nginx
配置
一般会在 nginx.conf > http 模块里配置 include /etc/nginx/conf.d/*.conf;
然后 ./conf.d/ 里的配置文件按各服务拆分
普通转发
Yapi 的 conf
server {
listen 80;
server_name yapi.lmhdev.com; # 这里如果是 ip,也要填写,否则匹配不上
gzip on;
gzip_min_length 10k;
gzip_comp_level 5;
gzip_types text/plain application/javascript application/x-javascript text/css text/javascript;
gzip_vary on;
gzip_disable "MSIE [1-6]\.";
client_max_body_size 15m;
proxy_buffers 16 1024k;
proxy_buffer_size 1024k;
auth_basic "Administrator’s Area";
auth_basic_user_file /etc/nginx/.htpasswd;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass_request_headers on; # 重要!
# 如果自定义请求头本身有下划线_的,则要配置 underscores_in_headers on;
proxy_pass http://127.0.0.1:4000;
}
# 其他转发
# 转发时会连带匹配路径一起
location /mw/v1/wx/server/ {
proxy_set_header Host $host;
proxy_pass http://0.0.0.0:8088;
}
# 转发时仅带着匹配路径以后的部分
location /mw/v1/wx/server2/ {
proxy_set_header Host $host;
proxy_pass http://0.0.0.0:8088/; # 斜杠加 proxy_pass 这里!
}
basic auth
测试
不确定时最好先 online 检测下
启动
nginx -s reload
nginx: [error] open() "/opt/homebrew/var/run/nginx/nginx.pid" failed (2: No such file or directory)
顾名思义 没有 pid 说明此时没有暂停或启动的 nginx,需要重新启动 nginx 即可
p.s. 若 brew start nginx 报错,则去 nginx 安装目录下直接启动 nginx
如何定位 nginx 安装目录?(以及 如何定位其他应用程序的安装目录)
- which nginx
- brew info nginx
- nginx -V
brew services start nginx
/bin/launchctl bootstrap gui/501 /Users/lmh/Library/LaunchAgents/homebrew.mxcl.nginx.plist --verbose Bootstrap failed: 5: Input/output error Try re-running the command as root for richer errors.
没有看到真正的报错,但是大概原因一般是让 nginx 监听了被占用的端口(默认 8080),一般情况下应该是让 nginx 监听 80 的。
问题解决了 应该 sudo brew services restart nginx 不加 sudo 的话,brew 会自己试图调整到 8080 端口,放弃对 80 的端口监听去。
安装
linux
sudo yum update
sudo yum install nginx
sudo systemctl status nginx
sudo systemctl enable nginx
sudo systemctl start nginx
基础
static server 静态服务器
http {
# 如果没有显式声明 default server 则第一个 server 会被隐式的设为 default server
server {
listen 80 default_server;
server_name _; # _ 并不是重点 __ 也可以 ___也可以
return 403; # 403 forbidden
}
server {
listen 8080;
server_name localhost;
location / {
root /Users/dearvikki/workspace;
}
}
}
- location autoindex on; //可以去自动匹配文件夹下的index.html 当然默认index的值也可以指定 index index.htm; location匹配规则:
- root v.s. alias stackoverflow.com 前者配置时只需上层文件夹地址,会带着匹配到的路径匹配;后者可以定义到任何文件或文件,所以我更喜欢用后者
- error page
shell
error_page 404 403 500 503 /error-page.html;
location = /error-page.html {
root /var/www/html;
internal;
}
- Https 配置
shell
http{
ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
ssl_protocols TLSv1.1 TLSv1.2;
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server ;
server_name www.zhihu.com zhihu.com;
ssl_certificate /certs/www.zhihu.com.pem;
ssl_certificate_key /certs/www.zhihu.com-key.pem;
location / {
root /nginx;
autoindex on;
index test.html;
}
}
}
参考 https://www.linode.com/docs/web-servers/nginx/enable-tls-on-nginx-for-https-connections/
自签名证书采用mkcert工具 https://github.com/FiloSottile/mkcert#installation 超级快乐!
自己用openssl生成的话 很有可能哪里配置不对 chrome会给不安全界面
具体实现可参考 https://github.com/loganstellway/self-signed-ssl 较易懂
stackoverflow https://stackoverflow.com/questions/43665243/invalid-self-signed-ssl-cert-subject-alternative-name-missing
proxy server 代理服务器
会反向代理/转发啦!
server{
listen 80;
server_name localhost;
location ^~ /permission/ {
# /permission/api1转发到的是http://127.0.0.1:5000/api1
proxy_pass http://127.0.0.1:8888;
proxy_redirect default;
}
}
在nginx中配置proxy_pass时,**如果是按照^~匹配路径时,要注意proxy_pass后的url最后的/: - 如果proxy_pass末尾有斜杠/,proxy_pass不拼接location的路径 - 如果proxy_pass末尾无斜杠/,proxy_pass会拼接location的路径 每次都要点开看一遍才能扯清楚!!生气!!😠 Nginx中proxy_pass末尾带斜杠/和不带的区别_nginx带斜杠和不带斜杠-CSDN博客
Lua
配合可实现流量切换、灰度配置、服务热部署等
How to add Lua scripting power to your NGINX in under one minute - GetPageSpeed
lua - Dynamic Nginx upstream based on ngx.var set in access_by_lua_block - Stack Overflow
Directives - OpenResty Reference
启动的 n 种姿势
- 直接:运行 nginx 的 bin
- systemctl: