Ubuntu 安装nginx

https://www.nginx.com/resources/admin-guide/load-balancer/

https://github.com/gplessis/dotdeb-nginx/blob/jessie/debian/conf/nginx.conf#L4

1、更新Ubuntu

# add-apt-repository ppa:ondrej/nginx  #仓库名称
# apt-get update
# apt-get install -y libssl1.0.2 openssl

2、安装Nginx

# apt-get install -y nginx
# apt-get install -y nginx-extras

查看nginx启用模块

nginx -V

浏览器输入IP地址可以打开Nginx服务页面

3、设置Nginx通用配置文件

Nginx反向代理以及负载均衡配置

Nginx的负载均衡策略

cat /etc/nginx/nginx.conf


user www-data; #ubuntu里面nginx用户名
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
    worker_connections 1024;
    # multi_accept on;
}

http {

    ##
    # Basic Settings
    ##

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    server_tokens off;   #关闭显示nginx版本

    server_names_hash_bucket_size 64;
    # server_name_in_redirect off;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ##
    # SSL Settings
    ##

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;
    ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:EECDH+AESGCM:EDH+AESGCM:AES2
56+EECDH:AES256+EDH";
    ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
    ssl_session_cache shared:SSL:10m;
    ssl_session_tickets off; # Requires nginx >= 1.5.9
    # ssl_stapling on; # Requires nginx >= 1.3.7
    ssl_stapling_verify on; # Requires nginx => 1.3.7

    ##
    # Logging Settings
    ##

    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                '$status $body_bytes_sent "$http_referer" '
                '"$http_user_agent" "$http_x_forwarded_for"';
    access_log /data/log/nginx/access.log main;
    error_log /data/log/nginx/error.log;

    ##
    # Gzip Settings
    ##

    gzip on;
    gzip_vary on;
    gzip_min_length 1k;
    gzip_buffers 4 32k;
    gzip_disable "msie6";
    gzip_disable "MSIE [1-6].";
    gzip_http_version 1.1;
    gzip_comp_level 3;
    gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/javascript application/json;
    ##
    # Proxy Headers
    ##
    include /etc/nginx/proxy.conf;   #设置代理头信息
    more_set_headers "Server: Customer Web Server Header";

    ##
    # Virtual Host Configs
    ##

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;  #配置各个站点的信息
}

4、设置Nginx代理

cat /etc/nginx/proxy.conf

proxy_redirect          off;
proxy_set_header        Host $host;
#proxy_set_header        X-Real-IP $remote_addr; #获取真实IP
proxy_set_header       X-Forwarded-For   $proxy_add_x_forwarded_for; #获取代理者的真实ip
client_max_body_size    10m;
client_body_buffer_size 128k;
proxy_connect_timeout   90;
proxy_send_timeout      90;
proxy_read_timeout      90;
proxy_buffer_size       4k;
proxy_buffers           4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;

5、设置站点配置信息

cd /etc/nginx/sites-enabled/

upstream local_iis_80 {
    ip_hash;
    #least_conn;
    server 后端IP1:80 max_fails=2 fail_timeout=10s weight=10;
    server 后端IP2:80 max_fails=2 fail_timeout=10s weight=10;
    keepalive 45;  #防止出现nginx向后端发请求的时候连接打爆了
}

upstream local_iis_443 {
    ip_hash;
    #least_conn;
    server 后端IP1:443 max_fails=2 fail_timeout=10s weight=10;
    server 后端IP1:443 max_fails=2 fail_timeout=10s weight=10;
    keepalive 45;  #防止出现nginx向后端发请求的时候连接打爆了
}

server {
    listen 80;
    charset utf-8;

    location / {
        proxy_pass http://local_iis_80;
    }
}

server {
    listen 443 ssl http2;                 #支持http2
    charset utf-8;

    ssl_certificate /data/cert/证书.crt;
    ssl_certificate_key /data/cert/证书.key;

    location / {
        proxy_pass https://local_iis_443;
    }
}

 6、查看防火墙

iptables -L -n -v

7、此时我们修改了文件，是不是就意思着必须先关了nginx再重新启动了，其实不必，nginx可以重新加载文件的。

我们直接运行：

nginx -s reload  

如果不想直接加载，而只是想看看自己的配置文件有没有问题，可以直接输入:

nginx -t  

或者合并执行，

nginx -t && nginx -s reload

Ubuntu默认防火墙安装、启用、配置、端口、查看状态相关信息