Nginx
Nginx 安装
yum install nginx
关闭SELinux
- 临时关闭: setenforce 0
- 永久关闭: 修改/etc/selinux/config 文件,将SELINUX=enforcing改为SELINUX=disabled
否则会导致在/var/log/nginx/error.log中出现类似
connect() to 127.0.0.1:10000 failed (13: Permission denied) while connecting to upstream的错误
配置文件默认路径:
/etc/nginx/nginx.conf检查配置文件是否合法的命令:
nginx -t重新加载配置文件
nginx -s reload配置开机自启动
chkconfig nginx on
配置https证书
- 基本配置
server {
listen 443 ssl;
server_name ams.canacorp.net;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate cert/server.crt;
ssl_certificate_key cert/server.key;
# 以下两行可以提高SSL性能
ssl_session_cache shared:ssl:1024k;
ssl_session_tickets on;
location / {
root html;
index index.html index.htm;
}
location /tops-mediaserver {
proxy_pass http://192.168.192.101:9993;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-By $server_addr:$server_port;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
client_max_body_size 50m;
}
}
- 如何将访问http请求重定向到https
server {
listen 80;
server_name localhost;
location /tops-mediaserver {
return 301 https://$host$request_uri;
}
location /vbam-front-biz {
return 301 https://$host$request_uri;
}
location /front {
return 301 https://$host$request_uri;
}
}
- 对文本文件做压缩
在server块之前打开压缩功能。
http {
省略。。。
# output compression saves bandwidth
gzip on;
gzip_http_version 1.1;
gzip_vary on;
gzip_comp_level 6;
gzip_proxied any;
gzip_types text/plain text/html text/css application/json application/javascript application/x-javascript text/javascript text/xml application/xml application/rss+xml application/atom+xml application/rdf+xml;
# make sure gzip does not lose large gzipped js or css files
# see http://blog.leetsoft.com/2007/07/25/nginx-gzip-ssl.html
gzip_buffers 16 8k;
# Disable gzip for certain browsers.
gzip_disable "MSIE [1-6].(?!.*SV1)";