部署了自己的新博客, 已备案, 支持Https 协议, 欢迎光临!
Nginx 反向代理简单使用
简介
需求
- Nginx 下载安装
- 配置80代理8090
- 配置http转https
准备
- Ubuntu:16+
- 域名
- SSL证书
Nginx 下载安装
1. 安装gcc g++的依赖库
apt-get install build-essential
apt-get install libtool
2. 安装pcre依赖库
sudo apt-get update
sudo apt-get install libpcre3 libpcre3-dev
3.安装zlib依赖库
apt-get install zlib1g-dev
4.安装ssl依赖库
apt-get install openssl
5.安装Nginx
apt-get install nginx
配置80代理8090
1.前提条件
- 服务器域名已备案
- 域名解析到服务器
- 申请相关SSL证书
- 下载证书
2. 配置SSL证书
一下路径都是博主的路径, 仅供参考
# 进入 /etc/nginx/
cd /etc/nginx
# 新建文件夹cert
mkdir cert
# 将证书放入文件夹下
# 推荐上传工具 xftp/ finalshell
# 配置nginx.conf 路径不变
vi nginx.conf
# 如果不配https 没有ssl证书 在配置文件中添加以下内容即可
# 注释的部分取消注释, 将下面第四行删除即可
server {
listen 80;
server_name www.iscolt.com; #将example.cn修改成自己的域名
rewrite ^(.*)$ https://$host$1 permanent; # 把http的域名请求转成https
#location / {
# rewrite ^/(.*)$ /$1 break;
# proxy_redirect off;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_pass http://127.0.0.1:8090; #因为Docker将Halo映射到8090端口,所以我们需要转发到8090>端口
#}
}
server {
listen 443;
server_name www.iscolt.com; #填写绑定证书的域名
ssl on;
ssl_certificate cert/1_www.iscolt.com_bundle.crt;
ssl_certificate_key cert/2_www.iscolt.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://www.iscolt.com:8090; #因为Docker将Halo映射到8090端口,所以我们需要转发到8090端口
}
location /admin {
proxy_pass http://www.iscolt.com:8090/admin; #后台管理
}
}
3. 重启Nginx
nginx -s reload
附: 博主的nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
#include /etc/nginx/mime.types;
#default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
#include /etc/nginx/conf.d/*.conf;
#include /etc/nginx/sites-enabled/*;
server {
listen 80;
server_name www.iscolt.com; #将example.cn修改成自己的域名
rewrite ^(.*)$ https://$host$1 permanent; # 把http的域名请求转成https
#location / {
# rewrite ^/(.*)$ /$1 break;
# proxy_redirect off;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_pass http://127.0.0.1:8090; #因为Docker将Halo映射到8090端口,所以我们需要转发到8090>端口
#}
}
server {
listen 443;
server_name www.iscolt.com; #填写绑定证书的域名
ssl on;
ssl_certificate cert/1_www.iscolt.com_bundle.crt;
ssl_certificate_key cert/2_www.iscolt.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://www.iscolt.com:8090; #因为Docker将Halo映射到8090端口,所以我们需要转发到8090端口
}
location /admin {
proxy_pass http://www.iscolt.com:8090/admin; #后台管理
}
}
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
附
在Ubuntu 20.04中,你可以使用以下命令来管理Nginx服务器:
# 启动Nginx服务:
sudo systemctl start nginx
# 停止Nginx服务:
sudo systemctl stop nginx
# 重启Nginx服务:
sudo systemctl restart nginx
# 查看Nginx服务状态:
sudo systemctl status nginx
# 开机自启动Nginx服务:
sudo systemctl enable nginx
# 禁止Nginx开机自启动:
sudo systemctl disable nginx
# 检查Nginx配置文件语法是否正确:
sudo nginx -t
# 重新加载Nginx配置文件:
sudo systemctl reload nginx
# 查看Nginx的访问日志(access log):
sudo tail -f /var/log/nginx/access.log
# 查看Nginx的错误日志(error log):
sudo tail -f /var/log/nginx/error.log
完结
官方文档: 地址
成功案列: 地址
如有问题, 可以联系博主, 留言评论