一、安裝
1、安裝nginx,必須保證系統安裝了gcc,gcc-c++編譯工具,安裝命令:yum–y install gcc,yum –y install gcc-c++
2、安裝pcre庫:tar –zxvf pcre-8.34.tar.gz;進入目錄pcre-8.34,分別執行./configure, make , make install 命令;
3、安裝zlib庫:tar –zxvf zlib-1.2.8.tar.gz;進入目錄zlib-1.2.8,分別執行./configure ,make , make install 命令;
4、安裝openssl庫:tar –zxvf openssl-1.0.1j.tar.gz;進入目錄openssl-1.0.1j,分別執行./configure, make , make install 命令;
5、安裝nginx:tar –zxvf nginx-1.6.2.tar.gz;進入目錄nginx-1.6.2,分別執行./configure--sbin-path=/etc/nginx/ --conf-path=/etc/nginx/nginx.conf --pid-path=/etc/nginx/nginx.pid--with-pcre=/opt/nginx/pcre-8.34 --with-zlib=/opt/nginx/zlib-1.2.8--with-http_ssl_module --with-openssl=/opt/nginx/openssl-1.0.1j;make ,makeinstall
6、增加用戶組:groupadd –fwww;
7、增加用戶:useradd –g wwwwww
8、修改nginx.conf(/etc/nginx/nginx.conf):把user nobody的註釋去掉,並且把nobody改爲www。
9、啓動nginx:/etc/nginx/nginx;訪問地址:http://localhost/,出現歡迎界面,則表示安裝成功。(注意防火牆是否關閉或者開發80端口)二、負載均衡
1、修改nginx.conf(/etc/nginx/nginx.conf)文件,增加upstream模塊:
upstream webservers {
#ip_hash;
#server 10.7.8.27 weight=1 max_fails=2 fail_timeout=2;
server 10.7.8.25 weight=1 max_fails=2 fail_timeout=2;
}2、在location模塊應用此模塊:
upstream webservers {
#ip_hash;
#server 10.7.8.27 weight=1 max_fails=2 fail_timeout=2;
server 10.7.8.25 weight=1 max_fails=2 fail_timeout=2;
}
server {
listen 9090;
server_name localhost;
rewrite ^(.*) https://10.7.8.21:443/; server {
listen 443 ssl;
server_name localhost;
ssl on;
ssl_certificate /etc/nginx/https_keys/server.crt;
ssl_certificate_key /etc/nginx/https_keys/server.key;
location / {
proxy_pass http://webservers;
proxy_set_header X-Real-IP $remote_addr;
}
}
3、至此,並可以實現負載均衡。
三、反向代理1、生成證書
1)創建服務器私鑰:opensslgenrsa -des3 -out server.key 1024
2)創建簽名請求的證書(CSR):openssl req-new -key server.key -out server.csr
3)去掉啓動NGINX需要口令:cpserver.key server.key.org,openssl rsa -in server.key.org -out server.key
4)最後標記證書使用上述私鑰和CSR:openssl x509-req -days 365 -in server.csr -signkey server.key -out server.crt
2、配置nginx.conf(/etc/nginx/nginx.conf)文件:server {
listen 443 ssl;
server_name localhost;
ssl on;
ssl_certificate /etc/nginx/https_keys/server.crt;
ssl_certificate_key /etc/nginx/https_keys/server.key;
location / {
proxy_pass http://webservers;
proxy_set_header X-Real-IP $remote_addr;
}
}
3、配置80端口自動跳轉到443端口:
rewrite ^(.*)https://10.7.8.21:443/;