阅读量:0
一、常用命令:
//开启服务: start nginx 直接点击Nginx目录下的nginx.exe //停止服务:nginx停止命令stop与quit参数的区别在于stop是快速停止nginx,可能并不保存相关信息,quit是完整有序的停止nginx ,并保存相关信息。nginx启动与停止命令的效果都可以通过Windows任务管理器中的进程选项卡观察。 nginx -s stop nginx -s quit //其他命令重启、关闭nginx ps -ef | grep nginx //从容停止Nginx kill -QUIT 主进程号 //快速停止Nginx kill -TERM 主进程号 //强制停止Nginx pkill -9 nginx //平滑重启nginx: kill -HUP 主进程号 //重启服务: nginx -s reload //检查配置文件是否有语法操作 ./nginx -t //或者显示指定配置文件 ./nginx -t -c /usr/local/nginx/conf/nginx.conf 二、注意要点
动静分离要点,必须把访问服务器的端口写成nginx监听的端口,这样才能避免跨域 配置参数说明: nigix做反向代理 注意 :$proxy_port 与 :$server_port 区别 $server_port :nigix监听的端口 $proxy_port : 服务器真正访问的端口 #一般情况都用这个host proxy_set_header Host $host; #获取到用户真实IP配置 proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 三、http请求配置
1、前后端分离普通配置
server { listen 8203; location / { root /usr/www/validation-demo/h5-1-advance; index index.html; try_files $uri $uri/ /index.html; if ($request_filename ~* .*\.(?:htm|html)$){ add_header Cache-Control "private, no-store, no-cache, must-revalidate, proxy-revalidate"; } } location /api/ { proxy_pass http://192.168.8.10:5001/; } } 2、增加了HTTPS的前后端分离配置
server { listen 443; server_name www.huzhihui.com; ssl on; ssl_certificate /etc/nginx/cert/5673168_www.huzhihui.com.pem; ssl_certificate_key /etc/nginx/cert/5673168_www.huzhihui.com.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { root /alidata/view/eip-home; index index.html; try_files $uri $uri/ /index.html; if ($request_filename ~* .*\.(?:htm|html)$){ add_header Cache-Control "private, no-store, no-cache, must-revalidate, proxy-revalidate"; } expires 7d; } location /api/ { proxy_pass http://127.0.0.1:56000/; } } server{ listen 80; server_name www.huzhihui.com; rewrite ^/(.*)$ https://www.huzhihui.com/$1 permanent; } 3、老项目强制HTTPS POST出现问题的解决方案
server{ listen 80; server_name wx.huzhihui.cn; add_header Strict-Transport-Security max-age=15768000; location / { if ($request_method ~ ^(POST|DELETE|OPTIONS)$) { proxy_pass https://wx.huzhihui.cn; break ; } rewrite ^/(.*)$ https://wx.huzhihui.cn/$1 permanent; } } 4、普通前后端一起的工程网站部署
server{ listen 80; server_name www.huzhihui.com; location /{ proxy_redirect default; proxy_pass http://127.0.0.1:8093; proxy_set_header Host $host; proxy_set_header Referer $http_referer; proxy_set_header X-Real-Ip $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } 4、 动静分离+负载均衡配置
upstream web_servers { server localhost:8080; server localhost:8081; } server { listen 80; server_name www.huzhihui.com; location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://web_servers; } location ~.*\.(js|css)$ { root /opt/static-resources; expires 12h; } location ~.*\.(html|jpg|jpeg|png|bmp|gif|ico|mp3|mid|wma|mp4|swf|flv|rar|zip|txt|doc|ppt|xls|pdf)$ { root /opt/static-resources; expires 7d; } error_page 404 /404.html; error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } } 5、 通用https配置
server { listen 443; server_name www.huzhihui.com; ssl on; ssl_certificate cert-tues/214069203020278.pem; ssl_certificate_key cert-tues/214069203020278.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { proxy_pass http://127.0.0.1:9002/; proxy_redirect default; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } server{ listen 80; server_name www.huzhihui.com; rewrite ^/(.*)$ https://server.ourtues.com/$1 permanent; } 