Nginx
Install(build from source)
error: the HTTP rewrite module requires the PCRE library.
to fix this error, install pcre3.
$ sudo apt-get install libpcre3 libpcre3-dev
then
$ ./configure $ make $ sudo make install
Run:
$ sudo /usr/local/nginx/sbin/nginx
Stop:
$ sudo /usr/local/nginx/sbin/nginx -s stop
Reload:
$ sudo /usr/local/nginx/sbin/nginx -s reload
Use apt-get(dotdeb)
-
Add the main repository to your
/etc/apt/sources.list:deb http://packages.dotdeb.org wheezy(or squeeze) all deb-src http://packages.dotdeb.org wheezy(or squeeze) all
-
Fetch and install the GnuPGP key
$ wget http://www.dotdeb.org/dotdeb.gpg $ sudo apt-key add dotdeb.gpg
-
Update
$ sudo apt-get update
-
Install nginx
$ sudo apt-get install nginx
-
Usage
$ sudo service nginx start/stop/reload
-
Check config file:
$ sudo nginx -t
Reference: dotdeb_instructions
Configuration
Example:
server { listen 80; server_name wiki.lord63.com; root /opt/wiki.lord63.com/output ; location / { index index.html ; } }
Nginx 反向代理
反向代理 google(https)
server { listen 443; server_name xxx.xxx; ssl on; ssl_certificate /usr/local/nginx/xxx.crt; #这里改为你自己的证书路径 ssl_certificate_key /usr/local/xxx.key; #这里改为你自己的密钥路径 location / { proxy_redirect http://www.google.com/ /; proxy_cookie_domain google.com xxx.xxx; proxy_pass http://173.194.127.48; proxy_set_header Accept-Encoding ""; proxy_set_header User-Agent $http_user_agent; proxy_set_header Accept-Language "zh-CN"; proxy_set_header Cookie "PREF=ID=047808f19f6de346:U=0f62f33dd8549d11:FF=2:LD=zh-CN:NW=1:TM=1325338577:LM=1332142444:GM=1:SG=2:S=rE0SyJh2W1IQ-Maw"; sub_filter www.google.com xxx.xxx; sub_filter_once off; } } server { listen 80; server_name xxx.xxx; rewrite ^(.*) https://xxx.xxx$1 permanent; }
把所有的xxx.xxx改为你自己的域名
反向代理 google(http)
server { listen 80; server_name xxx.xxx; location / { proxy_redirect http://www.google.com/ /; proxy_cookie_domain google.com xxx.xxx; proxy_pass http://173.194.127.48; proxy_set_header Accept-Encoding ""; proxy_set_header User-Agent $http_user_agent; proxy_set_header Accept-Language "zh-CN"; proxy_set_header Cookie "PREF=ID=047808f19f6de346:U=0f62f33dd8549d11:FF=2:LD=zh-CN:NW=1:TM=1325338577:LM=1332142444:GM=1:SG=2:S=rE0SyJh2W1IQ-Maw"; sub_filter www.google.com xxx.xxx; sub_filter_once off; } }
反向代理 1024
server { listen 80; server_name xxx.xxx; location / { proxy_set_header Host $host; proxy_set_header X-Real-Ip $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_pass http://184.154.128.246/; } }
把所有的xxx.xxx改为你自己的域名即可
Reference: https://www.v2ex.com/t/126028
将本地的5000端口转发到80端口
server { listen 80; server_name YOUR_DOMAIN_NAME; location / { proxy_pass http://localhost:5000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_redirect off; } }
Try Let's Encrypt with nginx
2015.12.03, let's encrypt 进入 public beta 阶段,于 20151204 试用一番 w
环境:debian 7.9; nginx 1.8.0; openssl 1.0.1e; python 2.7.3
目前 nginx 的集成还不是很好,apache 就很 ok,nginx 的貌似还不能完全的自动化。
安装并使用:
$ git clone https://github.com/letsencrypt/letsencrypt $ cd letsencrypt $ sudo ./letsencrypt-auto certonly
按照提示,填写邮箱;同意 TOS;然后就填写你的域名了(可以多个)。如果你的 nginx 还在运行,它会
提示失败,因为它也要绑定 80 端口监听,你可以暂时停一下 nginx 然后等好了以后再起来。
稍等一会证书就生成好了,一般是在 /etc/letsencrypt/live/yourdomain.com/ 文件目录下的。
接下来可以去 Mozilla SSL Configuration Generator 生成 ssl 的配置文件。主要修改以下地方:
... ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem; ... # dhparam.pem 可以使用这个命令生成: openssl dhparam -out dhparam.pem 2048 # 稍微要花点时间。 ssl_dhparam /path/to/your/dhparam.pem; ... ssl_trusted_certificate /etc/letsencrypt/live/yourdomain.com/chain.pem; ...
然后重新加载一下 nginx 的配置文件基本就可以了:
$ sudo service nginx reload
关于 nginx 重定向 http 到 https 的可以看看这个 问题
关于测试你的 SSL 配置,你可以去 Qualys SSL Labs 和 HTTP Security Report 测试查看。
参考: