安装nginx
sudo yum install nginx
确认ngnix配置位置
使用以下shell确认nginx启动脚本,例如/sbin/nginx
ps -aux | grep nginx
执行如下命令可以确定nginx的配置文件所在位置
/sbin/nginx -t
设置nginx的配置
配置http和https正式
server
{
listen 80;
server_name example.com;
return 301 https://$host$request_uri; # 强制https
}
server
{
listen 443 ssl http2;
server_name example.com;
ssl_certificate /your_cert_directory/your.crt;
ssl_certificate_key /your_cert_directory/your.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_session_cache builtin:1000 shared:SSL:10m;
root /your_app_root_directory;
index index.html;
access_log /log_directory/access.log;
}
# 代理
server
{
listen 80;
server_name sub.example.com;
return 301 https://$host$request_uri; # 强制https
}
server
{
listen 443 ssl http2;
server_name sub.example.com;
ssl_certificate /your_cert_directory/your.crt;
ssl_certificate_key /your_cert_directory/your.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_session_cache builtin:1000 shared:SSL:10m;
location / {
proxy_pass http://proxy.example.com; # http://proxy.example.com为代理host地址
proxy_set_header Host $proxy_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffer_size 64k; # 解决post body size问题
proxy_buffers 4 32k; # 解决post body size问题
proxy_busy_buffers_size 64k; # 解决post body size问题
}
access_log /log_directory/access.log;
}
启动nginx
service nginx restart
查看nginx运行状态
systemctl status nginx.service