nginx openresty

openResty安装

• centos 添加yum仓库，安装
  

    yum -y install readline-devel pcre-devel openssl-devel
    
    #yum安装
    #sudo yum install -y yum-utils
    #sudo yum-config-manager --add-repo https://openresty.org/package/centos/openresty.repo
    #sudo yum install -y openresty
    
    #源码编译
    cd /data
    curl -O http://mirrors.d.com/software/openresty/1.13.6/openresty-1.13.6.1.tar.gz
    tar -zxvf openresty-1.13.6.1.tar.gz
    cd openresty-1.13.6.1
    ./configure 
    make 
    sudo  make install 

    #默认安装在/usr/local/openresty目录下

    #将conf  和  log目录移到/data/openresty下
    mkdir -p /data/openresty
    cp -R /usr/local/openresty/nginx/conf  /data/openresty
    rm -rf /usr/local/openresty/nginx/conf
    ln -s /data/openresty/conf /usr/local/openresty/nginx/conf

    mkdir -p /data/openresty/logs
    rm -rf /usr/local/openresty/nginx/logs
    ln -s /data/openresty/logs /usr/local/openresty/nginx/logs

    #启动
    /usr/local/openresty/nginx/sbin/nginx
    #检查配置是否正确
    # /usr/local/openrestry/nginx/sbin/nginx  -t
    #重新加载配置文件
    # /usr/local/openrestry/nginx/sbin/nginx  -s reload

openresty配置

服务端获得客户端的真实ip

location /{  
                proxy_pass http://192.168.1.111:8080;  
                proxy_set_header Host $host;  
                proxy_set_header X-Real-IP $remote_addr;  
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }  

## node 
var real_ip = req.get("X-Real-IP") || req.get("X-Forwarded-For") || req.ip;  

openresty 隐藏服务器名称及版本，复写http server头

http{
    server_tokens off;  #隐藏server版本
}

location / {
        #复写http server
        header_filter_by_lua 'ngx.header.server = "apache/2.4"';
    }

图片服务，静态文件

    server {
        listen       80;
        server_name  10.0.12.75;

        #charset koi8-r;
        #access_log  logs/host.access.log  main;
        ###  path  /data/image/test.jpg 

        location /image {

            add_header 'Access-Control-Allow-Origin' '*';
            add_header Cache-Control no-store;

            root   /data/;
            autoindex on;   #预览
            #index  index.html index.htm;
        }
    }

https

openssl安装

#下载openssl
curl -O https://www.openssl.org/source/openssl-1.0.2n.tar.gz

#解压
#指定安装目录
./config --prefix=/usr/local/openssl
./config -t
make
make install

#将/usr/local/openssl/bin添加到环境变量
# vim  /etc/profile
export OPENSSL_HOME=/usr/local/openssl
export PATH=$PATH:$OPENSSL_HOME/bin
# source /etc/profile

# openssl version

openssl实现私有CA

参考 https://www.cnblogs.com/AloneSword/p/4656492.html

配置

 #强制跳转到https
server{

    listen 8080;
    server_name dmp.d.com;

    return 301 https://$server_name/$request_uri;

}

server{
    #listen 8080;
    listen 443 ssl;
    server_name dmp.d.com;
    ssl on;
    ssl_certificate cert/dmp.d.com.crt;
    ssl_certificate_key cert/dmp.d.com.key;


    location / {

        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        root  /data/volume/DMP/frontend/dist;
        error_page  404 400           /404.html;
    }

    location = /404.html {
            root html;
    }

}