linux安装nginx

1、安装依赖包

yum -y install gcc pcre-devel zlib-devel openssl openssl-devel

2、wget -c https://nginx.org/download/nginx-1.16.1.tar.gz

3、tar -zxvf nginx-1.16.1.tar.gz

4、cd nginx-1.16.1

5、配置 ./configure --prefix=/usr/nginx --with-http_ssl_module

6、编译

make

make install

7、./sbin/nginx -t 测试安装ok是否

8、cd sbin

./nginx 启动nginx

9、curl http://ip 回车测试nginx启动与否

nginx配置ssl证书

1、/usr/nginx/sbin/nginx -V 查看是否支持ssl

如果出现 configure arguments: --with-http_ssl_module, 则已安装（下面的步骤可以跳过，进入 nginx.conf 配置）。

2、cd nginx

mkdir cert

将ssl证书文件放在cert文件夹下

3、http{

#http节点中可以添加多个server节点

server{

#监听443端口

listen 443;

#对应的域名，把baofeidyz.com改成你们自己的域名就可以了

server_name baofeidyz.com;

ssl on;

#从腾讯云获取到的第一个文件的全路径

ssl_certificate /etc/ssl/1_baofeidyz.com_bundle.crt;

#从腾讯云获取到的第二个文件的全路径

ssl_certificate_key /etc/ssl/2_baofeidyz.com.key;

ssl_session_timeout 5m;

ssl_protocols TLSv1 TLSv1.1TLSv1.2;

ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;

ssl_prefer_server_ciphers on;

#这是我的主页访问地址，因为使用的是静态的html网页，所以直接使用location就可以完成了。

location / {

#文件夹

root /usr/local/service/ROOT;

#主页文件

index index.html;

}

server{

listen 80;

server_name baofeidyz.com;

rewrite ^/(.*)$ https://baofeidyz.com:443/$1 permanent; }

}

4、重启nginx

【注】

nginx+lua实现oss private nginx转发

方法如下：

①安装nginx+lua

https://blog.csdn.net/qq_31725371/article/details/85226116

②配置nginx和lua脚本

https://developer.aliyun.com/article/8532

oss_auth.lua

-- has been sorted in alphabetical order

local signed_subresources = {

'acl',

'append',

'bucketInfo',

'cname',

'commitTransition',

'comp',

'cors',

'delete',

'lifecycle',

'location',

'logging',

'mime',

'notification',

'objectInfo',

'objectMeta',

'partData',

'partInfo',

'partNumber',

'policy',

'position',

'referer',

'replication',

'replicationLocation',

'replicationProgress',

'requestPayment',

'response-cache-control',

'response-content-disposition',

'response-content-encoding',

'response-content-language',

'response-content-type',

'response-expires',

'restore',

'security-token',

'tagging',

'torrent',

'uploadId',

'uploads',

'versionId',

'versioning',

'versions',

'website'

}

function string.startswith(s, start)

return string.sub(s, 1, string.len(start)) == start

end

local function get_canon_sub_resource()

local args = ngx.req.get_uri_args()

-- lower keys

local keys = {}

for k, v in pairs(args) do

keys[k:lower()] = v

end

-- make resource string

local s = ''

local sep = '?'

for i, k in ipairs(signed_subresources) do

v = keys[k]

if v then

-- sub table

v = type(v) == 'table' and v[1] or v

s = s .. string.format("%s%s=%s", sep, k, v)

sep = '&'

end

return s

end

local function get_canon_resource()

resource = ''

object = ngx.unescape_uri(ngx.var.uri)

sub = get_canon_sub_resource()

return string.format("/%s%s%s", ngx.var.oss_bucket, object, sub)

end

local function get_canon_headers()

-- default: <lowerkey, value>

local headers = ngx.req.get_headers()

local keys = {}

for k, v in pairs(headers) do

if string.startswith(k, 'x-oss-') then

-- client must assemble the same header keys

if type(v) ~= 'string' then return nil end

table.insert(keys, k)

end

-- sorted in alphabetical order

table.sort(keys)

for i, key in ipairs(keys) do

keys[i] = key .. ':' .. headers[key] .. '\n'

end

return table.concat(keys)

end

local function calc_sign(key, method, md5, type_, date, oss_headers, resource)

-- string_to_sign:

-- method + '\n' + content_md5 + '\n' + content_type + '\n'

-- + date + '\n' + canonicalized_oss_headers + canonicalized_resource

local sign_str = string.format('%s\n%s\n%s\n%s\n%s%s',

method, md5, type_,

date, oss_headers, resource)

ngx.log(ngx.ERR, "SignStr:", sign_str, "\n")

local sign_result = ngx.encode_base64(ngx.hmac_sha1(key, sign_str))

return sign_result, sign_str

end

local function oss_auth()

-- ngx.log(ngx.INFO, 'auth')

--local method = ngx.var.request_method

local method = ngx.req.get_method()

local content_md5 = ngx.var.http_content_md5 or ''

local content_type = ngx.var.http_content_type or ''

-- get date

local date = ngx.var.http_x_oss_date or ngx.var.http_date or ''

if date == '' then

date = ngx.http_time(ngx.time())

-- ngx.log(ngx.INFO, 'Date:', date)

ngx.req.set_header('Date', date)

end

local resource = get_canon_resource()

local canon_headers = get_canon_headers()

local sign_result, sign_str = calc_sign(ngx.var.oss_auth_key, method, content_md5,

content_type, date, canon_headers, resource)

-- ngx.log(ngx.INFO, 'sign string:', sign_str)

-- ngx.log(ngx.INFO, 'sign string len:', string.len(sign_str))

local auth = string.format("OSS %s:%s", ngx.var.oss_auth_id, sign_result)

ngx.req.set_header('Authorization', auth)

ngx.exec("@oss")

end

-- main

res = oss_auth()

if res then

ngx.exit(res)

end

nginx.conf配置文件

location / {

root html;

index index.html index.htm;

set $oss_bucket "xxxx";

set $oss_auth_id "xxxx";

set $oss_auth_key "xxxx";

rewrite_by_lua_file "/soft/nginx/conf/oss_auth.lua";

}

location @oss {

proxy_pass https://xxx.oss-cn-hangzhou.aliyuncs.com;

}