / {
        proxy_pass http://backend$request_uri;
        proxy_set_header  Host $host;
        proxy_set_header  X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        client_max_body_size  10m;
    }
    access_log  /etc/nginx/conf.d/www.senziyu.com.halo.access.log;
    error_log  /etc/nginx/conf.d/www.senziyu.com.halo.error.log;
  }

}

第二套

events
    {
        use epoll;
        worker_connections 51200;
        multi_accept on;
    }
http{
  gzip on;
  gzip_min_length  1k;
  gzip_buffers     4 16k;
  gzip_http_version 1.1;
  gzip_comp_level 2;
  gzip_types     text/plain application/javascript application/x-javascript text/javascript text/css application/xml application/xml+rss;
  gzip_vary on;
  gzip_proxied   expired no-cache no-store private auth;
  gzip_disable   "MSIE [1-6]\.";

  server_tokens off;
  access_log off;

  upstream backend {
    server 192.168.3.16:1102; # halo 监听端口
  }

  upstream backend1 {
    server 192.168.3.16:1104; # solo 监听端口
  }

  upstream backend2 {
    server 192.168.3.16:1108; # halo 监听端口
  }

  server {
    server_name www.senziyu.com;
    listen 1101 ssl http2;
    ssl_certificate /etc/nginx/ssl_certs/1_www.senziyu.com_bundle.crt;
    ssl_certificate_key /etc/nginx/ssl_certs/2_www.senziyu.com.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
    ssl_session_cache builtin:1000 shared:SSL:10m;
    location / {
        proxy_pass http://backend$request_uri;
        proxy_set_header  Host $http_host;
        proxy_set_header  X-Real-IP $remote_addr;
        client_max_body_size  10m;
    }
    access_log  /etc/nginx/conf.d/www.senziyu.com.halo.access.log;
    error_log  /etc/nginx/conf.d/www.senziyu.com.halo.error.log;
  }

  server {
    server_name www.senziyu.com;
    listen 1103 ssl http2;
    ssl_certificate /etc/nginx/ssl_certs/1_www.senziyu.com_bundle.crt;
    ssl_certificate_key /etc/nginx/ssl_certs/2_www.senziyu.com.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
    ssl_session_cache builtin:1000 shared:SSL:10m;
    location / {
        proxy_pass http://backend1$request_uri;
        proxy_set_header  Host $http_host;
        proxy_set_header  X-Real-IP $remote_addr;
        client_max_body_size  10m;
    }
    access_log  /etc/nginx/conf.d/www.senziyu.com.solo.access.log;
    error_log  /etc/nginx/conf.d/www.senziyu.com.solo.error.log;
  }

  server {
    server_name www.senziyu.com;
    listen 1107 ssl http2;
    ssl_certificate /etc/nginx/ssl_certs/1_www.senziyu.com_bundle.crt;
    ssl_certificate_key /etc/nginx/ssl_certs/2_www.senziyu.com.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
    ssl_session_cache builtin:1000 shared:SSL:10m;
    location / {
        proxy_pass http://backend2$request_uri;
        proxy_set_header  Host $http_host;
        proxy_set_header  X-Real-IP $remote_addr;
        client_max_body_size  10m;
    }
    access_log  /etc/nginx/conf.d/www.senziyu.com.halo1.access.log;
    error_log  /etc/nginx/conf.d/www.senziyu.com.halo1.error.log;
  }
    
}

Q.E.D.


97年强迫症程序猿