修改 Apache 端口
为了避免 Nginx 与 Apache 的端口冲突,需要修改 Apache 服务器提供的 HTTP 和 HTTPS 的端口。
修改 Apache 配置文件,修改 HTTP 协议的监听端口
vi /etc/httpd/conf/httpd.conf
...
Listen 7080
...
修改 SSL 配置文件,修改 HTTPS 协议的监听端口
vi /etc/httpd/conf.d/ssl.conf
...
Listen 7443 https
...
<VirtualHost _default_:7443>
...
firewall 开放端口
firewall-cmd --zone=public --add-port=7080/tcp --permanent
firewall-cmd --zone=public --add-port=7443/tcp --permanent
firewall-cmd --reload
firewall-cmd --list-ports
selinux 添加端口
# 查看 selinux 为 httpd 开放的端口
semanage port -l | grep http
# 为 httpd 开放新的端口
semanage port -a -t http_port_t -p tcp 7080
semanage port -a -t http_port_t -p tcp 7443
semanage port -l | grep http
重启 httpd 服务
systemctl restart httpd
systemctl status httpd
安装 Nginx
yum -y install epel-release
yum -y install nginx
systemctl start nginx
systemctl enable nginx
systemctl status nginx
rpm -ql nginx
/usr/share/nginx/html/index.html:默认主页
/etc/nginx/nginx.conf:主配置文件
HTTP 反向代理
修改 /etc/nginx/nginx.conf,别忘了加分号,upstream 后面的名字不要用下划线 _,要用 -。
http {
...
upstream backend-jenkins {
server 127.0.0.1:8080;
}
upstream backend-apache {
server 127.0.0.1:7080;
}
server {
...
server_name: www.lishiqing.com lishiqing.com;
...
location / {
proxy_pass http://backend-apache;
}
location /jenkins {
proxy_pass http://backend-jenkins;
}
}
...
}
systemctl restart nginx
浏览器访问 http://www.lishiqing.com,跳转到 apache 服务器
浏览器访问 http://www.lishiqing.com/jenkins,跳转到 tomcat 服务器
HTTPS 反向代理
-
拷贝证书和私钥
cd /etc/nginx
mkdir pki
# server.crt 和 server.key 是之前用 openssl 工具生成的
cp /etc/httpd/pki/server.crt /etc/httpd/pki/server.key ./pki
- 修改
/etc/nginx/nginx.conf文件
3.1. 修改将 HTTP 部分
- 添加重定向
- 注释掉代理规则
server {
listen 80;
listen [::]:80;
server_name www.lishiqing.com lishiqing.com;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
# Redirect all the HTTP requests to HTTPS
return 301 https://$host$request_uri;
# location / {
# proxy_pass http://backend-apache;
# }
# location /jenkins {
# proxy_pass http://backend-jenkins;
# }
error_page 404 /404.html;
location = /404.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
3.2. 将 HTTPS 部分的注释去掉
- 设置证书和私钥,修改
ssl_certificate和ssl_certificate_key - 设置代理规则,添加
location /和location/jenkins
# Settings for a TLS enabled server.
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name _;
root /usr/share/nginx/html;
ssl_certificate "/etc/nginx/pki/server.crt";
ssl_certificate_key "/etc/nginx/pki/server.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
proxy_pass http://backend-apache;
}
location /jenkins {
proxy_pass http://backend-jenkins;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
- 重启 nginx
# 查看配置文件是否有错误
nginx -t
# 重启 nginx 服务
systemctl restart nginx
- 浏览器访问
- 浏览器访问
https://www.lishiqing.com重定向到 apache 服务器 - 浏览器访问
https://www.lishiqing.com/jenkins重定向到 tomcat 服务器
通过以上配置,客户端到 Nginx 服务器之间是 HTTPS 加密通信,Nginx 服务器到 Apache 和 Tomcat 之间是 HTTP 非加密通信。
Nginx 与 PHP 通信
FastCGI 是 Nginx 和 PHP 之间通信的协议,需要安装 php-fpm,默认监听 9000 端口
安装 php-fpm
# 安装 php-fpm
yum -y install php-fpm
# 如果报错,显示版本冲突,则安装 php56w-fpm
yum -y install php56w-fpm
systemctl start php-fpm
systemctl enable php-fpm
修改 nginx 配置文件 /etc/nginx/nginx.conf
http {
# 如果没有开启 https,则在 http 的 server 部分配置,如果开启了 https,则在 https 的 server 部分配置。
server {
...
location / {
index index.html index.htm index.php;
}
# ~ 代表正则表达式
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
...
}
}
重新启动
nginx -t
systemctl restart nginx
在 /usr/share/nginx/html 目录下创建 index.php 文件
<?php phpinfo(); ?>
浏览器访问 http://www.lishiqing.com/index.php 或者 https://www.lishiqing.com/index.php
网友评论