美文网首页
nginx openresty

nginx openresty

作者: 顶儿响叮当 | 来源:发表于2018-01-23 10:58 被阅读170次

    openResty安装

    • centos 添加yum仓库,安装
        yum -y install readline-devel pcre-devel openssl-devel
        
        #yum安装
        #sudo yum install -y yum-utils
        #sudo yum-config-manager --add-repo https://openresty.org/package/centos/openresty.repo
        #sudo yum install -y openresty
        
        #源码编译
        cd /data
        curl -O http://mirrors.d.com/software/openresty/1.13.6/openresty-1.13.6.1.tar.gz
        tar -zxvf openresty-1.13.6.1.tar.gz
        cd openresty-1.13.6.1
        ./configure 
        make 
        sudo  make install 
    
        #默认安装在/usr/local/openresty目录下
    
        #将conf  和  log目录移到/data/openresty下
        mkdir -p /data/openresty
        cp -R /usr/local/openresty/nginx/conf  /data/openresty
        rm -rf /usr/local/openresty/nginx/conf
        ln -s /data/openresty/conf /usr/local/openresty/nginx/conf
    
        mkdir -p /data/openresty/logs
        rm -rf /usr/local/openresty/nginx/logs
        ln -s /data/openresty/logs /usr/local/openresty/nginx/logs
    
        #启动
        /usr/local/openresty/nginx/sbin/nginx
        #检查配置是否正确
        # /usr/local/openrestry/nginx/sbin/nginx  -t
        #重新加载配置文件
        # /usr/local/openrestry/nginx/sbin/nginx  -s reload
    
    

    openresty配置

    服务端获得客户端的真实ip

    location /{  
                    proxy_pass http://192.168.1.111:8080;  
                    proxy_set_header Host $host;  
                    proxy_set_header X-Real-IP $remote_addr;  
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            }  
    
    ## node 
    var real_ip = req.get("X-Real-IP") || req.get("X-Forwarded-For") || req.ip;  
    

    openresty 隐藏服务器名称及版本,复写http server头

    http{
        server_tokens off;  #隐藏server版本
    }
    
    location / {
            #复写http server
            header_filter_by_lua 'ngx.header.server = "apache/2.4"';
        }
    

    图片服务,静态文件

        server {
            listen       80;
            server_name  10.0.12.75;
    
            #charset koi8-r;
            #access_log  logs/host.access.log  main;
            ###  path  /data/image/test.jpg 
    
            location /image {
    
                add_header 'Access-Control-Allow-Origin' '*';
                add_header Cache-Control no-store;
    
                root   /data/;
                autoindex on;   #预览
                #index  index.html index.htm;
            }
        }
    
    

    https

    openssl安装

    #下载openssl
    curl -O https://www.openssl.org/source/openssl-1.0.2n.tar.gz
    
    #解压
    #指定安装目录
    ./config --prefix=/usr/local/openssl
    ./config -t
    make
    make install
    
    #将/usr/local/openssl/bin添加到环境变量
    # vim  /etc/profile
    export OPENSSL_HOME=/usr/local/openssl
    export PATH=$PATH:$OPENSSL_HOME/bin
    # source /etc/profile
    
    # openssl version
    
    

    openssl实现私有CA

    参考 https://www.cnblogs.com/AloneSword/p/4656492.html

    配置

     #强制跳转到https
    server{
    
        listen 8080;
        server_name dmp.d.com;
    
        return 301 https://$server_name/$request_uri;
    
    }
    
    server{
        #listen 8080;
        listen 443 ssl;
        server_name dmp.d.com;
        ssl on;
        ssl_certificate cert/dmp.d.com.crt;
        ssl_certificate_key cert/dmp.d.com.key;
    
    
        location / {
    
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    
            root  /data/volume/DMP/frontend/dist;
            error_page  404 400           /404.html;
        }
    
        location = /404.html {
                root html;
        }
    
    }
    
    

    相关文章

      网友评论

          本文标题:nginx openresty

          本文链接:https://www.haomeiwen.com/subject/ntxsaxtx.html