linux 安装配置nginx及常用命令,linux安装配置nginx
linux 安装配置nginx及常用命令,linux安装配置nginx
Nginx启动关闭命令:
启动Nginx:
# cd /usr/local/nginx/sbin
# ./nginx
关闭nginx:
强制关闭: # ./nginx -s stop
快速关闭: # ./nginx -s quit
Nginx快速安装:
1. 安装 gcc
# yum install gcc-c++
2. 安装 PCRE pcre-devel
# yum install -y pcre pcre-devel
3. 安装 zlib
# yum install -y zlib zlib-devel
4. 安装 OpenSSL
# yum install -y openssl openssl-devel
5. 查看最新版下载地址 (一般使用 Stable Version 稳定版)
https://nginx.org/en/download.html
6. 通过下载地址下载文件
# wget https://nginx.org/download/nginx-1.13.6.tar.gz
7. 解压文件
# tar -zxvf nginx-1.10.1.tar.gz
8. 进入解压后的文件目录
# cd nginx-1.13.6
9.执行配置.
SSL证书模块, HTTP2 模块 (建议选这个, 模块比较齐全)
# ./configure --prefix=/usr/local/nginx --with-pcre --with-stream --with-stream_ssl_module --with-http_stub_status_module --with-http_ssl_module --with-http_v2_module --with-threads
安装时附带SSL证书模块, 如果没有ssl不能配置HTTPS
# ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
10. 编译文件
# make
11.安装文件
# make install
12.启动nginx
# cd /usr/local/nginx/sbin/
# ./nginx
Nginx配置文件详解:
配置HTTPS 以及 HTTP 2.0
server {
listen 80;
server_name www.brando.cn admin.brando.cn; #访问域名
rewrite ^(.*)$ https://$host$1 permanent;
}
server {
listen 443 ssl http2;
server_name www.brando.cn admin.brando.cn;
ssl on;
ssl_certificate /alidata/server/ssl/brando.cn.crt; #ssl文件目录
ssl_certificate_key /alidata/server/ssl/brando.cn.key; #ssl文件目录
#ssl优化配置.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_stapling on;
ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA";
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 10m;
location / {
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://127.0.0.1:8080;
}
}
--------------------- 作者:BrandoLv 来源:CSDN 原文:https://blog.csdn.net/lyq19870515/article/details/78123106?utm_source=copy 版权声明:本文为博主原创文章,转载请附上博文链接!
评论暂时关闭