系统平台:CentOS release 8.2 64位。
1.首先安装编译工具及库文件
执行命令:
yum -y install make zlib zlib-devel gcc-c++ libtool openssl openssl-devel
2.安装必不可少的PREC,安装PCRE是为了让Nginx支持Rewrite(重定向)功能。
2.1进入/usr/local/src目录
命令:
cd /usr/local/src/
2.2下载prec压缩包
命令:
wget http://downloads.sourceforge.net/project/pcre/pcre/8.45/pcre-8.45.tar.gz
目前最新版本为8.45,进入https://sourceforge.net/projects/pcre/files/可以查看是否有最新版本,如果有最新版本直接修改地址中的版本号即可(8.45).
下载完成后,通过ls命令可以在当前目录看到pcre-8.45.tar.gz文件。
2.3解压文件并安装
tar zxvf pcre-8.45.tar.gz
解压后在当前目录通过ls命令可以看到pcre-8.45文件夹
安装,进入pcre-8.45目录执行编译命令
cd pcre-8.45
./configure
等待编译命令./configure执行完成后再执行安装命令
make && make install
安装完成后,查看pcre版本号:
pcre-config --version
可以看到版本号为8.45,至此pcre安装完成。
3.下载安装nginx
3.1下载nginx
进入https://nginx.org/en/download.html查看当前nginx最新版本。
当前最新稳定版本1.20.1
退回到/usr/local/src目录,并下载nginx压缩包
下载命令:
[root@iZbp139lusbqul3nrugwpnZ src]# wget http://nginx.org/download/nginx-1.20.1.tar.gz
3.2解压
tar zxvf nginx-1.20.1.tar.gz
解压完成可以暗道nginx-1.20.1目录
3.3编译安装
进入nginx-1.20.1目录
配置命令:
将nginx安装到/usr/local/webserver/nginx目录
./configure --prefix=/usr/local/webserver/nginx --with-http_stub_status_module --with-http_ssl_module --with-pcre=/usr/local/src/pcre-8.45
编译和 安装命令:
make
make install
进入nginx安装目录下的sbin目录中可以查看nginx版本号
版本号为1.20.1
4.配置运行nginx
这里我想让nginx监听2000端口
4.1.系统如果开启了防火墙,需要给系统开放2000端口
防火墙开启2000端口命令:(如果没有安装防火墙,请先安装并开启防火墙)
防火墙常用相关命令:
安装:yum install firewalld
启动: systemctl start firewalld
关闭: systemctl stop firewalld
查看状态: systemctl status firewalld
开机禁用 : systemctl disable firewalld
开机启用 : systemctl enable firewalld
firewall-cmd --add-port=2000/tcp --zone=public --permanent
--permanent表示永久开放2000端口,否则重启防火墙后,2000端口将被关闭
4.2修改nginx配置文件
user root; worker_processes 1; error_log /usr/local/webserver/nginx/logs/nginx_error.log crit; pid /usr/local/webserver/nginx/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; server { listen 2000; server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; location / { root html; index index.html index.htm; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ .php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ .php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server # #server { # listen 443 ssl; # server_name localhost; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #} }
注意红色字体部分,这里使用root账号运行nginx,监听端口改为2000.
error_log /usr/local/webserver/nginx/logs/nginx_error.log crit; #日志文件目录和日志等级
pid /usr/local/webserver/nginx/nginx.pid;#nginx启动进程ID存放目录
4.3检查配置文件是否正确和启动nginx
4.4查看运行监听端口
浏览器查看
5.部署一个.NET 5.0应用,运行端口为8000,并配置nginx做代理。
具体部署步骤不赘述,可参考《CentOS8.2+Supervisor部署.NET 5.0应用》或者《CentOS7+Docker部署ASP.NET Core3.1应用》。
5.1修改nginx配置文件,添加反向代理配置,完整配置文件内容如下:(特别需要注意的时,部分配置项需要注意nginx安装路径,否则无法启动nginx。)
建议每添加一项配置就使用/usr/local/webserver/nginx/sbin/nginx -t命令检查一次配置文件是否正确,这样可以及时发现错误配置项。
此配置nginx监听2000端口,并将2000端口请求转发本地8000端口上。
user root; worker_processes 1;
#日志路径和日志等级 error_log /usr/local/webserver/nginx/logs/nginx_error.log crit;
#nginx启动进程ID存储路径 pid /usr/local/webserver/nginx/nginx.pid; events { use epoll; worker_connections 1024; } http { include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.0; gzip_comp_level 6; gzip_types text/html text/plain text/css text/javascript application/json application/javascript application/x-javascript application/xml; gzip_vary on; client_max_body_size 10m; client_body_buffer_size 128k; proxy_connect_timeout 75; proxy_send_timeout 75; proxy_read_timeout 75; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; #这里注意nginx安装路径/usr/local/webserver/nginx/ proxy_temp_path /usr/local/webserver/nginx/proxy_temp 1 2; upstream proxyserver { #ip_hash; server 192.168.0.1:8000 max_fails=2 fail_timeout=30s ; } server { listen 2000; server_name www.yourhost.com; charset utf-8; access_log logs/host.access.log main; location / { root html; index index.html index.htm; #如果是1个到多个节点可用该配置方法 proxy_pass http://proxyserver; #如果只有1个节点可用该配置方法 #proxy_pass http://192.168.0.1:8000; proxy_redirect off; # 此配置使后端的Web服务器可通过X-Forwarded-For获取用户真实的IP proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ .php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ .php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server # #server { # listen 443 ssl; # server_name localhost; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #} }
保存后检查nginx配置文件是否正确,并重新载入配置文件。
重新载入nginx配置文件命令(会自动重启nginx)
/usr/local/webserver/nginx/sbin/nginx -s reload
没有异常抛出,启动成功。在浏览器访问2000端口,将进入到运行在8000端口的站点首页,这里首页只放了一张图片。
至此,简单的反向代理配置完成。