C2. Nginx - lyonwang/TechNotes GitHub Wiki
Install Nginx
Create yum repo
sudo yum-config-manager --add-repo https://openresty.org/package/centos/openresty.repo
Install Openresty
sudo yum install openresty
Install Openresty 工具
sudo yum install openresty-resty
Install Openresty Lua package Manager
sudo yum install openresty-opm
sudo path environment variable
sudo visudo
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/openresty/nginx/sbin
測試安裝
$ mkdir ~/openresty-test ~/openresty-test/logs/ ~/openresty-test/conf/
$
$ tree ~/openresty-test
/Users/yuansheng/openresty-test
├── conf
└── logs
```bash
$ vim ~/openresty-test/conf/nginx.conf
worker_processes 1; #nginx worker 数量
error_log logs/error.log; #指定错误日志文件路径
events {
worker_connections 1024;
}
http {
server {
#监听端口,若你的6699端口已经被占用,则需要修改
listen 6699;
location / {
default_type text/html;
content_by_lua_block {
ngx.say("HelloWorld")
}
}
}
}
$ sudo nginx -p ~/openresty-test
$ sudo ps -ef | grep nginx
$ curl http://localhost:6699 -i
HTTPS Configuration
前端與後端網頁 http 連接時,會自動導到 https
產生 SSL 憑證
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /usr/local/openresty/nginx/ssl/nginx.key -out /usr/local/openresty/nginx/ssl/nginx.crt
Country Name (2 letter code) [XX]:TW
State or Province Name (full name) []:Taiwan
Locality Name (eg, city) [Default City]:Taipei
Organization Name (eg, company) [Default Company Ltd]:TBT
Organizational Unit Name (eg, section) []:RD
Common Name (eg, your name or your server's hostname) []:gb.local
Email Address []:[email protected]
/usr/local/openresty/nginx/nginx.conf
http {
...
upstream front-end {
server 192.168.21.51:4322;
}
upstream back-end {
server 192.168.21.51;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
# 導向至 HTTPS
rewrite ^(.*) https://$host$1 permanent;
}
server {
# 加入 SSL 設定
listen 443 ssl;
# 憑證與金鑰的路徑
ssl_certificate /usr/local/openresty/nginx/ssl/nginx.crt;
ssl_certificate_key /usr/local/openresty/nginx/ssl/nginx.key;
server_name backend-dev.gb.local;
location / {
proxy_pass http://back-end;
}
}
server {
# 加入 SSL 設定
listen 443 ssl;
# 憑證與金鑰的路徑
ssl_certificate /usr/local/openresty/nginx/ssl/nginx.crt;
ssl_certificate_key /usr/local/openresty/nginx/ssl/nginx.key;
server_name web-dev.gb.local;
location / {
proxy_pass http://front-end;
}
}
}
Nginx Log
http {
...
log_format main '[$time_iso8601] [$server_name] [$request_method] '
'[$server_addr] [$server_port] [$request_uri] [$query_string] [$request_body] [$remote_user] '
'[$remote_addr] [$server_protocol] [$http_user_agent] '
'[$http_cookie] [$http_referer] [$http_host] [$status] '
'[$bytes_sent] [$request_length] [$request_time] [$request_id] '
'[$proxy_add_x_forwarded_for] [$http_accept] '
'[$http_accept_encoding] [$upstream_http_content_length] '
'[$upstream_http_content_type] [$sent_http_content_type] [$upstream_addr]';
access_log logs/access.log main;
...
}
另可透過以下指令產生 .key .csr 向 CA 申請憑證時取得 .crt
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout demo.key -out demo.csr