nginx

Nginx

Install(build from source)

error: the HTTP rewrite module requires the PCRE library.

to fix this error, install pcre3.

$ sudo apt-get install libpcre3 libpcre3-dev

then

$ ./configure
$ make
$ sudo make install

Run:

$ sudo /usr/local/nginx/sbin/nginx

Stop:

$ sudo /usr/local/nginx/sbin/nginx -s stop

Reload:

$ sudo /usr/local/nginx/sbin/nginx -s reload

Use apt-get(dotdeb)

  1. Add the main repository to your /etc/apt/sources.list:

    deb http://packages.dotdeb.org wheezy(or squeeze) all
    deb-src http://packages.dotdeb.org wheezy(or squeeze) all
    
  2. Fetch and install the GnuPGP key

    $ wget http://www.dotdeb.org/dotdeb.gpg
    $ sudo apt-key add dotdeb.gpg
    
  3. Update

    $ sudo apt-get update
    
  4. Install nginx

    $ sudo apt-get install nginx
    
  5. Usage

    $ sudo service nginx start/stop/reload
    
  6. Check config file:

    $ sudo nginx -t
    

Reference: dotdeb_instructions

Configuration

Example:

server {
     listen 80;
     server_name wiki.lord63.com;
     root /opt/wiki.lord63.com/output ;
     location / {
         index index.html ;
     }
 }

Nginx 反向代理

反向代理 google(https)

server {
    listen 443;
    server_name xxx.xxx;
    ssl on;
    ssl_certificate /usr/local/nginx/xxx.crt; #这里改为你自己的证书路径
    ssl_certificate_key /usr/local/xxx.key; #这里改为你自己的密钥路径

    location / {
        proxy_redirect http://www.google.com/ /;
        proxy_cookie_domain google.com xxx.xxx;
        proxy_pass http://173.194.127.48;
        proxy_set_header Accept-Encoding "";
        proxy_set_header User-Agent $http_user_agent;
        proxy_set_header Accept-Language "zh-CN";
        proxy_set_header Cookie "PREF=ID=047808f19f6de346:U=0f62f33dd8549d11:FF=2:LD=zh-CN:NW=1:TM=1325338577:LM=1332142444:GM=1:SG=2:S=rE0SyJh2W1IQ-Maw";
        sub_filter www.google.com xxx.xxx;
        sub_filter_once off;
    }
}

server {
    listen 80;
    server_name xxx.xxx;
    rewrite ^(.*) https://xxx.xxx$1 permanent;
}

把所有的xxx.xxx改为你自己的域名

反向代理 google(http)

server {
    listen 80;
    server_name xxx.xxx;

    location / {
        proxy_redirect http://www.google.com/ /;
        proxy_cookie_domain google.com xxx.xxx;
        proxy_pass http://173.194.127.48;
        proxy_set_header Accept-Encoding "";
        proxy_set_header User-Agent $http_user_agent;
        proxy_set_header Accept-Language "zh-CN";
        proxy_set_header Cookie "PREF=ID=047808f19f6de346:U=0f62f33dd8549d11:FF=2:LD=zh-CN:NW=1:TM=1325338577:LM=1332142444:GM=1:SG=2:S=rE0SyJh2W1IQ-Maw";
        sub_filter www.google.com xxx.xxx;
        sub_filter_once off;
    }
}

反向代理 1024

server {
    listen 80;
    server_name xxx.xxx;

    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-Ip $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_pass http://184.154.128.246/;
    }
}

把所有的xxx.xxx改为你自己的域名即可

Reference: https://www.v2ex.com/t/126028

将本地的5000端口转发到80端口

server {
    listen 80;
    server_name YOUR_DOMAIN_NAME;
    location / {
        proxy_pass http://localhost:5000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_redirect off;
    }
}

Try Let's Encrypt with nginx

2015.12.03, let's encrypt 进入 public beta 阶段,于 20151204 试用一番 w

环境:debian 7.9; nginx 1.8.0; openssl 1.0.1e; python 2.7.3

目前 nginx 的集成还不是很好,apache 就很 ok,nginx 的貌似还不能完全的自动化。

安装并使用:

$ git clone https://github.com/letsencrypt/letsencrypt
$ cd letsencrypt
$ sudo ./letsencrypt-auto certonly

按照提示,填写邮箱;同意 TOS;然后就填写你的域名了(可以多个)。如果你的 nginx 还在运行,它会 提示失败,因为它也要绑定 80 端口监听,你可以暂时停一下 nginx 然后等好了以后再起来。

稍等一会证书就生成好了,一般是在 /etc/letsencrypt/live/yourdomain.com/ 文件目录下的。

接下来可以去 Mozilla SSL Configuration Generator 生成 ssl 的配置文件。主要修改以下地方:

...
ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
...
# dhparam.pem 可以使用这个命令生成: openssl dhparam -out dhparam.pem 2048
# 稍微要花点时间。
ssl_dhparam /path/to/your/dhparam.pem;
...
ssl_trusted_certificate /etc/letsencrypt/live/yourdomain.com/chain.pem;
...

然后重新加载一下 nginx 的配置文件基本就可以了:

$ sudo service nginx reload

关于 nginx 重定向 http 到 https 的可以看看这个 问题

关于测试你的 SSL 配置,你可以去 Qualys SSL LabsHTTP Security Report 测试查看。

参考: