Nginx

Nginx 安装

yum install nginx
  • 关闭SELinux

    1. 临时关闭: setenforce 0
    2. 永久关闭: 修改/etc/selinux/config 文件,将SELINUX=enforcing改为SELINUX=disabled

    否则会导致在/var/log/nginx/error.log中出现类似 connect() to 127.0.0.1:10000 failed (13: Permission denied) while connecting to upstream 的错误

  • 配置文件默认路径:

    /etc/nginx/nginx.conf

  • 检查配置文件是否合法的命令:

    nginx -t

  • 重新加载配置文件

    nginx -s reload

  • 配置开机自启动

    chkconfig nginx on

配置https证书

  • 基本配置

 server {
        listen       443 ssl;
        server_name  ams.canacorp.net;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_certificate cert/server.crt;
        ssl_certificate_key cert/server.key;
        # 以下两行可以提高SSL性能
        ssl_session_cache shared:ssl:1024k;
        ssl_session_tickets on;

        location / {
            root   html;
            index  index.html index.htm;
        }

        location /tops-mediaserver {
                proxy_pass http://192.168.192.101:9993;
                proxy_set_header        Host              $http_host;
                proxy_set_header        X-Forwarded-By    $server_addr:$server_port;
                proxy_set_header        X-Forwarded-For   $remote_addr;
                proxy_set_header        X-Forwarded-Proto $scheme;
                proxy_set_header        X-Real-IP               $remote_addr;
                proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
                client_max_body_size    50m;
        }
    }
  • 如何将访问http请求重定向到https

server {
        listen       80;
        server_name  localhost;
        location /tops-mediaserver {
                return 301 https://$host$request_uri;
        }

        location /vbam-front-biz {
                return 301 https://$host$request_uri;
        }

       location /front {
                return 301 https://$host$request_uri;
        }
       }
  • 对文本文件做压缩

在server块之前打开压缩功能。


http {

    省略。。。
    # output compression saves bandwidth
    gzip  on;
    gzip_http_version 1.1;
    gzip_vary on;
    gzip_comp_level 6;
    gzip_proxied any;
    gzip_types text/plain text/html text/css application/json application/javascript application/x-javascript text/javascript text/xml application/xml application/rss+xml application/atom+xml application/rdf+xml;

    # make sure gzip does not lose large gzipped js or css files
    # see http://blog.leetsoft.com/2007/07/25/nginx-gzip-ssl.html
    gzip_buffers 16 8k;

    # Disable gzip for certain browsers.
    gzip_disable "MSIE [1-6].(?!.*SV1)";

results matching ""

    No results matching ""