nginx服务器,安装配置详解
一、Nginx 安装指南
1. Ubuntu/Debian 系统安装
bash
# 更新包索引sudo apt update# 安装 Nginxsudo apt install nginx# 启动 Nginxsudo systemctl start nginx# 设置开机自启sudo systemctl enable nginx
2. CentOS/RHEL 系统安装
bash
# 添加 Nginx 官方仓库sudo yum install -y epel-release# 安装 Nginxsudo yum install -y nginx# 启动 Nginxsudo systemctl start nginx# 设置开机自启sudo systemctl enable nginx
3. 验证安装
在浏览器中访问服务器 IP 地址,若看到 "Welcome to Nginx" 页面,则安装成功。
二、Nginx 核心配置文件结构
Nginx 的主配置文件位于
/etc/nginx/nginx.conf,通常包含以下部分:nginx
user www-data; # 运行用户worker_processes auto; # 工作进程数error_log /var/log/nginx/error.log; # 错误日志路径events {
worker_connections 1024; # 每个进程的最大连接数}http {
include /etc/nginx/mime.types; # MIME 类型定义
default_type application/octet-stream; # 默认类型
# 日志格式
access_log /var/log/nginx/access.log;
# 连接超时设置
sendfile on;
keepalive_timeout 65;
# 虚拟主机配置
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;}三、虚拟主机(网站)配置
1. 创建网站目录
bash
sudo mkdir -p /var/www/example.com/htmlsudo chown -R www-data:www-data /var/www/example.com/htmlsudo chmod -R 755 /var/www/example.com
2. 创建网站配置文件
在
/etc/nginx/sites-available/ 目录下创建 example.com.conf:nginx
server {
listen 80; # 监听端口
server_name example.com www.example.com; # 域名
root /var/www/example.com/html; # 网站根目录
index index.html index.htm; # 默认索引文件
location / {
try_files $uri $uri/ =404; # 尝试访问文件,不存在则返回 404
}
error_page 500 502 503 504 /50x.html; # 错误页面配置
location = /50x.html {
root /var/www/nginx-default;
}}3. 启用网站配置
bash
# 创建软链接到 sites-enabled 目录sudo ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/sites-enabled/# 检查配置语法sudo nginx -t# 重载 Nginxsudo systemctl reload nginx
四、SSL/TLS 配置(HTTPS)
1. 安装 Certbot(获取免费 SSL 证书)
bash
# Ubuntu/Debiansudo apt install certbot python3-certbot-nginx# CentOS/RHELsudo yum install certbot python3-certbot-nginx
2. 获取 SSL 证书
bash
sudo certbot --nginx -d example.com -d www.example.com
3. 配置 HTTPS
Certbot 会自动更新 Nginx 配置,以下是手动配置示例:
nginx
server {
listen 443 ssl http2;
server_name example.com www.example.com;
root /var/www/example.com/html;
index index.html;
# SSL 证书配置
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
# SSL 优化配置
ssl_protocols TLSv1.3 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
try_files $uri $uri/ =404;
}}# HTTP 重定向到 HTTPSserver {
listen 80;
server_name example.com www.example.com;
return 301 https://$host$request_uri;}五、性能优化配置
nginx
http {
# 开启 gzip 压缩
gzip on;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
# 静态文件缓存设置
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires 30d;
log_not_found off;
access_log off;
}
# 调整 worker 进程和连接数
worker_processes auto;
worker_connections 1024;
# 限制客户端请求速率
limit_req_zone $binary_remote_addr zone=mylimit:10m rate=10r/s;
location / {
limit_req zone=mylimit;
try_files $uri $uri/ =404;
}}六、反向代理配置(以 Node.js 应用为例)
nginx
server {
listen 80;
server_name example.com;
location / {
proxy_pass http://localhost:3000; # 后端应用地址
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket 支持
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_cache_bypass $http_upgrade;
}}七、常见问题排查
检查 Nginx 状态
bash
sudo systemctl status nginx
查看错误日志
bash
tail -f /var/log/nginx/error.log
测试配置语法
bash
sudo nginx -t
重载配置
bash
sudo systemctl reload nginx
八、安全加固建议
隐藏 Nginx 版本信息
在nginx.conf中添加:
nginx
server_tokens off;
限制访问
nginx
location /admin {
allow 192.168.1.0/24; # 允许的 IP 段
deny all;}配置防火墙
bash
# 允许 HTTP 和 HTTPS 流量sudo ufw allow 80sudo ufw allow 443# 启用防火墙sudo ufw enable
以上是 Nginx 服务器的完整安装配置指南,根据实际需求可进一步调整优化。
分享给朋友:
陕公网安备61012502000310号