Nginx常用脚本
Nginx一些部署时用到的脚本,记录一下,方便部署的时候复制粘贴^_^
安装&运行
yum install -y nginx
systemctl start nginx
systemctl stop nginx
systemctl restart nginxnginx代理前端页面配置
upstream api_server {
server 127.0.0.1:8081;
}
server {
listen 8888;
server_name localhost;
root /home/front/dist;
location / {
try_files $uri $uri/ /index.html;
}
location ^~ /api/ {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_max_temp_file_size 0;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
rewrite ^/api/(.*)$ /$1 break;
proxy_pass http://api_server;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 80;
server_name yourdomain;
location / {
proxy_pass http://127.0.0.1:8888;
}
}常用参数
/usr/local/nginx/sbin/nginx -参数参数说明
- -c
:使用指定的配置文件而不是 conf 目录下的 nginx.conf 。 - -t:测试配置文件是否正确,在运行时需要重新加载配置的时候,此命令非常重要,用来检测所修改的配置文件是否有语法错误。
- -s reload 重启
- -s stop 停止
免费证书
安装 Certbot
sudo yum install certbot python2-certbot-nginx自动安装证书并配置nginx
这里执行时,按照提示,填入相应的信息即可sudo certbot --nginx或者只获取证书,自己手动配置nginx
sudo certbot certonly --nginx设置自动续订
echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew -q" | sudo tee -a /etc/crontab > /dev/null通过https访问网站确定已经配置成功
https://your_domain_name/查看自动配置的nginx.conf文件
cat /etc/nginx/nginx.confserver { server_name your_domain_name; location / { proxy_pass http://127.0.0.1:8888; } listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/your_domain_name/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/your_domain_name/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot }
解决前端跨域
配置
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
# 添加以下代码
server{
listen 80;
server_name 10.66.38.175;
location /{
# 转发的前端地址
proxy_pass http://10.66.38.175:8082;
}
location /api{
# 转发的后端接口地址
proxy_pass http://192.168.10.27:8088/api;
}
}
# 示例2
server{
listen 5557;
server_name 10.66.38.175;
location /{
proxy_pass http://10.66.38.175:5556;
}
location /api{
proxy_pass http://192.168.10.27:8088/api;
}
}
}Docker启动Nginx
docker run --name nginx-container -v /Users/atom/DevelopEnv/nginx/config/nginx.conf:/etc/nginx/nginx.conf:ro -p 8989:80 -p 5557:5557 -d nginx常见问题
nginx启动报错:nginx: [emerg] bind() to 0.0.0.0:xxxx failed (13: Permission denied)
第一种情况:端口小于1024,如:nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)小于1024的端口需要root权限启动,加上sudo即可
第二种情况,端口大于1024,如:nginx: [emerg] bind() to 0.0.0.0:8888 failed (13: Permission denied)首先查看http允许访问的端口:
semanage port -l | grep http_port_thttp_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000 pegasus_http_port_t tcp 5988发现我们的端口不在里面,添加上去
semanage port -a -t http_port_t -p tcp 8888然后启动nginx
sudo systemctl start nginx403 Forbidden
selinux状态是开启的状态导致nginx 403
- 查看
selinux状态/usr/sbin/sestatus - 修改
selinux状态vi /etc/selinux/config#SELINUX=enforcing SELINUX=disabled - 保存重启
reboot