安装nginx
# 添加 Nginx 源
sudo rpm -Uvh http://nginx.org/packages/centos/8/x86_64/RPMS/nginx-1.18.0-1.el8.ngx.x86_64.rpm
# 安装 Nginx
sudo dnf install -y nginx
# 启动 Nginx
sudo systemctl start nginx.service
# 设置开机自启 Nginx
sudo systemctl enable nginx.service
配置nginx
nginx配置文件放在 /etc/nginx下边,一般为的nginx.conf文件和此目录下conf.d下的default.conf文件
我一般会直接修改nginx.conf文件
修改完毕后需要做几项操作
sudo systemctl stop nginx.service #重启nginx服务
nginx -c /etc/nginx/nginx.conf #指定配置文件
sudo nginx -t #测试配置文件是否有语法错误
sudo nginx -s reload #重新加载Nginx配置文件,然后以优雅的方式重启Nginx
ps -ef|grep nginx #查看nginx占用pid,我这执行完上边的reload有的时候不生效,所以只能强制关闭然后重启
kill -9 ***** #强制关掉nginx
sudo systemctl restart nginx.service #重启nginx服务
sudo systemctl status nginx.service #查看运行状态
nginx常用命令
start nginx #打开 nginx
nginx -t #测试配置文件是否有语法错误
nginx -s reopen #重启Nginx
nginx -s reload #重新加载Nginx配置文件,然后以优雅的方式重启Nginx
nginx -s stop #强制停止Nginx服务
nginx -s quit #优雅地停止Nginx服务(即处理完所有请求后再停止服务)
我的两套nginx完整配置
第一套--配置有强制跳转
events
{
use epoll;
worker_connections 51200;
multi_accept on;
}
http{
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml application/xml+rss;
gzip_vary on;
gzip_proxied expired no-cache no-store private auth;
gzip_disable "MSIE [1-6]\.";
server_tokens off;
access_log off;
upstream backend {
server www.senziyu.com:1108; # halo 监听端口
}
server {
listen 80;
server_name my.senziyu.com;
return 301 https://$server_name$request_uri;
location / {
proxy_pass http://backend$request_uri;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
client_max_body_size 10m;
}
}
server {
listen 443 ssl http2;
server_name my.senziyu.com;
ssl_certificate /etc/nginx/ssl/1_my.senziyu.com_bundle.crt;
ssl_certificate_key /etc/nginx/ssl/2_my.senziyu.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
ssl_session_cache builtin:1000 shared:SSL:10m;
location / {
proxy_pass http://backend$request_uri;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 10m;
}
access_log /etc/nginx/conf.d/www.senziyu.com.halo.access.log;
error_log /etc/nginx/conf.d/www.senziyu.com.halo.error.log;
}
}
第二套
events
{
use epoll;
worker_connections 51200;
multi_accept on;
}
http{
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml application/xml+rss;
gzip_vary on;
gzip_proxied expired no-cache no-store private auth;
gzip_disable "MSIE [1-6]\.";
server_tokens off;
access_log off;
upstream backend {
server 192.168.3.16:1102; # halo 监听端口
}
upstream backend1 {
server 192.168.3.16:1104; # solo 监听端口
}
upstream backend2 {
server 192.168.3.16:1108; # halo 监听端口
}
server {
server_name www.senziyu.com;
listen 1101 ssl http2;
ssl_certificate /etc/nginx/ssl_certs/1_www.senziyu.com_bundle.crt;
ssl_certificate_key /etc/nginx/ssl_certs/2_www.senziyu.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
ssl_session_cache builtin:1000 shared:SSL:10m;
location / {
proxy_pass http://backend$request_uri;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
client_max_body_size 10m;
}
access_log /etc/nginx/conf.d/www.senziyu.com.halo.access.log;
error_log /etc/nginx/conf.d/www.senziyu.com.halo.error.log;
}
server {
server_name www.senziyu.com;
listen 1103 ssl http2;
ssl_certificate /etc/nginx/ssl_certs/1_www.senziyu.com_bundle.crt;
ssl_certificate_key /etc/nginx/ssl_certs/2_www.senziyu.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
ssl_session_cache builtin:1000 shared:SSL:10m;
location / {
proxy_pass http://backend1$request_uri;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
client_max_body_size 10m;
}
access_log /etc/nginx/conf.d/www.senziyu.com.solo.access.log;
error_log /etc/nginx/conf.d/www.senziyu.com.solo.error.log;
}
server {
server_name www.senziyu.com;
listen 1107 ssl http2;
ssl_certificate /etc/nginx/ssl_certs/1_www.senziyu.com_bundle.crt;
ssl_certificate_key /etc/nginx/ssl_certs/2_www.senziyu.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
ssl_session_cache builtin:1000 shared:SSL:10m;
location / {
proxy_pass http://backend2$request_uri;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
client_max_body_size 10m;
}
access_log /etc/nginx/conf.d/www.senziyu.com.halo1.access.log;
error_log /etc/nginx/conf.d/www.senziyu.com.halo1.error.log;
}
}