本文为系列文章,该系列主要包含如何一步步在Linux上搭建项目。主要分为如何在
Linux下如何配置nginx等。
文章目录
一、在配置前首先确保正确安装nginx
具体步骤请看:Linux下安装nginx
二、配置nginx规则
1.建立文件目录层次
适用于域名的多项目配置,首先需要在 /usr/local/nginx/conf 中新建一个文件夹,存放相对的域名nginx配置的重写规则。
如果对Linux操作命令不太熟悉的小伙伴,可以下载Xhell+ftp,有免费的社区版,对于初学者很友好。
在 /usr/local/nginx/conf 中新建一个文件夹hosts,里面会放每一个项目的具体配置规则,而在nginx.conf中会放公共的配置规则
如下,hosts下放着项目的配置规则
2.更改nginx.conf中的规则
公共规则:
user www;
worker_processes auto;
error_log /data/logs/nginx/error/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /data/logs/nginx/access/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
gzip on;
# 隐藏WEB语言框架
proxy_hide_header X-Powered-By;
# 隐藏NGINX版本号
server_tokens off;
# 请求体限制大小
client_max_body_size 1000m;
# 添加real_ip配置
set_real_ip_from 100.0.0.0/8; # 必须是 SLB 的内网 IP eg : 100.97.15.0/24
real_ip_header X-Forwarded-For;
# 多层加头,暂时不考虑
# real_ip_recursive on;
include hosts/*.conf;
}
3.在 /hosts 中再配置 项目的server规则
基于http访问的
- 后端项目
server {
listen 80;
# 你请求的网址
server_name www.****.com;
# 指向项目的启动路径
root /data/www/depu/server/public;
index index.php index.html index.htm;
# 添加请求头,防止跨域
add_header Access-Control-Allow-Origin "*";
add_header Access-Control-Allow-Headers "DNT,X-Requested-With,X-CSRF-TOKEN,Authorization,Content-Type";
add_header Access-Control-Allow-Methods "GET,POST,PUT,DELETE,OPTIONS";
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php?.*$
{
# 指向项目的启动路径
root /data/www/depu/server/public;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include /usr/local/nginx/conf/fastcgi.conf;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
access_log /data/logs/nginx/access/server.log;
error_log /data/logs/nginx/error/server.log;
}
- 前端项目
server {
listen 80;
server_name www.baidu.cc;
add_header Access-Control-Allow-Origin "*";
add_header Access-Control-Allow-Headers "DNT,X-Requested-With,X-CSRF-TOKEN,Authorization,Content-Type";
add_header Access-Control-Allow-Methods "GET,POST,PUT,DELETE,OPTIONS";
location / {
index index.htm index.html index.php;
root /data/www/baidu/wap;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
access_log /data/logs/nginx/access/wap.log;
error_log /data/logs/nginx/error/wap.log;
}
基于https访问的,需要ssl证书,请注意证书放置的位置,如何申请请查看我的另一篇文章,Lets Encrypt永久免费SSL证书
- 后端php项目
server{
listen 80;
server_name server.baidu.cc;
rewrite ^/(.*) https://server.baidu.cc/$1 permanent;
}
server {
listen 443 ssl;
# 你请求的网址
server_name server.baidu.cc;
# ssl on;
ssl_certificate /etc/letsencrypt/live/baidu.cc/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/baidu.cc/privkey.pem;
# ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
# ssl_prefer_server_ciphers on;
# 指向项目的启动路径
root /data/www/baidu/server/public;
index index.php index.html index.htm;
# 添加请求头,防止跨域
add_header Access-Control-Allow-Origin "*";
add_header Access-Control-Allow-Headers "DNT,X-Requested-With,X-CSRF-TOKEN,Authorization,Content-Type";
add_header Access-Control-Allow-Methods "GET,POST,PUT,DELETE,OPTIONS";
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php?.*$
{
# 指向项目的启动路径
root /data/www/baidu/server/public;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include /usr/local/nginx/conf/fastcgi.conf;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
access_log /data/logs/nginx/access/baidu-server.log;
error_log /data/logs/nginx/error/baidu-server.log;
}
- 前端项目
server {
listen 80;
server_name www.baidu.cc;
rewrite ^/(.*) https://www.baidu.cc/$1 permanent;
}
server {
listen 443 ssl;
server_name www.baidu.cc;
# ssl on;
ssl_certificate /etc/letsencrypt/live/baidu.cc/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/baidu.cc/privkey.pem;
# ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
# ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
# 证书校验域名dns服务器
#resolver 8.8.8.8 8.8.4.4 216.146.35.35 216.146.36.36 valid=600s;
# 禁用不安全的HTTP方法 [(GET|HEAD|POST|OPTIONS|DELETE|PUT)]
if ($request_method !~ ^(GET|POST|PUT|DELETE|OPTIONS)$ ) {
return 444;
}
# 隐藏 WEB 语言或框架
proxy_hide_header X-Powered-By;
# 掩藏NGINX版本号
server_tokens off;
# 强制转换为 https
# add_header Strict-Transport-Security "max-age=31536000";
# 不允许 iframe 嵌套
# add_header X-Frame-Options deny;
add_header Access-Control-Allow-Origin "*";
add_header Access-Control-Allow-Headers "DNT,X-Requested-With,X-CSRF-TOKEN,Authorization,Content-Type";
add_header Access-Control-Allow-Methods "GET,POST,PUT,DELETE,OPTIONS";
location / {
index index.htm index.html index.php;
root /data/www/baidu/wap;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
access_log /data/logs/nginx/access/baidu-wap.log;
error_log /data/logs/nginx/error/baidu-wap.log;
}
在文件修改保存完毕后,进入nginx / sbin /
首先检查配置文件有没有错误
[root@iZbp14e0 sbin]# ./nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
出现2,3的提示即为正确,然后再运行nginx重启命令
./nginx -s reload
然后刷新页面,即可访问到 你配置的域名
总结
提示:如果需要再新加项目,只需要再hosts/下新建一个配置项规则,将指向的项目路径更换,以及所使用的域名地址。
如果在配置中,出现错误,一定要去查看日志,通过日志的报错信息,会解决掉很多的问题,例如权限等问题。找到问题后,再去解决就很快了。