安装 #
sudo apt-get install nginx
配置文件 #
ubuntu
/etc/nginx/conf.d/*.conf
centos
/usr/local/nginx/conf/
常用命令 #
sudo nginx -s reload
日志 #
cat /var/log/nginx/access.log
http转https #
server {
listen 80;
server_name www.test.com;
rewrite ^(.*)$ https://${server_name}$1 permanent;
}
https配置 #
server {
listen 443 ssl http2;
server_name blog.wowfriday.cn;
ssl_certificate /etc/nginx/1_blog.wowfriday.cn_bundle.crt;
ssl_certificate_key /etc/nginx/2_blog.wowfriday.cn.key;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_pass https://wowfriday.cn;
}
}
静态网站配置 #
server {
listen 80 http;
server_name wowfriday.cn;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
}
反向代理配置 #
server {
listen 80 http;
server_name wowfriday.cn;
location / {
proxy_pass http://blog.wowfriday.cn;
}
}
websocket代理 #
location /wss {
proxy_pass http://127.0.0.1:8765;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-Real-IP $remote_addr;
}
default_server #
使用了宝塔版本的wordpress,其中包含了nginx,我又额外想在这个机器上部署其他应用,也要用到nginx。
wordpress的配置文件中用了 default_server
,所有未匹配到的请求都会使用它。
server {
listen 80 default_server;
}
下面是我的配置。如果 server_name
设置成 wow.com
的话,访问 hello.wow.com/mr
就属于匹配不到的情况,就会走到 default_server 中。改成下面这样就可以了。
vim /www/server/panel/vhost/nginx/wss.cool.conf
server {
listen 80;
server_name hello.wow.com;
location /mr {
proxy_pass http://localhost:8082/mr;
}
}
wordpress的配置文件 #
|
|
如果少了location ~ \.php$
这段配置会导致网址打不开并下载一个文件
转发自定义头 #
后端使用 spring boot 实现了一个 github oauth2 认证登录的 client 。将代码附属到服务器以后,请求经过 nginx 反向代理,java程序报错。
Authentication request failed: org.springframework.security.oauth2.core.OAuth2AuthenticationException: [invalid_redirect_uri_parameter]
需要修改 nginx 和 tomcat 的配置,使其转发自定义头。
proxy_set_header HOST $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
nginx配置
server:
tomcat:
remote-ip-header: "X-Forwarded-For"
protocol-header: "X-Forwarded-Proto"
protocol-header-https-value: "https"
application.yml