常用命令 1 2 3 4 5 6 7 8 nginx -s stop nginx -s quit nginx -s reload nginx -s reopen nginx -c filename nginx -t nginx -v nginx -V
nginx 启动脚本 使用 service nginxd start 的方式启动
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 #!/bin/bash source /etc/profile source $HOME /.bash_profile nginxd=/usr/local /nginx/sbin/nginx nginx_config=/usr/local /nginx/conf/nginx.conf nginx_pid=/usr/local /nginx/logs/nginx.pid nginx_lock=/var/lock/subsys/nginx RETYAL=0 prog="nginx" . /etc/rc.d/init.d/functions . /etc/sysconfig/network [ ${NETWORKING} = "no" ] && exit 0 start () { [ -x $nginxd ] || { echo “FATAL: No such programme”;exit 4; } [ -f $nginx_config ] || { echo “FATAL:Config file does not exist”;exit 6; } if [ -e $nginx_pid ];then echo "nginx already running...." exit 1 fi if [ -e $nginx_lock ];then echo "nginx lock file does exist...." exit 1 fi echo -n $"Starting $prog :" dir=$(dirname $nginx_pid ) [ -d $dir ] || mkdir -p $dir daemon --pidfile $nginx_pid $nginxd -c ${nginx_config} RETVAL=$? echo [ $RETVAL = 0 ] && touch $nginx_lock return $RETVAL } stop () { echo -n $"Stoping $prog :" killproc -p $nginx_pid $prog RETVAL=$? echo [ $RETVAL = 0 ] && rm -f $nginx_lock $nginx_pid } reload () { echo -n $"Reloading $prog :" killproc -p $nginx_pid $prog -HUP RETVAL=$? echo } case "$1 " in start) start ;; stop) stop ;; reload) reload ;; restart) stop start ;; status) status $prog RETVAL=$? ;; *) echo $"Usage:$prog {start|stop|restart|reload|status|help}" exit 1 esac exit $RETVAL
HTTP反向代理配置 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 worker_processes 1; error_log D:/Tools/nginx-1.10.1/logs/error.log; error_log D:/Tools/nginx-1.10.1/logs/notice.log notice; error_log D:/Tools/nginx-1.10.1/logs/info.log info; pid D:/Tools/nginx-1.10.1/logs/nginx.pid; events { worker_connections 1024; } http { include D:/Tools/nginx-1.10.1/conf/mime.types; default_type application/octet-stream; log_format main '[$remote_addr] - [$remote_user] [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"' ; access_log D:/Tools/nginx-1.10.1/logs/access.log main; rewrite_log on; sendfile on; keepalive_timeout 120; tcp_nodelay on; upstream zp_server1{ server 127.0.0.1:8089; } server { listen 80; server_name www.helloworld.com; index index.html root D:\01_Workspace\Project\github\zp\SpringNotes\spring-security\spring-shiro\src\main\webapp; charset utf-8; proxy_connect_timeout 180; proxy_send_timeout 180; proxy_read_timeout 180; proxy_set_header Host $host ; proxy_set_header X-Forwarder-For $remote_addr ; location / { proxy_pass http://zp_server1; } location ~ ^/(images|javascript|js|css|flash|media|static)/ { root D:\01_Workspace\Project\github\zp\SpringNotes\spring-security\spring-shiro\src\main\webapp\views; expires 30d; } location /NginxStatus { stub_status on; access_log on; auth_basic "NginxStatus" ; auth_basic_user_file conf/htpasswd; } location ~ /\.ht { deny all; } } }
注意启动绑定的端口要和nginx 中的upstream 设置的端口保持一致。
负载均衡配置 网站在实际运营过程中,多半都是有多台服务器运行着同样的 app,这时需要使用负载均衡来分流
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 http { include /etc/nginx/mime.types; default_type application/octet-stream; access_log /var/log /nginx/access.log; upstream load_balance_server { server 192.168.1.11:80 weight=5; server 192.168.1.12:80 weight=1; server 192.168.1.13:80 weight=6; } server { listen 80; server_name www.helloworld.com; location / { root /root; index index.html index.htm; proxy_pass http://load_balance_server ; proxy_set_header Host $host ; proxy_set_header X-Real-IP $remote_addr ; proxy_set_header X-Forwarded-For $remote_addr ; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; client_max_body_size 10m; client_body_buffer_size 128k; } } }
多服务配置 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 http { upstream product_server{ server www.helloworld.com:8081; } upstream admin_server{ server www.helloworld.com:8082; } upstream finance_server{ server www.helloworld.com:8083; } server { location / { proxy_pass http://product_server; } location /product/{ proxy_pass http://product_server; } location /admin/ { proxy_pass http://admin_server; } location /finance/ { proxy_pass http://finance_server; } } }
HTTPS反向代理配置
HTTPS 的固定端口号是 443,不同于 HTTP 的 80 端口
SSL 标准需要引入安全证书,所以在 nginx.conf 中你需要指定证书和它对应的 key 其他和 http 反向代理基本一样,只是在 server 部分配置有些不同
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 server { listen 443 ssl; server_name www.helloworld.com; ssl_certificate cert.pem; ssl_certificate_key cert.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { root /root; index index.html index.htm; } }
静态站点配置 有时候,我们需要配置静态站点(即 html 文件和一堆静态资源) 比如本博客的技术栈,使用了Hexo作为博客的搭建工具,所有的静态资源都放在了 **/public 目录下,我们只需要在 nginx.conf 中指定首页以及这个站点的 host 即可
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 worker_processes 1 ; events { worker_connections 1024 ; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65 ; gzip on; gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/javascript image/jpeg image/gif image/png; gzip_vary on; server { listen 80 ; server_name yunzilla.com; location / { root /opt/hexo/public; index index.html; } } }
搭建文件服务器 使用 Nginx 可以非常快速便捷的搭建一个简易的文件服务。 配置要点:
将 autoindex 开启可以显示目录,默认不开启。
将 autoindex_exact_size 开启可以显示文件的大小。
将 autoindex_localtime 开启可以显示文件的修改时间。
root 用来设置开放为文件服务的根路径。
charset 设置为 charset utf-8,gbk;,可以避免中文乱码问题
1 2 3 4 5 6 7 8 9 10 11 autoindex on; autoindex_exact_size on; autoindex_localtime on; server { charset utf-8,gbk; listen 9050 default_server; listen [::]:9050 default_server; server_name _; root /share/fs; }
跨域 解决跨域问题一般有两种思路:CORS 在后端服务器设置 HTTP 响应头,把你需要运行访问的域名加入加入 Access-Control-Allow-Origin 中。JSONP 把后端根据请求,构造** json** 数据,并返回,前端用 jsonp 跨域。Nginx 根据第一种思路,也提供了一种解决跨域的解决方案
首先,在 **enable-cors.conf **文件中设置 cors :1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 set $ACAO '*' ;if ($http_origin ~* (www.helloworld.com)$) { set $ACAO $http_origin ; } if ($cors = "trueget" ) { add_header 'Access-Control-Allow-Origin' "$http_origin " ; add_header 'Access-Control-Allow-Credentials' 'true' ; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' ; add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type' ; } if ($request_method = 'OPTIONS' ) { set $cors "${cors} options" ; } if ($request_method = 'GET' ) { set $cors "${cors} get" ; } if ($request_method = 'POST' ) { set $cors "${cors} post" ; }
接下来,在你的服务器中** include enable-cors.conf** 来引入跨域配置:1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 upstream front_server{ server www.helloworld.com:9000; } upstream api_server{ server www.helloworld.com:8080; } server { listen 80 ; server_name www.helloworld.com; location ~ ^/api/ { include enable-cors.conf; proxy_pass http://api_server; rewrite "^/api/(.*)$" /$1 break; } location ~ ^/ { proxy_pass http://front_server; } }
** THE END.**