安装

1
sudo yum install nginx

配置

修改配置文件

1
vi /etc/nginx/nginx.conf

转发到静态页面

1
2
3
4
5
6
7
8
9
server {
    listen 80;
    server_name your_domain.com;
 
    location /note {
        alias /home/szxck/note/public; #静态资源的根目录
        index index.html; #默认首页文件
    }
}

转发到其他端口

1
2
3
4
5
6
7
8
9
10
11
12
server {
    listen 80;
    server_name your_domain.com;
 
    location / {
        proxy_pass http://127.0.0.1:8080; # 将请求转发到本地8080端口
        proxy_set_header Host $host; # 传递原始主机头
        proxy_set_header X-Real-IP $remote_addr; # 传递真实客户端IP
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # 传递代理链中的客户端IP
        proxy_set_header X-Forwarded-Proto $scheme; # 如果有HTTPS传递协议信息
    }
}

自定义404页面

1
2
3
4
5
6
7
8
9
10
server {
    listen 80;
    server_name your_domain.com;
 
    error_page 404 /404.html;
    location = /404.html {
        internal; # 表示这个location只能内部使用不能被用户直接访问
        root /home/nginx; # 自定义404页面路径
    }
}

配置 https

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
server {
    listen 443 ssl http2;
    server_name szxck.top www.szxck.top;

    # SSL证书配置
    ssl_certificate "/home/nginx/szxck.top.pem";
    ssl_certificate_key "/home/nginx/szxck.top.key";

    # 其他SSL设置...
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    client_max_body_size 100m; # 设置为 100 MB
    
    # 对所有请求进行反向代理
    location / {
        proxy_pass http://127.0.0.1:8080; # 将请求转发到本地8080端口
        proxy_set_header Host $host; # 传递原始主机头
        proxy_set_header X-Real-IP $remote_addr; # 传递真实客户端IP
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # 传递代理链中的客户端IP
        proxy_set_header X-Forwarded-Proto $scheme; # 如果有HTTPS传递协议信息
    }
    
    # 静态资源
    location /static {
        alias /home/static; # 静态资源的根目录
        index index.html; # 默认首页文件
    }

    error_page 404 /404.html;
    location = /404.html {
        internal; # 表示这个location只能内部使用不能被用户直接访问
        root /home/nginx; # 自定义404页面路径
    }

    error_page 500 502 503 504 /50x.html;
        location = /50x.html {
    }
}

跨域配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
http {
	# 定义一个 map 来根据请求中的 Origin 设置响应头
    map $http_origin $cors_value {
        default              "";
        ~^(https?://.*)$    $1;
    }

    server {		
		# 开启 Access-Control-Allow-Origin 响应头
        add_header Access-Control-Allow-Origin $cors_value always;
        add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
        add_header Access-Control-Allow-Headers 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
        add_header Access-Control-Allow-Credentials 'true';
    }
}

配置示例

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
	# 定义一个 map 来根据请求中的 Origin 设置响应头
    map $http_origin $cors_value {
        default              "";
        ~^(https?://.*)$    $1;
    }

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 4096;
	client_max_body_size 100m; # 设置为 100 MB

    include             /etc/nginx/mime.types;
    # default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;
	
    //多域名转发一
	server {
        listen       80;
        server_name  szxck.top www.szxck.top;
		
		# 重定向到HTTPS
		return 301 https://szxck.top$request_uri;
    }
	
    //多域名转发二
	server {
        listen       80;
        server_name  xn--5gqw67a.xn--6qq986b3xl www.xn--5gqw67a.xn--6qq986b3xl;
		
		# 重定向到HTTPS
		return 301 https://xn--5gqw67a.xn--6qq986b3xl$request_uri;
    }

    server {
        listen 443 ssl http2;
        server_name xn--5gqw67a.xn--6qq986b3xl www.xn--5gqw67a.xn--6qq986b3xl;

        # SSL证书配置
		ssl_certificate "/home/nginx/xn--5gqw67a.xn--6qq986b3xl.pem";
        ssl_certificate_key "/home/nginx/xn--5gqw67a.xn--6qq986b3xl.key";

        # 其他SSL设置...
        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:50m;
        ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_prefer_server_ciphers on;

		root /home/static;  # 指定根目录

        location / {
            index /time/index.html;  # 指定默认索引文件
            try_files $uri $uri/ =404;  # 尝试查找文件或目录否则返回404
        }
		
		location /static {
            index /index;  # 保持与上面相同的根目录
            try_files /index.html =404;
        }
    }

    server {
        listen 443 ssl http2;
        server_name szxck.top www.szxck.top;

        # SSL证书配置
        ssl_certificate "/home/nginx/szxck.top.pem";
        ssl_certificate_key "/home/nginx/szxck.top.key";

        # 其他SSL设置...
        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:50m;
        ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_prefer_server_ciphers on;
		client_max_body_size 100m; # 设置为 100 MB
		
		# 开启 Access-Control-Allow-Origin 响应头
        add_header Access-Control-Allow-Origin $cors_value always;
        add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
        add_header Access-Control-Allow-Headers 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
        add_header Access-Control-Allow-Credentials 'true';
		
        # 对所有请求进行反向代理
		location / {
			proxy_pass http://127.0.0.1:8080; # 将请求转发到本地8080端口
			proxy_set_header Host $host; # 传递原始主机头
			proxy_set_header X-Real-IP $remote_addr; # 传递真实客户端IP
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # 传递代理链中的客户端IP
			proxy_set_header X-Forwarded-Proto $scheme; # 如果有HTTPS传递协议信息
		}
		
		# 静态资源
		location /static {
			alias /home/static; # 静态资源的根目录
			index index.html; # 默认首页文件
		}

        error_page 404 /404.html;
        location = /404.html {
			internal; # 表示这个location只能内部使用不能被用户直接访问
			root /home/nginx; # 自定义404页面路径
		}

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }
}

命令

启动

1
sudo systemctl start nginx

重启

1
sudo systemctl restart nginx

设置开机自启动

1
sudo systemctl enable nginx

学习资源