nginx

1. 阿里云安装：https://www.cnblogs.com/paul123/p/11065720.html

 

启动： nginx -c /opt/tools/nginx/conf/tomcat.conf

停止： nginx -s stop

重新加载： nginx -s reload

校验： nginx -t -c /opt/tools/nginx/conf/tomcat.conf

 

# cat tomcat.conf

user nobody;
#nginx进程数,建议设置为等于CPU总核心数.
worker_processes 4; 

events {
       #单个进程最大连接数（最大连接数=连接数*进程数）

       worker_connections  1024;
}

http{
     proxy_next_upstream error timeout invalid_header http_500 http_503 http_502;
     # (单位s)设置客户端连接保持活动的超时时间,在超过这个时间后服务器会关闭该链接
     keepalive_timeout 120;


     upstream tomcat_server {
         #sticky;
         server   localhost:8080 max_fails=1000 fail_timeout=120s;
         server   localhost:8081 backup;
     }

     server{
         listen      80;
         server_name 127.0.0.1;
         access_log logs/server1,access.log combined;

         location / {
                proxy_set_header  Host    $host;
                proxy_set_header  X-Real-IP    $remote_addr;
                proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_pass  http://tomcat_server;
         }
     }
 }

 

2. 问题：

# nginx -c tomcat.conf

-bash: nginx: command not found

办法：

vi /etc/profile

添加： PATH

source /etc/profile

 

Nginx：unknown directive "stream"

nginx默认安装的时候没有加载stream模块，安装一下

./configure --with-stream

make & make install

 

安装sticky模块

wget https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/master.tar.gz

tar zxf master.tar.gz

mv nginx-goodies-nginx-sticky-module-ng-08a395c66e42 nginx-goodies-nginx-sticky-module-ng

cd /usr/local/nginx-1.16.0/

./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module --with-http_ssl_module --with-stream --add-module=/opt/tools/nginx-goodies-nginx-sticky-module-ng

make & make install

*带上红色部分，免得stream模块被覆盖

upstream tomcat_server {
         sticky;
         server   localhost:8080;
         server   localhost:8081;
     }

 

3. nginx 配置https

在http里面添加：

server {
        listen 443 ssl;
        server_name 127.0.0.1;

        ssl_certificate      /opt/tools/test.pem;
        ssl_certificate_key  /opt/tools/testkey.pem;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;

        location / {
            proxy_set_header  X-Real-IP  $remote_addr;
            proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $host;
            proxy_redirect off;
            expires off;
            sendfile off;
            proxy_pass     http://tomcat_server;
        }
    }

 

pfx证书转pem证书：

#证书

openssl pkcs12 -in test.pfx -nokeys -out test.pem

#私钥

openssl pkcs12 -in test.pfx -nocerts -out testKey.pem -nodes