[TOC]
参考资料
Installing nginx on Linux - 官网
centos 7 安装nginx以及nginx的目录详解 - CSDN
CentOS 7 安装Nginx 并配置自动启动 - CSDN
Centos7.3安装nginx
centos 7.0 查看selinux状态|关闭|开启 - csdn
Centos7 nginx提示错误 Access denied - 查看 SeLinux 限制日志
Using NGINX and NGINX Plus with SELinux - 官方指导,就是靠谱
技巧集:nginx作代理时,查看请求被转发到哪台服务器 -
使用 yum 安装 nginx
配置 yum 仓库
添加配置文件 vi /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
yum 安装 Nginx
yum -y install nginx
设置 nginx 为服务,开机启动
设置 nginx 为服务,开机启动
systemctl enable nginx.service
systemctl start nginx.service
systemctl status nginx.service # 确认服务是否启动
nginx -v # 查看版本
配置防火墙
firewall-cmd --permanent --add-port=80/tcp // ngnix 默认使用 80 端口,需要开放防火墙 80 端口
firewall-cmd --reload
配置 Nginx
查看 Nginx 配置文件路径 nginx -V
注意,V 大写
[root@localhost conf.d]# nginx -V
nginx version: nginx/1.14.2
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-28) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie'
两个关键配置如下:
-
--prefix=/etc/nginx
,nginx 工程路径:/etc/nginx -
--conf-path=/etc/nginx/nginx.conf
, 配置文件路径:/etc/nginx/nginx.conf
cat /etc/nginx/nginx.conf
可以在最后看到如下
user root;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
# 注意这里,配置文件放在 conf.d/ 中,且必须以 .conf 结尾
include /etc/nginx/conf.d/*.conf;
}
这里我们可以得知 配置文件放在 conf.d/ 中,且必须以 .conf 结尾。从而我们可以在 conf.d/ 中,定义多个需要反向代理的配置,参考如下
[root@localhost conf.d]# ll
总用量 12
-rw-r--r--. 1 root root 1093 12月 4 23:01 default.conf
-rw-r--r--. 1 root root 341 1月 10 15:20 mirror.reading.zt.conf
-rw-r--r--. 1 root root 339 1月 10 14:25 test.reading.zt.conf
反向代理 192.168.0.232 -> test.reading.zt 配置为: vi /etc/nginx/conf.d/test.reading.zt.conf
server {
listen 80;
server_name test.reading.zt;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://192.168.0.232:8080;
add_header backendIP $upstream_addr;
add_header backendCode $upstream_status;
}
}
反向代理 192.168.0.233 -> mirror.reading.zt 配置为: vi /etc/nginx/conf.d/mirror.reading.zt.conf
server {
listen 80;
server_name mirror.reading.zt;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://192.168.0.233:8080;
add_header backendIP $upstream_addr;
add_header backendCode $upstream_status;
}
}
完成配置后,检查配置,并重启 nginx
nginx -t
nginx -s reload
配置反向代理时 SeLinx 限制
image.png从 Nginx 异常日志 /var/log/nginx/error.log
中可以看到以下异常
2019/01/10 13:19:33 [crit] 1829#1829: *162 connect() to 192.168.0.232:8080 failed (13: Permission denied) while connecting to upstream, client: 192.168.0.196, server: test.reading.zt, request: "GET /library/index/login.html HTTP/1.1", upstream: "http://192.168.0.232:8080/library/index/login.html", host: "test.reading.zt"
处理方法 setsebool -P httpd_can_network_relay 1
配置查看请求被转发到哪台服务器
server {
listen 80;
server_name mirror.reading.zt;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://192.168.0.233:8080;
## nginx 作代理时,查看请求被转发到哪台服务器,添加下面 2 行
add_header backendIP $upstream_addr;
add_header backendCode $upstream_status;
}
}
以 chrome 为例,F12 后操作如下图
image.png
网友评论