本文使用的Linux发行版：CentOS6.7 下载地址：https://wiki.centos.org/Download
一、安装Nginx
下载源：wget http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm
安装源：yum install nginx-release-centos-6-0.el6.ngx.noarch.rpm
安装Nginx：yum install nginx
启动Nginx服务：service nginx start
停止Nginx服务：service nginx stop
查看Nginx运行状态：service nginx status
检查Nginx配置文件：nginx -t
服务运行中重新加载配置：nginx -s reload
添加Nginx服务自启动：chkconfig nginx on
二、修改防火墙规则
修改Nginx所在主机的防火墙配置：vi /etc/sysconfig/iptables，将nginx使用的端口添加到允许列表中。
例如：-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT （表示允许80端口通过）
修改Tomcat所在主机的防火墙配置：vi /etc/sysconfig/iptables，将tomcat使用的端口添加到允许列表中。
例如：-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT （表示允许8080端口通过）
如果主机上有多个tomcat的话，则按此规则添加多条，修改对应的端口号即可。
保存后重启防火墙：service iptables restart
三、Tomcat负载均衡配置
Nginx启动时默认加载配置文件/etc/nginx/nginx.conf，而nginx.conf里会引用/etc/nginx/conf.d目录里的所有.conf文件。
因此可以将自己定制的一些配置写到单独.conf文件里，只要文件放在/etc/nginx/conf.d这个目录里即可，方便维护。
创建tomcats.conf：vi /etc/nginx/conf.d/tomcats.conf，内容如下：

1. upstream tomcats

• {

•  ip_hash;
  

•  server 192.168.0.251:8080;
  

•  server 192.168.0.251:8081;
  

•  server 192.168.0.251:8082;
  

• }

---

注释原有的配置

1. # location / {
2. # root /usr/share/nginx/html;
3. # index index.html index.htm;
4. #}

新增配置默认将请求转发到tomcats.conf配置的upstream进行处理

location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://tomcats; #与tomcats.conf里配置的upstream同名
}

---

保存后重新加载配置：nginx -s reload
四、静态资源分离配置
修改default.conf：vi /etc/nginx/conf.d/default.conf，添加如下配置：

所有js,css相关的静态资源文件的请求由Nginx处理

location ~.*.(js|css)$ {
root /opt/static-resources; #指定文件路径
expires 12h; #过期时间为12小时
}

所有图片等多媒体相关静态资源文件的请求由Nginx处理

location ~.*.(html|jpg|jpeg|png|bmp|gif|ico|mp3|mid|wma|mp4|swf|flv|rar|zip|txt|doc|ppt|xls|pdf)$ {
root /opt/static-resources; #指定文件路径
expires 7d; #过期时间为7天
}

---

五、修改SELinux安全规则
如果访问Nginx时出现502 Bad Gateway错误，则可能是Nginx主机上的SELinux限制了其使用http访问权限引起的，输入命令setsebool -P httpd_can_network_connect 1 开启权限即可。
文件/etc/nginx/nginx.conf完整配置如下：

user nginx;
worker_processes auto;

error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
worker_rlimit_nofile 100000;

events {
use epoll;
multi_accept on;
worker_connections 1024;
}

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

#log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
#                  '$status $body_bytes_sent "$http_referer" '
#                  '"$http_user_agent" "$http_x_forwarded_for"';

#access_log  /var/log/nginx/access.log  main;

sendfile        on;
server_tokens off;
#tcp_nopush     on;

keepalive_timeout  65;

gzip on;
gzip_disable "msie6";
gzip_static on;
gzip_proxied any;
gzip_min_length 1000;
gzip_comp_level 4;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

include /etc/nginx/conf.d/*.conf;

}

文件/etc/nginx/conf.d/default.conf完整配置如下：

server {
listen 80;
server_name localhost;

#charset koi8-r;
#access_log  /var/log/nginx/log/host.access.log  main;

#location / {
#    root   /usr/share/nginx/html;
#    index  index.html index.htm;
#}

location / {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header REMOTE-HOST $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass http://web_servers;
}

location ~.*\.(js|css)$ {
    root    /opt/static-resources;
    expires     12h;
}

location ~.*\.(html|jpg|jpeg|png|bmp|gif|ico|mp3|mid|wma|mp4|swf|flv|rar|zip|txt|doc|ppt|xls|pdf)$ {
    root    /opt/static-resources;
    expires     7d;
}

#error_page  404              /404.html;

# redirect server error pages to the static page /50x.html
#
error_page   500 502 503 504  /50x.html;
location = /50x.html {
    root   /usr/share/nginx/html;
}

# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
#    proxy_pass   http://127.0.0.1;
#}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
#    root           html;
#    fastcgi_pass   127.0.0.1:9000;
#    fastcgi_index  index.php;
#    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
#    include        fastcgi_params;
#}

# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
#    deny  all;
#}

}