Nginx常用脚本
Nginx一些部署时用到的脚本,记录一下,方便部署的时候复制粘贴^_^
安装&运行
yum install -y nginx systemctl start nginx systemctl stop nginx systemctl restart nginx
nginx代理前端页面配置
upstream api_server { server 127.0.0.1:8081; } server { listen 8888; server_name localhost; root /home/front/dist; location / { try_files $uri $uri/ /index.html; } location ^~ /api/ { proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_max_temp_file_size 0; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; rewrite ^/api/(.*)$ /$1 break; proxy_pass http://api_server; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } server { listen 80; server_name yourdomain; location / { proxy_pass http://127.0.0.1:8888; } }
常用参数
/usr/local/nginx/sbin/nginx -参数
参数说明
- -c
:使用指定的配置文件而不是 conf 目录下的 nginx.conf 。 - -t:测试配置文件是否正确,在运行时需要重新加载配置的时候,此命令非常重要,用来检测所修改的配置文件是否有语法错误。
- -s reload 重启
- -s stop 停止
免费证书
安装 Certbot
sudo yum install certbot python2-certbot-nginx自动安装证书并配置nginx
这里执行时,按照提示,填入相应的信息即可sudo certbot --nginx或者只获取证书,自己手动配置nginx
sudo certbot certonly --nginx设置自动续订
echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew -q" | sudo tee -a /etc/crontab > /dev/null通过https访问网站确定已经配置成功
https://your_domain_name/查看自动配置的nginx.conf文件
cat /etc/nginx/nginx.confserver { server_name your_domain_name; location / { proxy_pass http://127.0.0.1:8888; } listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/your_domain_name/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/your_domain_name/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot }
解决前端跨域
配置
user nginx; worker_processes auto; error_log /var/log/nginx/error.log notice; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; #tcp_nopush on; keepalive_timeout 65; #gzip on; include /etc/nginx/conf.d/*.conf; # 添加以下代码 server{ listen 80; server_name 10.66.38.175; location /{ # 转发的前端地址 proxy_pass http://10.66.38.175:8082; } location /api{ # 转发的后端接口地址 proxy_pass http://192.168.10.27:8088/api; } } # 示例2 server{ listen 5557; server_name 10.66.38.175; location /{ proxy_pass http://10.66.38.175:5556; } location /api{ proxy_pass http://192.168.10.27:8088/api; } } }
Docker启动Nginx
docker run --name nginx-container -v /Users/atom/DevelopEnv/nginx/config/nginx.conf:/etc/nginx/nginx.conf:ro -p 8989:80 -p 5557:5557 -d nginx
常见问题
nginx启动报错:nginx: [emerg] bind() to 0.0.0.0:xxxx failed (13: Permission denied)
第一种情况:端口小于1024,如:nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)小于1024的端口需要root权限启动,加上sudo即可
第二种情况,端口大于1024,如:nginx: [emerg] bind() to 0.0.0.0:8888 failed (13: Permission denied)首先查看http允许访问的端口:
semanage port -l | grep http_port_thttp_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000 pegasus_http_port_t tcp 5988发现我们的端口不在里面,添加上去
semanage port -a -t http_port_t -p tcp 8888然后启动nginx
sudo systemctl start nginx403 Forbidden
selinux状态是开启的状态导致nginx 403
- 查看
selinux状态/usr/sbin/sestatus - 修改
selinux状态vi /etc/selinux/config#SELINUX=enforcing SELINUX=disabled - 保存重启
reboot
Gitalking ...