I. Nginx 安装

1.1 RHEL及其衍生版

For RHEL/CentOS : https://nginx.org/en/linux_packages.html#RHEL

1.1.1 安装必备组件

1sudo yum install yum-utils

1.1.2 设置 yum 存储库

1vim /etc/yum.repos.d/nginx.repo

粘贴以下内容:

 1[nginx-stable]
 2name=nginx stable repo
 3baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
 4gpgcheck=1
 5enabled=1
 6gpgkey=https://nginx.org/keys/nginx_signing.key
 7module_hotfixes=true
 8
 9[nginx-mainline]
10name=nginx mainline repo
11baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
12gpgcheck=1
13enabled=0
14gpgkey=https://nginx.org/keys/nginx_signing.key
15module_hotfixes=true

1.1.3 更新软件包缓存信息

1sudo dnf makecache

1.1.4 Nginx 安装

1sudo dnf install nginx

1.1.5 开机自启

1systemctl enable nginx --now

1.1.6 版本查看

参考文档:Nginx CommandLineWiKi

1nginx -v

1.1.7 Nginx 卸载

1sudo yum remove nginx

1.2 Debian

For Ubuntu : https://nginx.org/en/linux_packages.html#Ubuntu

II. Nginx 配置

2.1 代码准备

2.1.1 创建 web 目录

1sudo mkdir -p /var/www/domain-com

2.1.2 上传 web 代码

2.2 配置备份

默认配置文件👇

 1user  nginx;
 2worker_processes  auto;
 3
 4error_log  /var/log/nginx/error.log notice;
 5pid        /var/run/nginx.pid;
 6
 7
 8events {
 9    worker_connections  1024;
10}
11
12
13http {
14    include       /etc/nginx/mime.types;
15    default_type  application/octet-stream;
16
17    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
18                      '$status $body_bytes_sent "$http_referer" '
19                      '"$http_user_agent" "$http_x_forwarded_for"';
20
21    access_log  /var/log/nginx/access.log  main;
22
23    sendfile        on;
24    #tcp_nopush     on;
25
26    keepalive_timeout  65;
27
28    #gzip  on;
29
30    include /etc/nginx/conf.d/*.conf;
31}

备份默认配置👇

1cd /etc/nginx/conf.d/
2sudo mv default.conf default.conf.bak

2.3 Nginx 配置

在 nginx 配置文件 /etc/nginx/nginx.conf 的扩展配置 include /etc/nginx/conf.d/*.conf 中,添加子配置文件。其中子配置文件 *.conf 中不包含 eventshttp 标签。

  1. 创建配置文件
1sudo touch /etc/nginx/conf.d/example.com.conf
  1. HTTP 配置
 1server {
 2    listen       80;
 3    listen       [::]:80;
 4
 5    server_name example.com www.example.com;
 6    
 7    if ($host != 'example.com' && $host != 'www.example.com') {
 8        return 444;
 9    }
10
11    #access_log  /var/log/nginx/host.access.log  main;
12
13    location / {
14        root   /usr/share/nginx/html;
15        index  index.html index.htm;
16    }
17
18    #error_page  404              /404.html;
19
20    # redirect server error pages to the static page /50x.html
21    #
22    error_page   500 502 503 504  /50x.html;
23    location = /50x.html {
24        root   /usr/share/nginx/html;
25    }
26
27    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
28    #
29    #location ~ \.php$ {
30    #    proxy_pass   http://127.0.0.1;
31    #}
32
33    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
34    #
35    #location ~ \.php$ {
36    #    root           html;
37    #    fastcgi_pass   127.0.0.1:9000;
38    #    fastcgi_index  index.php;
39    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
40    #    include        fastcgi_params;
41    #}
42
43    # deny access to .htaccess files, if Apache's document root
44    # concurs with nginx's one
45    #
46    #location ~ /\.ht {
47    #    deny  all;
48    #}
49}

指定访问目录,如:example.com/opt/web

 1server {
 2    listen       80;
 3    listen       [::]:80;
 4
 5    server_name example.com www.example.com;
 6    
 7    if ($host != 'example.com' && $host != 'www.example.com') {
 8        return 444;
 9    }
10
11    #access_log  /var/log/nginx/host.access.log  main;
12
13    location /web {
14        root   /opt;
15        index  index.html index.htm;
16    }
17
18    #error_page  404              /404.html;
19
20    # redirect server error pages to the static page /50x.html
21    #
22    error_page   500 502 503 504  /50x.html;
23    location = /50x.html {
24        root   /usr/share/nginx/html;
25    }
26}
  1. HTTPS 配置
 1server {
 2    # SSL configuration
 3    listen                443 ssl;
 4    listen                [::]:443 ssl;
 5    http2                 on;
 6
 7    server_name           www.example.com;
 8
 9  	if ($host != 'www.example.com') {
10    	return 444;
11  	}
12    
13    ssl_certificate       /etc/ssl/example-com/fullchain.cer;
14    ssl_certificate_key   /etc/ssl/example-com/example.com.key;
15    ssl_session_timeout   60m;
16    ssl_session_cache     shared:MozSSL:10m;
17
18    # intermediate configuration
19    ssl_protocols         TLSv1.2 TLSv1.3;
20    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
21    ssl_prefer_server_ciphers on;
22
23    # HSTS (ngx_http_headers_module is required) (31536000 seconds)
24    #add_header Strict-Transport-Security "max-age=31536000" always;
25
26    location / {
27        root /usr/share/nginx/html;
28        index index.html index.htm;
29    }
30
31    error_page 500 502 503 504 /50x.html;
32
33    location = /50x.html {
34        root /usr/share/nginx/html;
35    }
36
37    error_page 404 /404.html;
38
39    location = /404.html {
40        root /usr/share/nginx/html;
41    }
42}
43
44server {
45    listen        80;
46    listen        [::]:80;
47
48    server_name www.example.com;
49    
50    return 301 https://$host$request_uri;
51}

2.4 验证配置

通过执行以下命令验证配置文件问题

1sudo nginx -t

或指定配置文件

1nginx -t -c /etc/nginx/nginx.conf

ℹ️ 信息:
Nginx erro : ‘server’ directive is not allowed here in …

在 nginx 配置文件 /etc/nginx/nginx.conf 扩展配置 include /etc/nginx/config.d/*.conf 中,子配置文件 *.conf 不包含 eventshttp 标签(参考文档:点这里

 1events {
 2  ...
 3}
 4
 5http {
 6    server {
 7        ...
 8    }
 9
10    server {
11        ...
12    }
13}

2.5 重载配置

参考文档:Nginx CommandLineWiKi

1sudo nginx -s reload

III. 域名解析

  1. 登录域名控制台。
  2. 添加 A 记录