openResty安装
- centos 添加yum仓库,安装
yum -y install readline-devel pcre-devel openssl-devel
#yum安装
#sudo yum install -y yum-utils
#sudo yum-config-manager --add-repo https://openresty.org/package/centos/openresty.repo
#sudo yum install -y openresty
#源码编译
cd /data
curl -O http://mirrors.d.com/software/openresty/1.13.6/openresty-1.13.6.1.tar.gz
tar -zxvf openresty-1.13.6.1.tar.gz
cd openresty-1.13.6.1
./configure
make
sudo make install
#默认安装在/usr/local/openresty目录下
#将conf 和 log目录移到/data/openresty下
mkdir -p /data/openresty
cp -R /usr/local/openresty/nginx/conf /data/openresty
rm -rf /usr/local/openresty/nginx/conf
ln -s /data/openresty/conf /usr/local/openresty/nginx/conf
mkdir -p /data/openresty/logs
rm -rf /usr/local/openresty/nginx/logs
ln -s /data/openresty/logs /usr/local/openresty/nginx/logs
#启动
/usr/local/openresty/nginx/sbin/nginx
#检查配置是否正确
# /usr/local/openrestry/nginx/sbin/nginx -t
#重新加载配置文件
# /usr/local/openrestry/nginx/sbin/nginx -s reload
openresty配置
服务端获得客户端的真实ip
location /{
proxy_pass http://192.168.1.111:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
## node
var real_ip = req.get("X-Real-IP") || req.get("X-Forwarded-For") || req.ip;
openresty 隐藏服务器名称及版本,复写http server头
http{
server_tokens off; #隐藏server版本
}
location / {
#复写http server
header_filter_by_lua 'ngx.header.server = "apache/2.4"';
}
图片服务,静态文件
server {
listen 80;
server_name 10.0.12.75;
#charset koi8-r;
#access_log logs/host.access.log main;
### path /data/image/test.jpg
location /image {
add_header 'Access-Control-Allow-Origin' '*';
add_header Cache-Control no-store;
root /data/;
autoindex on; #预览
#index index.html index.htm;
}
}
https
openssl安装
#下载openssl
curl -O https://www.openssl.org/source/openssl-1.0.2n.tar.gz
#解压
#指定安装目录
./config --prefix=/usr/local/openssl
./config -t
make
make install
#将/usr/local/openssl/bin添加到环境变量
# vim /etc/profile
export OPENSSL_HOME=/usr/local/openssl
export PATH=$PATH:$OPENSSL_HOME/bin
# source /etc/profile
# openssl version
openssl实现私有CA
参考 https://www.cnblogs.com/AloneSword/p/4656492.html
配置
#强制跳转到https
server{
listen 8080;
server_name dmp.d.com;
return 301 https://$server_name/$request_uri;
}
server{
#listen 8080;
listen 443 ssl;
server_name dmp.d.com;
ssl on;
ssl_certificate cert/dmp.d.com.crt;
ssl_certificate_key cert/dmp.d.com.key;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
root /data/volume/DMP/frontend/dist;
error_page 404 400 /404.html;
}
location = /404.html {
root html;
}
}
网友评论