nginx反向代理使用,nginx反向代理
nginx反向代理使用,nginx反向代理
一、下载安装nginx
从官网下载,解压到相应目录即可。如我本地解压到D:\software\nginx-1.12.2目录。
二、常用命令
启动nginx:start nginx
快速停止nginx(可能不会保存配置文件信息):nginx -s stop
安全有序停止nginx:nginx -s quit
重载配置文件:nginx -s reload
重新打开日志文件:nginx -s reopen
三、修改配置文件
配置文件路径: D:\software\nginx-1.12.2\conf\nginx.conf
http配置,默认是80端口:
server {
listen 80;
server_name localhost; //主机名或ip或机器配置的域名
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html; # 这个是指定一个项目所在目录
index index.html index.htm; # 这个是指定首页的文件名
}
location /mp_store {
proxy_pass https://192.168.144.44:8190/mp_store;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
https配置:
server {
listen 443 ssl;
server_name localhost;
ssl_certificate D://software//nginx-1.12.2//conf//ssl//server.crt; # 这个是证书的crt文件所在目录
ssl_certificate_key D://software//nginx-1.12.2//conf//ssl//server.key; # 这个是证书key文件所在目录
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html; # 这个是指定一个项目所在目录
index index.html index.htm; # 这个是指定首页的文件名
}
location /mp_store {
proxy_pass https://192.168.144.44:8190/mp_store;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
修改配置后重启nginx,输入https://localhost或http://localhost访问nginx欢迎页面。访问http(s)://localhost/mp_store即可访问自己的服务器。
四、nginx配置https时证书制作
[mpadmin@mprest1 ssl]$ pwd
/home/mpadmin/backup/ssl
[mpadmin@mprest1 ssl]$ openssl genrsa -des3 -out server.key 1024 //创建私钥
Generating RSA private key, 1024 bit long modulus
.....................++++++
...........................................................++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
[mpadmin@mprest1 ssl]$ openssl req -new -key server.key -out server.csr //创建csr证书
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:chongqing
Locality Name (eg, city) [Default City]:chongqing
Organization Name (eg, company) [Default Company Ltd]:asus
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[mpadmin@mprest1 ssl]$
[mpadmin@mprest1 ssl]$
[mpadmin@mprest1 ssl]$ cp server.key server.key.org
[mpadmin@mprest1 ssl]$ openssl rsa -in server.key.org -out server.key //去除密码(在加载SSL支持的Nginx并使用上述私钥时除去必须的口令,否则会在启动nginx的时候需要输入密码。)
Enter pass phrase for server.key.org:
writing RSA key
[mpadmin@mprest1 ssl]$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt //生成crt证书
Signature ok
subject=/C=CN/ST=chongqing/L=chongqing/O=asus
Getting Private key
[mpadmin@mprest1 ssl]$
五、nginx日志
D:\software\nginx-1.12.2\logs目录下access.log可查看每个请求的结果。
评论暂时关闭