centos7安装配置nginx

先安装依赖

安装依赖之前最好先执行下update

yum update

yum install gcc gcc-c++ pcre pcre-devel zlib zlib-devel openssl openssl-devel -y

cd /usr/local/nginx

wget http://nginx.org/download/nginx-1.18.0.tar.gz

tar -zxvf nginx-1.18.0.tar.gz

cd /usr/local/nginx/nginx-1.18.0

执行三个命令：

./configure

make

make install

/usr/local/nginx/sbin/nginx -V如果报错没有nginx命令说明没有配置nginx的环境变量

打开/etc/profile

vi /etc/profile

在最后一行 追加下面配置(ESC :wq 保存退出)

export PATH=$PATH:/usr/local/nginx/sbin

执行source /etc/profile使配置生效，就可以用nginx命令了

配置开机自启动

vi /lib/systemd/system/nginx.service

复制以下内容保存（按ESC后:wq保存退出）

[Unit]
Description=nginx service
After=network.target

[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s quit
PrivateTmp=true

[Install]
WantedBy=multi-user.target

设置开机自启动

systemctl enable nginx

启动、查看状态、重启nginx，指令3件套

systemctl start nginx
systemctl status nginx
systemctl restart nginx

阿里云SSL证书配置

把阿里云申请的证书放到目录 /data/cert 或者/usr/local/nginx/conf/cert (路径自己指定)

注意：服务器安全组要开启80/443端口

vi /usr/local/nginx/conf/nginx.conf

增加配置，把下面的www.yuming.com改成自己的域名

    server {
        listen       80;
        server_name  www.yuming.com;
        return       301 https://$server_name$request_uri;
    }
    server {
        listen       443 ssl;   # nginx1.15之后用这个语法,老的语法是ssl on;
        server_name  wwww.yuming.com;
        ssl_certificate   /data/cert/www.yuming.com.pem;
        ssl_certificate_key  /data/cert/www.yuming.com.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_prefer_server_ciphers on;
        location / {
            client_max_body_size 12m;  # 设置请求头大小
            proxy_set_header Host $http_host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Real-Ip $remote_addr;
            proxy_set_header X-NginX-Proxy true;
            proxy_pass http://localhost:8001;
            proxy_redirect off;
        }
    }

腾讯云SSL证书配置

基本和阿里云差不多，在ssl_ciphers处有差异
注意：服务器安全组要开启80/443端口，申请证书的二级域名要和绑定的域名一致，如下例：service，否则会有不安全的警告

    server {
        listen       80;
        server_name  service.yuming.com;
        return       301 https://$server_name$request_uri;
    }
    server {
        listen       443 ssl;  # nginx1.15之后用这个语法,老的语法是ssl on;
        server_name  service.yuming.com;
        ssl_certificate   /data/cert/1_service.yuming.com_bundle.crt;
        ssl_certificate_key  /data/cert/2_service.yuming.com.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;        
        ssl_prefer_server_ciphers on;
        location / {
            client_max_body_size 12m;  # 设置请求头大小
            proxy_set_header Host $http_host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Real-Ip $remote_addr;
            proxy_set_header X-NginX-Proxy true;
            proxy_pass http://localhost:8081;
            proxy_redirect off;
        }
    }

Nginx其他配置

1、配置静态文件访问，autoindex on可以设置为开启索引，可自行设置

    server {
        listen       80;
        server_name  pic.yuming.com;
        charset    utf-8;
        location / {
          # 配置静态目录
          root /data/upimgs;
          autoindex off;              # on显示资源目录，off不显示
          autoindex_exact_size off;   # on以bytes显示大小，off以KB、MB、GB显示文件大小
          autoindex_format html;      # 以html的方式进行格式化，可选参数有 html | json | xml
          autoindex_localtime off;    # 显示的⽂件时间为⽂件的服务器时间。默认为off，显示的⽂件时间为GMT时间
        }
    }

2、nginx限制ip访问 + 反向代理

    server {
        listen       80;                    #监听端口
        server_name  api.yuming.com;    #域名
        #自定义变量
        set $serverip $server_addr; # 服务器地址放在变量里，避免重复取

        #allow 61.18.22.155;        # 限制固定ip访问
        #allow 61.18.22.0/24;       # 0/24意思是ip的前3段一致,值范围[8,16,24]
        #deny all;                  # 拒绝所有的
        
        location / {
          root /data/website/goapp/dist;    # 配置静态目录
          index index.html;                 # 配置默认首页
          try_files $uri $uri/ /index.html; # 解决刷新问题
        }
        location /api {
          client_max_body_size 12m;                     #此处修改上传文件大小限制
          proxy_pass http://127.0.0.1:8083;             #反向代理地址+端口

          proxy_set_header Host $http_host;             #设置Host
          proxy_set_header X-Real-Ip $remote_addr;      #设置客户端远程地址
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header X-Server-Ip $serverip;       #设置服务器内网地址
          proxy_set_header X-NginX-Proxy true;		

          # 下面暂时没啥用
          set_real_ip_from 0.0.0.0/0;		            #从哪个信任前代理处获得真实用户ip
          real_ip_header  X-Forwarded-For;   		    #接收到报文的哪个http首部去获取前代理传送的用户ip
          real_ip_recursive   on;             		  #是否递归地排除直至得到用户ip（默认为off）
        }
    }

nginx加websocket配置

      location /ws {
             proxy_http_version 1.1;
             proxy_pass http://localhost:8009;
             proxy_set_header Upgrade $http_upgrade;
             proxy_set_header Connection "upgrade";          
        }