nginx入门教程
nginx 的安装
# 配置下载源
sudo rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
# 使用yum安装nginx
sudo yum install nginx
# 设置开机启动
sudo systemctl enable nginx
# 启动
sudo systemctl start nginx
# 重新加载
sudo systemctl reload nginx
# 重启
sudo systemctl restart nginx
# 停止
sudo systemctl stop nginx
# SELinux配置将httpd网络连接关闭,所以需要开启才能访问
setsebool -P httpd_can_network_connect 1
nginx 的配置
# 编辑总配置
vim /etc/nginx/nginx.conf
# 编辑子配置
vim /etc/nginx/conf.d/default.d
ssl 证书配置
ssl_certificate /etc/nginx/ssl/2780151_newyetai.com.pem;
ssl_certificate_key /etc/nginx/ssl/2780151_newyetai.com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
反向代理配置
# proxy
proxy_pass http://172.19.214.188:8082;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 60;
proxy_read_timeout 600;
proxy_send_timeout 600;
访问 IP 限制
# 允许部分ip访问
# ip
allow 180.169.8.34;
# ip段
allow 47.101.11.1/10;
# 禁止其余ip访问
deny all;
访问权限限制
auth_basic "nginxui secured";
auth_basic_user_file /etc/nginx/httpdwd;
客户端请求体大小限制
# 客户端请求最大的body
client_max_body_size 200m;
开启 gzip 的支持
浏览器和服务器如果均支持 gzip,则优先访问 gzip 资源,找不到才访问非压缩资源
gzip on;
gzip_types text/plain application/javascript application/x-javascript text/javascript text/xml text/css;
gzip_static on;