1. Installation
Direct installation
yum install nginx –y
If the yum source is missing, update the yum source as follows [not tested]
vim /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/\$releasever/\$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
yum list
2. Static resources
1. Easy to use
# 默认配置,监听 80 端口,请求到 "/usr/share/nginx/html;"
server {
listen 80;
listen [::]:80;
server_name _;
root /usr/share/nginx/html;
include /etc/nginx/default.d/*.conf;
error_page 404 /404.html;
location = /404.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
# 手动配置,监听 8080 端口,请求到 "/app/index.html"
server {
listen 8080;
server_name 8080_server;
location / {
root /app;
index index.html;
}
}
2. listen 和 server_name
| listen | server_name |
|---|---|
Listening address, which can be[ip]:port |
The customized name only serves as an identifier. If the identifiers of multiple servers are repeated, no error will be reported, but will be directly overwritten according to the priority. |
3. location parameter
Acts as a mapping to map the request path to the target resource
# 请求路径 ---> 目标资源
# http://domain ---> /app/index.html
server {
listen 80;
server_name index_server;
location / {
root /app;
index index.html; # 如果请求路径为 http://www.bugu-blog.top,则请求会被映射到 "/app/index.html"
}
}
# 请求路径 ---> 目标资源
# http://domain:8081/css/common.css ---> /app/css/common.css
server {
listen 8081;
server_name css_server;
location /css {
root /app;
}
}
# 请求路径 ---> 目标资源
# http://domain:8082/images/a.png ---> /app/images/a.png
server {
listen 8082;
server_name image_server;
location /images {
root /app;
}
}
4. Report error [403 forbidden]
This is probably because the directory set by the root parameter does not have enough access rights. Be careful not to configure the root directory to
/or/root
3. Reverse proxy
1. Forward proxy and reverse proxy
The difference between positive and negative agency depends on who
nginxis with and who it represents
nginxAccess the server on behalf of the client. The client clearly knows that nginx is on its side, which is a forward proxy.
nginxhandles client requests on behalf of the server. The client does not know that it is requestingnginx, which is a reverse proxy
2. proxy_pass parameter
Function: perform HTTP proxy and forward requests
- If the address of
proxy-passis only configured to the port and does not contain/or other paths, thenlocationwill be appended to the forwarding address- If the address of
proxy-passincludes/or other paths, thenlocationwill beproxy-passParameter replacement after the addressproxy_passmust be followed by/, otherwise an error will occur, and be careful to configure the proxy resolution of the target address
Append
locationto the forwarding address
http://www.bugu-blog.top:8001/index.html ---> http://www.bugu-blog.top:8080/index.html
server {
listen 8001;
location / {
proxy_pass http://www.bugu-blog.top:8080;
}
}
Append
locationto the forwarding address
http://www.bugu-blog.top:8002/a/b/index.html ---> http://www.bugu-blog.top:8080/a/b/index.html
server {
listen 8002;
location /a/b {
proxy_pass http://www.bugu-blog.top:8080;
}
}
Replace
locationwith the parameter after the forwarding address
http://www.bugu-blog.top:8003/a/b/index.html ---> http://www.bugu-blog.top:8080/index.html
server {
listen 8003;
location /a/b {
proxy_pass http://www.bugu-blog.top:8080/;
}
}
Replace
locationwith the parameter after the forwarding address
http://www.bugu-blog.top:8004/index.html ---> http://www.bugu-blog.top:8080/a/b/index.html
server {
listen 8004;
location / {
proxy_pass http://www.bugu-blog.top:8080/a/b/;
}
}
Replace
locationwith the parameter after the forwarding address
http://www.bugu-blog.top:8005/a/b/index.html ---> http://www.bugu-blog.top:8080/c/index.html
server {
listen 8005;
location /a/b {
proxy_pass http://www.bugu-blog.top:8080/c/;
}
}
3. Set proxy request headers [not tested]
Users can redefine or append header information to pass to the backend server. Can contain text, variables, and combinations thereof. By default, only two fields are redefined:
# 设置 nginx 的主机地址为 proxy_pass 里配置的主机名和端口
proxy_set_header Host $proxy_host;
proxy_set_header Connection close;
Since the back-end service cannot obtain the user's real IP after using a reverse proxy, generally the reverse proxy will set the following header information
location /some/path/ {
# 设置 nginx 的主机地址为 nginx 主机 IP 和端口
proxy_set_header Host $http_host;
# 设置用户端真实的 IP,即客户端 IP 为用户的真实 IP,即客户端 IP
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8088;
}
4. Load balancing
upstreamin the context ofhttp, alongsideserver, not withinserverupstreamserverattribute inside , the syntax format isip/domain:port [weight= max_fails=3 fail_timeout=30s]
# 1. 监听 80 端口,监听客户端的访问,将请求代理到 "http://XXXXXXXXX"
server {
listen 80;
location / {
proxy_pass http://XXXXXXXXX;
}
}
# 2. 接收代理过来的请求,根据机制转发到对应的服务器
upstream XXXXXXXXX {
# round-robin # 默认采用轮循机制,所以可以省略不写
# least-connected # 将下一个请求分配给活动连接数最少的服务器(较为空闲的服务器)
# ip_hash # 客户端的 IP 地址将用作哈希键,来自同一个ip的请求会被转发到相同的服务器
# 其他机制
server 192.168.1.135:8080;
server 192.168.1.135:8081;
server 192.168.1.135:8082;
}
# 3. 代理负载均衡分发过来的请求
server {
listen 8080;
location / {
root /app;
}
}
server {
listen 8081;
location / {
root /app/a/b;
}
}
server {
listen 8082;
location / {
root /app/c;
}
}
5. HTTPS
1. Generate certificate
Huawei Cloud generates SSL certificate
- server.crt
- server.key
2. Configure SSL
server {
listen 443 ssl;
server_name XXXXXXXXXXXXXXXXXX;
ssl_certificate /app/server.crt;
ssl_certificate_key /app/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_pass http://www.bugu-blog.top:80; # 代理转发到 http 地址
}
}
3. Restart Nginx
systemctl restart nginx