Nginx部署文件服务之远程访问文件
通用编译环境安装命令(最后一次更新于2020年7月10日15:57:23)
yum install gcc gcc-c++ automake pcre pcre-devel zlip zlib-devel openssl openssl-devel
1.在线yum下载安装nginx(当前最新版本1.18.0发布于2020-04-21,Nginx手动下载地址)
$ wget http://nginx.org/download/nginx-1.18.0.tar.gz
$ useradd -d /home/nginx -m nginx
$ tar -zxvf nginx-1.18.0.tar.gz
$ cd nginx-1.18.0
$ ./configure --user=nginx --group=nginx --prefix=/home/nginx --with-http_stub_status_module --with-http_ssl_module --with-stream --with-stream_ssl_module --with-http_dav_module
$ make && make install
$ 配置文件服务器
server {
listen 端口 ssl;
server_name 域名;
access_log /home/nginx/download.log;
charset utf-8;
root /home/ftp;
ssl_certificate cert/xxxxxxxxxxxxxx.pem;
ssl_certificate_key cert/xxxxxxxxxxxxxx.com.key;
ssl_session_timeout 60m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
autoindex_exact_size off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
client_max_body_size 100m;
client_body_buffer_size 128k;
proxy_connect_timeout 1200;
proxy_read_timeout 1200;
proxy_send_timeout 6000;
proxy_buffer_size 32k;
proxy_buffers 4 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
autoindex on;
limit_rate_after 25m; # 达到最大带宽时开始限制
limit_rate 25m; # 带宽限制
if ($request_filename ~* ^.*?\.(jar|txt|doc|pdf|rar|gz|zip|docx|exe|xlsx|ppt|pptx)$){
add_header Content-Disposition: 'attachment;';
}
#新增解决图片跨域问题
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods 'GET,POST';
add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
}
}
--------------------------启动/校验/停止----------------
访问地址:https://域名:端口/
检查配置文件是否有错误
$./nginx -t
指定配置文件
$./nginx -c /home/nginx/conf/nginx.conf
优雅停止
$./nginx -s stop
以下为编译模块命令,用来备忘(无需关注,防止忘记,记录在下面):
./configure \
--user=nginx \
--group=nginx \
--prefix=/home/nginx \
--with-threads \
--with-file-aio \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_xslt_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_auth_request_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_degradation_module \
--with-http_slice_module \
--with-http_stub_status_module \
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module \
--with-stream_ssl_preread_module \
其他使用实例
user root;
worker_processes 1;
error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
pid logs/nginx.pid;
events {
worker_connections 1024;
}
stream {
upstream ssh40 {
server 192.168.3.40:55555;
}
upstream ssh41 {
server 192.168.3.41:55555;
}
upstream ssh42 {
server 192.168.3.42:55555;
}
upstream ssh43 {
server 192.168.3.43:55555;
}
upstream ssh44 {
server 192.168.3.44:55555;
}
upstream ssh45 {
server 192.168.3.45:55555;
}
upstream ssh47 {
server 192.168.3.47:55555;
}
upstream ssh48 {
server 192.168.3.48:55555;
}
upstream ssh49 {
server 192.168.3.49:55555;
}
upstream ssh50 {
server 192.168.3.50:22;
}
upstream ssh49-harbor {
server 192.168.3.49:9343;
}
upstream ssh49-docker {
server 192.168.3.49:9349;
}
upstream ssh49-portainer-ce {
server 192.168.3.49:9350;
}
upstream ssh49-minio {
server 192.168.3.49:9351;
}
upstream ssh49-registry {
server 192.168.3.49:9352;
}
server {
#里面可以有多个监听服务,配置监听端口和代理的ip和端口就可以进行tcp代理了。
listen 10040;
proxy_pass ssh40;
proxy_connect_timeout 1h;
proxy_timeout 1h;
}
server {
#里面可以有多个监听服务,配置监听端口和代理的ip和端口就可以进行tcp代理了。
listen 10041;
proxy_pass ssh41;
proxy_connect_timeout 1h;
proxy_timeout 1h;
}
server {
#里面可以有多个监听服务,配置监听端口和代理的ip和端口就可以进行tcp代理了。
listen 10042;
proxy_pass ssh42;
proxy_connect_timeout 1h;
proxy_timeout 1h;
}
server {
#里面可以有多个监听服务,配置监听端口和代理的ip和端口就可以进行tcp代理了。
listen 10043;
proxy_pass ssh43;
proxy_connect_timeout 1h;
proxy_timeout 1h;
}
server {
#里面可以有多个监听服务,配置监听端口和代理的ip和端口就可以进行tcp代理了。
listen 10044;
proxy_pass ssh44;
proxy_connect_timeout 1h;
proxy_timeout 1h;
}
server {
#里面可以有多个监听服务,配置监听端口和代理的ip和端口就可以进行tcp代理了。
listen 10045;
proxy_pass ssh45;
proxy_connect_timeout 1h;
proxy_timeout 1h;
}
server {
#里面可以有多个监听服务,配置监听端口和代理的ip和端口就可以进行tcp代理了。
listen 10047;
proxy_pass ssh47;
proxy_connect_timeout 1h;
proxy_timeout 1h;
}
server {
#里面可以有多个监听服务,配置监听端口和代理的ip和端口就可以进行tcp代理了。
listen 10048;
proxy_pass ssh48;
proxy_connect_timeout 1h;
proxy_timeout 1h;
}
server {
#里面可以有多个监听服务,配置监听端口和代理的ip和端口就可以进行tcp代理了。
listen 10049;
proxy_pass ssh49;
proxy_connect_timeout 1h;
proxy_timeout 1h;
}
server {
#里面可以有多个监听服务,配置监听端口和代理的ip和端口就可以进行tcp代理了。
listen 10050;
proxy_pass ssh50;
proxy_connect_timeout 1h;
proxy_timeout 1h;
}
# 49服务器专用
server {
#49上的Harbor仓库
listen 9343 ssl;
ssl_certificate /root/.cert/************.pem;
ssl_certificate_key /root/.cert/************.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_prefer_server_ciphers on;
ssl_handshake_timeout 10s;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1h;
proxy_pass ssh49-harbor;
proxy_connect_timeout 1h;
proxy_timeout 1h;
}
server {
#49上的Docker
listen 9349 ssl;
ssl_certificate /root/.cert/************.pem;
ssl_certificate_key /root/.cert/************.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_prefer_server_ciphers on;
ssl_handshake_timeout 10s;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1h;
proxy_pass ssh49-docker;
proxy_connect_timeout 1h;
proxy_timeout 1h;
}
server {
#49上的docker管理工具Portainer-ce
listen 9350 ssl;
ssl_certificate /root/.cert/************.pem;
ssl_certificate_key /root/.cert/************.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_prefer_server_ciphers on;
ssl_handshake_timeout 10s;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1h;
proxy_pass ssh49-portainer-ce;
proxy_connect_timeout 1h;
proxy_timeout 1h;
}
server {
#49上的docker管理工具Portainer-ce
listen 9351 ssl;
ssl_certificate /root/.cert/************.pem;
ssl_certificate_key /root/.cert/************.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_prefer_server_ciphers on;
ssl_handshake_timeout 10s;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1h;
proxy_pass ssh49-minio;
proxy_connect_timeout 1h;
proxy_timeout 1h;
}
server {
#49上的Registry
listen 9352 ssl;
ssl_certificate /root/.cert/************.pem;
ssl_certificate_key /root/.cert/************.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_prefer_server_ciphers on;
ssl_handshake_timeout 10s;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1h;
proxy_pass ssh49-registry;
proxy_connect_timeout 1h;
proxy_timeout 1h;
}
}
为梦想不止不休!
