nginx安装和配置

nginx安装和配置

docker compose方式

安装

docker compose yml文件配置示例。

nginx:
    image: nginx:stable
    container_name: nginx
    restart: always
    networks:
      # 可选，固定ip 
      your-network:
        ipv4_address: 177.7.0.15
    ports:
      - 80:80
      - 443:443
      # 自定义端口
      - 7081:7081
    privileged: true
    environment:
      TZ: ${TZ}
    volumes:
      # 页面放置目录
      - ${DATA_PATH}/nginx/page:/etc/nginx/page
      - ${DATA_PATH}/nginx/nginx.conf:/etc/nginx/nginx.conf
      # 可选，ssl证书挂载目录
      - ${DATA_PATH}/nginx/cert:/etc/nginx/cert
      - ${DATA_PATH}/nginx:/var/log/nginx

原生方式

安装

sudo apt install nginx -y
sudo systemctl enable nginx
sudo systemctl start nginx

配置

nginx.conf配置示例。原生安装的位于/etc/nginx目录。

worker_processes  1;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;

    gzip on;
    gzip_min_length  1k;
    gzip_buffers     16 64K;
    gzip_http_version 1.1;
    gzip_comp_level 5;
    gzip_types     text/plain application/javascript application/x-javascript text/javascript text/css application/xml;
    gzip_vary on;
    gzip_proxied   expired no-cache no-store private auth;
    gzip_disable   "MSIE [1-6]\.";
	
	# 日志配置，全局关闭access.log和error.log，也可以放在server模块中单独控制
	#access_log off;
    #error_log off;
	
	# url unicode编码转换
    charset utf-8;

    server {
        # 监听端口配置
        listen      80;
	    listen 443 ssl;
        # 监听ip配置
	    server_name  0.0.0.0;

        # ssl配置，可选
        ssl_certificate    /etc/nginx/cert/xxx.com.pem;
	    ssl_certificate_key    /etc/nginx/cert/xxx.com.key;
	    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
	    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
	    ssl_prefer_server_ciphers on;
	    ssl_session_cache shared:SSL:10m;
	    ssl_session_timeout 10m;

		# 文件上传大小限制，单文件上传最大10M
		client_max_body_size 10M;
		
        # 后端api
		location /api/ {
			proxy_set_header Host $http_host;
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header REMOTE-HOST $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_pass http://backendContainerName:8089/;
		}

        # 管理后台。alias别名方式重定向
        location /admin {
			alias /etc/nginx/page/admin/;
			try_files $uri $uri/ /index.html;
			index  index.html index.htm;
        }

	    # 官网。root方式重定向
        location / {
			root /etc/nginx/page/portal;
			try_files $uri $uri/ /index.html;
        }
    }
}