简介
Nginx 是一个 HTTP Web 服务器、反向代理、 内容缓存、负载均衡器、 TCP/UDP 代理服务器、 和邮件代理服务器。
- Nginx 官网: https://nginx.org/
安装 Nginx
CentOS 9 下
Docker 方式安装
- 安装 Docker
- 进入云服务终端
- 操作命令:
1# 创建文件夹,用来存放 外部挂载文件
2mkdir /usr/local/src/nginx && cd /usr/local/src/nginx
3
4# 拉取 nginx 镜像
5docker pull nginx:alpine-slim
6
7# 把下面的需要 外部挂载 的文件,放到指定的 目录里:
8# ./conf/nginx.conf : 存放 Nginx 配置文件
9# ./conf/certs : 存放 Nginx SSL 证书文件
10# ./logs : 存放 Nginx 日志文件
11# ../ : 存放 Nginx 项目源代码
12
13# 创建并运行容器
14docker run -d --restart=always -p 80:80 -p 443:443 \
15-v ./conf/nginx.conf:/etc/nginx/nginx.conf \
16-v ./conf/certs:/etc/nginx/certs \
17-v ./logs:/var/log/nginx \
18-v /usr/local/src:/etc/nginx/html \
19--name nginx nginx:alpine-slim
外部挂载文件
Nginx 配置文件
- 位置: /usr/local/src/conf/nginx.conf
使用版本
nginx.conf
1worker_processes 1;
2
3events {
4 worker_connections 1024;
5}
6
7http {
8 include mime.types;
9 default_type application/octet-stream;
10
11 sendfile on;
12
13 keepalive_timeout 65;
14
15 proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=my_cache:100m inactive=60m max_size=1g use_temp_path=off;
16
17 # 开启gzip
18 gzip on;
19 gzip_types text/plain text/css application/json application/javascript text/xml application/xml;
20 gzip_min_length 1024; # 设置最小压缩数据大小,小于该值的数据将不进行压缩
21 gzip_comp_level 5; # 设置压缩级别,1 为最快压缩,9 为最高压缩率(建议设置为 4~6)
22
23 gzip_buffers 16 8k; # 设置用于存储压缩数据的缓冲区数量和大小
24 gzip_http_version 1.1; # 仅对支持 HTTP/1.1 或更高版本的客户端启用 Gzip 压缩
25 gzip_vary on; # 启用 Vary 响应头,告知缓存代理服务器对不同编码方式进行缓存分离处理
26 gzip_static on; # 启用对预生成 .gz 文件的直接传输支持,减少服务器实时压缩负担
27 gzip_disable "msie6"; # 禁用对特定客户端(如 IE6)的 Gzip 支持,避免兼容性问题
28 gzip_proxied any; # 指定在代理场景下是否启用压缩(如 any 表示对所有请求启用压缩)
29
30
31 upstream blog_server {
32 ip_hash;
33 server 172.17.0.1:81 max_fails=3 fail_timeout=30s;
34
35 keepalive 32; # 保持连接数,减少每次请求的连接开销
36
37 # max_fails 服务器失败的最大次数
38 # fail_timeout 每台服务器失败的超时时间
39 }
40
41 upstream twikoo_server {
42 ip_hash;
43 server 172.17.0.1:82 max_fails=3 fail_timeout=30s;
44
45 keepalive 32;
46 }
47
48 server {
49 listen 80;
50 server_name blog.climbtw.com climbtw.com www.climbtw.com;
51 # rewrite ^(.*)$ https://$server_name$1 permanent; # permanent,301 永久重定向,更新 url
52 return 301 https://$server_name$request_uri; # 重定向使用 return 效率更高
53 }
54
55 # 通过 ip 访问的话,优先匹配 显式标记为 default_server 的 server,如果没有则 使用第一个 server
56 # 这里设置下,通过 ip 访问的话,跳到博客容器
57 server {
58 listen 80 default_server;
59 server_name blog.climbtw.com;
60 # rewrite ^(.*)$ https://$server_name$1 permanent; # permanent,301 永久重定向,更新 url
61 return 301 https://$server_name$request_uri; # 重定向使用 return 效率更高
62 }
63
64 server {
65 listen 443 ssl;
66 server_name blog.climbtw.com;
67
68 ssl_certificate /etc/nginx/certs/blog.climbtw.com_bundle.pem;
69 ssl_certificate_key /etc/nginx/certs/blog.climbtw.com.key;
70
71 ssl_session_cache shared:SSL:1m;
72
73 ssl_session_timeout 5m;
74 # 请按照以下协议配置
75 ssl_protocols TLSv1.2 TLSv1.3;
76 # 请按照以下套件配置,配置加密套件,写法遵循 openssl 标准。
77 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
78 ssl_prefer_server_ciphers on;
79
80 # 系统临时维护
81 # rewrite ^(.*)$ /maintainace.html break; # break,地址栏 url 不变
82 # location = /maintainace.html {
83 # root /etc/nginx/html/nginx/html;
84 # }
85
86 # location / {
87 # root /etc/nginx/html/blog/public;
88 # # try_files $uri $uri/ /index.html; # 解决单页应用 history 路由 404 的问题
89 # index index.html index.htm;
90 # }
91
92 # 反向代理
93 location / {
94 proxy_pass http://blog_server;
95
96 proxy_cache my_cache;
97 proxy_set_header Host $host;
98 proxy_set_header X-Real-IP $remote_addr;
99 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
100 proxy_set_header X-Forwarded-Proto $scheme;
101 }
102
103 error_page 500 502 503 504 /50x.html;
104 location = /50x.html {
105 root /etc/nginx/html/nginx/html;
106 }
107
108 # error_page 404 /404.html;
109 # location = /404.html {
110 # root /etc/nginx/html/blog/public;
111 # }
112 }
113
114 server {
115 listen 443 ssl;
116 server_name twikoo.climbtw.com;
117
118 ssl_certificate /etc/nginx/certs/twikoo.climbtw.com_bundle.pem;
119 ssl_certificate_key /etc/nginx/certs/twikoo.climbtw.com.key;
120
121 ssl_session_cache shared:SSL:1m;
122
123 ssl_session_timeout 5m;
124 # 请按照以下协议配置
125 ssl_protocols TLSv1.2 TLSv1.3;
126 # 请按照以下套件配置,配置加密套件,写法遵循 openssl 标准。
127 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
128 ssl_prefer_server_ciphers on;
129
130 # 系统临时维护
131 # rewrite ^(.*)$ /maintainace.html break; # break,地址栏 url 不变
132 # location = /maintainace.html {
133 # root /etc/nginx/html/nginx/html;
134 # }
135
136 # 反向代理
137 location / {
138 proxy_pass http://twikoo_server;
139
140 proxy_cache my_cache;
141 proxy_set_header Host $host;
142 proxy_set_header X-Real-IP $remote_addr;
143 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
144 proxy_set_header X-Forwarded-Proto $scheme;
145 }
146
147 error_page 500 502 503 504 /50x.html;
148 location = /50x.html {
149 root /etc/nginx/html/nginx/html;
150 }
151 }
152
153 server {
154 listen 443 ssl;
155 server_name climbtw.com www.climbtw.com;
156
157 ssl_certificate /etc/nginx/certs/climbtw.com_bundle.pem;
158 ssl_certificate_key /etc/nginx/certs/climbtw.com.key;
159
160 ssl_session_cache shared:SSL:1m;
161
162 ssl_session_timeout 5m;
163 #请按照以下协议配置
164 ssl_protocols TLSv1.2 TLSv1.3;
165 #请按照以下套件配置,配置加密套件,写法遵循 openssl 标准。
166 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
167 ssl_prefer_server_ciphers on;
168
169 # 系统临时维护
170 # rewrite ^(.*)$ /maintainace.html break; # break,地址栏 url 不变
171 # location = /maintainace.html {
172 # root /etc/nginx/html/nginx/html;
173 # }
174
175 location / {
176 root /etc/nginx/html/climbtw;
177 index index.html index.htm;
178 }
179
180 error_page 500 502 503 504 /50x.html;
181 location = /50x.html {
182 root /etc/nginx/html/nginx/html;
183 }
184 }
185}
初始化版本备份
nginx.conf
1#user nobody;
2worker_processes 1;
3
4#error_log logs/error.log;
5#error_log logs/error.log notice;
6#error_log logs/error.log info;
7
8#pid logs/nginx.pid;
9
10
11events {
12 worker_connections 1024;
13}
14
15
16http {
17 include mime.types;
18 default_type application/octet-stream;
19
20 #log_format main '$remote_addr - $remote_user [$time_local] "$request" '
21 # '$status $body_bytes_sent "$http_referer" '
22 # '"$http_user_agent" "$http_x_forwarded_for"';
23
24 #access_log logs/access.log main;
25
26 sendfile on;
27 #tcp_nopush on;
28
29 #keepalive_timeout 0;
30 keepalive_timeout 65;
31
32 #gzip on;
33
34 server {
35 listen 80;
36 server_name localhost;
37
38 #charset koi8-r;
39
40 #access_log logs/host.access.log main;
41
42 location / {
43 root html;
44 index index.html index.htm;
45 }
46
47 #error_page 404 /404.html;
48
49 # redirect server error pages to the static page /50x.html
50 #
51 error_page 500 502 503 504 /50x.html;
52 location = /50x.html {
53 root html;
54 }
55
56 # proxy the PHP scripts to Apache listening on 127.0.0.1:80
57 #
58 #location ~ \.php$ {
59 # proxy_pass http://127.0.0.1;
60 #}
61
62 # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
63 #
64 #location ~ \.php$ {
65 # root html;
66 # fastcgi_pass 127.0.0.1:9000;
67 # fastcgi_index index.php;
68 # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
69 # include fastcgi_params;
70 #}
71
72 # deny access to .htaccess files, if Apache's document root
73 # concurs with nginx's one
74 #
75 #location ~ /\.ht {
76 # deny all;
77 #}
78 }
79
80
81 # another virtual host using mix of IP-, name-, and port-based configuration
82 #
83 #server {
84 # listen 8000;
85 # listen somename:8080;
86 # server_name somename alias another.alias;
87
88 # location / {
89 # root html;
90 # index index.html index.htm;
91 # }
92 #}
93
94
95 # HTTPS server
96 #
97 #server {
98 # listen 443 ssl;
99 # server_name localhost;
100
101 # ssl_certificate cert.pem;
102 # ssl_certificate_key cert.key;
103
104 # ssl_session_cache shared:SSL:1m;
105 # ssl_session_timeout 5m;
106
107 # ssl_ciphers HIGH:!aNULL:!MD5;
108 # ssl_prefer_server_ciphers on;
109
110 # location / {
111 # root html;
112 # index index.html index.htm;
113 # }
114 #}
115
116}
SSL 证书文件
- 从 云服务商 获取:
系统维护页面文件
- 位置: /usr/local/src/nginx/html/maintainace.html
maintainace.html
1<!DOCTYPE html>
2<html lang="zh-cn">
3<head>
4 <meta charset="UTF-8">
5 <meta name="viewport" content="width=device-width, initial-scale=1.0">
6 <title>系统维护</title>
7</head>
8<body>
9 <h1>系统维护中</h1>
10</body>
11</html>
index页面文件 初始化版本备份
- 位置: /usr/local/src/nginx/html/index.html
index.html
1<!DOCTYPE html>
2<html>
3<head>
4<title>Welcome to nginx!</title>
5<style>
6html { color-scheme: light dark; }
7body { width: 35em; margin: 0 auto;
8font-family: Tahoma, Verdana, Arial, sans-serif; }
9</style>
10</head>
11<body>
12<h1>Welcome to nginx!</h1>
13<p>If you see this page, the nginx web server is successfully installed and
14working. Further configuration is required.</p>
15
16<p>For online documentation and support please refer to
17<a href="http://nginx.org/">nginx.org</a>.<br/>
18Commercial support is available at
19<a href="http://nginx.com/">nginx.com</a>.</p>
20
21<p><em>Thank you for using nginx.</em></p>
22</body>
23</html>
50x页面文件 初始化版本备份
- 位置: /usr/local/src/nginx/html/50x.html
50x.html
1<!DOCTYPE html>
2<html>
3<head>
4<title>Error</title>
5<style>
6html { color-scheme: light dark; }
7body { width: 35em; margin: 0 auto;
8font-family: Tahoma, Verdana, Arial, sans-serif; }
9</style>
10</head>
11<body>
12<h1>An error occurred.</h1>
13<p>Sorry, the page you are looking for is currently unavailable.<br/>
14Please try again later.</p>
15<p>If you are the system administrator of this resource then you should check
16the error log for details.</p>
17<p><em>Faithfully yours, nginx.</em></p>
18</body>
19</html>
「 您的咖啡能让我写出少 Bug 的代码 ☕️ ~ 」
「 会出现在赞赏名单中哦 ~ 」
您的咖啡能让我写出少 Bug 的代码 ☕️ ~
使用 微信 扫描二维码完成支付
