nginx下载
wget nginx1.23.1
nginx运行加载配置文件说明
nginx 会从 /etc/nginx/conf.d 中加载以 .conf 结尾的配置文件
nginx 会从 /etc/nginx/sites-enabled 中加载任何名称的配置文件
#全局块
影响nginx整体运行的配置指令
比如:worker_processes auto;处理并发的数量
#events块
nginx服务器与用户的网络连接
比如:worker_connections 1024;支持的最大连接数
#http块
##http全局块
##upstream块:负载均衡(轮询、weight、ip_hash、fair)
##server块:虚拟主机配置。
allow 10.10.240.24; 只允许ip10.10.240.24进行访问。
deny all; 拒绝所有的ip访问,这样设置后,就只有ip为10.10.240.24可以访问nginx的网站。拒绝后返回的是403错误,这样报403和404错误时直接返回维护页面内容.
root /home/zjbj/newServer/publush_server/static/real_name;
location / {
#root html;
try_files $uri $uri/ @router;
index index.html index.htm;
}
location @router {
rewrite ^.*$ /index.html last;
}
openssl3.0编译安装
OpenSSL3.0.5安装_七羽319的博客-CSDN博客
./config --prefix=/usr/local/openssl
yum install -y perl-CPAN
perl -MCPAN -e shell;install IPC/Cmd.pm;exit
echo '/usr/local/openssl/lib64' >>/etc/ld.so.conf
ldconfig
跨域配置
add_header 'Access-Control-Allow-Origin' *;#允许跨域请求的域,* 代表所有
add_header 'Access-Control-Allow-Headers' *;#允许请求的header
add_header 'Access-Control-Allow-Credentials' 'true';#允许带上cookie请求
add_header 'Access-Control-Allow-Methods' *;#允许请求的方法,比如 GET,POST,PUT,DELETE
location /test {
proxy_set_header Host $host;#表明请求的主机名
proxy_set_header X-Real-IP $remote_addr; #当有多个代理时候,可以在第一个反向代理上配置,获取真实客户端IP;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #转发请求时会将上游服务器的IP地址追加到X-Forwarded-For的后面,使用英文逗号分割
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://192.168.107.112:8080;
}
Tomcat server.xml 的 Engine 模块下配置一个 Valve:
<Valve className="org.apache.catalina.valves.RemoteIpValve"
remoteIpHeader="X-Forwarded-For"
protocolHeader="X-Forwarded-Proto"
protocolHeaderHttpsValue="https"/>
application.yml配置
server:
tomcat:
remote-ip-header: X-Forwarded-For
protocol-header: X-Forwarded-Proto
protocol-header-https-value: https
# websocket需要增加该配置
map$http_upgrade$connection_upgrade{
default keep-alive;
'websocket'upgrade;
}
# 重点在这里,webSocket后面没有斜杠,和其它项目的区别
location /webSocket {
proxy_pass http://abc_test_websocket_name;
proxy_redirect off;
proxy_set_header Host $host:5052;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#升级http1.1到 websocket协议
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
语法规则: location [=|~|~*|^~] /uri/ { … }
= 开头表示精确匹配
^~ 开头表示uri以某个常规字符串开头,理解为匹配 url路径即可。nginx不对url做编码,因此请求为/static/20%/aa,可以被规则^~ /static/ /aa匹配到(注意是空格)。以xx开头
~ 开头表示区分大小写的正则匹配 以xx结尾
~* 开头表示不区分大小写的正则匹配 以xx结尾
!~和!~*分别为区分大小写不匹配及不区分大小写不匹配 的正则
/ 通用匹配,任何请求都会匹配到。
docker run --name nginx -d -p 80:80 -v /home/dreamlee/nginx_conf/log:/var/log/nginx -v /home/dreamlee/nginx_conf/conf/nginx.conf:/etc/nginx/nginx.conf -v /home/dreamlee/nginx_conf/html/index.html:/usr/share/nginx/html/index.html nginx
nginx.conf配置
location / {
#root html;
#index index.html index.htm;
root /opt/museum/frontend/dist;
autoindex on;
}
root /home/zjbj/newServer/publush_server/static/pm_jeecg;
location / {
#root html;
try_files $uri $uri/ @router;#需要指向下面的@router否则会出现vue的路由在nginx中刷新出现404
index index.html index.htm;
}
location @router {
rewrite ^.*$ /index.html last;
}
日志打印
log_format access-upstream '$time_iso8601|$remote_addr|[$time_local]|$protocol|$status|$bytes_sent|$bytes_received|$session_time| "$upstream_addr"|"$upstream_bytes_sent"|"$upstream_bytes_received"|"$upstream_connect_time"';
map $time_iso8601 $logdate {
'~^(?<ymd>\d{4}-\d{2}-\d{2})' $ymd;
default 'date-not-found';
}
access_log logs/stream_access_$logdate.log access-upstream;
编译安装
./configure --prefix=/usr/local/nginx --with-stream=dynamic #执行完成后,会生成很多中间文件,放在objs目录下面
###load_module modules/ngx_stream_module.so;
make #没有报错代表执行成功
make install #安装命令
修改nginx配置:/root/lixiang/nginx-1.23.1/auto/lib/openssl/conf
Nginx升级加固SSL/TLS协议信息泄露漏洞(CVE-2016-2183) (bbsmax.com)
./configure --with-openssl=/usr/local/openssl-1.1.1o --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie'
./configure --with-http_ssl_module --with-openssl=/usr/local/openssl --prefix=/usr/local/nginx-1.23.1
./configure --with-http_ssl_module --with-openssl=/usr/local/openssl --prefix=/usr/local/nginx-1.23.1 --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --http-client-body-temp-path=/usr/local/nginx-1.23.1/temp/client_temp --http-proxy-temp-path=/usr/local/nginx-1.23.1/temp/proxy_temp --http-fastcgi-temp-path=/usr/local/nginx-1.23.1/temp/fastcgi_temp --http-uwsgi-temp-path=/usr/local/nginx-1.23.1/temp/uwsgi_temp --http-scgi-temp-path=/usr/local/nginx-1.23.1/temp/scgi_temp
--add-module=nginx-module-vts
负载均衡
nginx负载均衡之一致性Hash方式_我爱吃鸡翅膀的博客-CSDN博客_nginx 一致性hash
nginx 根据IP转发到指定的后端服务器_Linux中文社区的博客-CSDN博客_nginx 根据ip转发
Nginx之正则表达式、location匹配简介以及rewrite重写_mb5fd868b989ae9的技术博客_51CTO博客
