centos7亲测可用
#添加Nginx包
sudo rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
#安装
sudo yum -y install nginx
#启动服务
sudo systemctl start nginx
#(如果启动失败,可能是Apache等服务占用了80端口,关掉相应服务/修改端口即可)
#设置nginx开机启动
sudo systemctl enable nginx
浏览器输入 服务器IP,出现welcome说明安装成功
申请ssl
CentOS 7
yum install epel-release
wget https://dl.eff.org/certbot-auto --no-check-certificate
chmod +x certbot-auto
./certbot-auto
./certbot-auto -n
记得域名要解析之后才能申请成功
然后记住证书和私钥的路径
创建日志文件夹
mkdir /www
mkdir /www/log
删除nginx默认配置文件
rm /etc/nginx/conf.d/default.conf
会提示你是否删除,输入y回车
创建新的配置文件
1.简单办法
cd /etc/nginx/conf.d
wget https://hi-yu.oss-cn-beijing.aliyuncs.com/default.conf
vim default.conf
需要修改的行数为5,7,23,24
保存
:wq
重载nginx配置
nginx -s reload
2.自行创建(注意缩进)
vi /etc/nginx/conf.d/default.conf
server
{
listen 80;
listen 443 ssl http2;
server_name 域名;
if ($host != '域名'){
return 403;
}
if ($server_port = 80 ) {
return 301 https://$host$request_uri;
}
index index.php index.html index.htm default.php default.htm default.html;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://127.0.0.1:5212;
}
#SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则
#error_page 404/404.html;
ssl_certificate 证书位置;
ssl_certificate_key 私钥位置;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
#SSL-END
#禁止访问的文件或目录
location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
{
return 404;
}
access_log /www/log/access.log;
error_log /www/log/error.log;
}
保存
:wq
重载nginx配置
nginx -s reload
如果显示无法访问清除浏览器缓存就好了
(nginx的配置含禁止ip访问,强制https,监听的5212端口如果不想被访问关了就好)