nginx安裝

操作系統(tǒng)中安裝

類似教程和文檔太多，針對windows和linux有不同的安裝方式，這里就不具體介紹。主要介紹下docker方式安裝。

docker安裝

提示

運行容器前，沒有網橋，請先創(chuàng)建網橋，用于容器間通訊： docker network create -d bridge fastbee-bridge

1. 執(zhí)行一下命令安裝nginx，安裝完成后，前端運行打包，把dist文件夾中內容上傳到 /var/data/nginx/vue 目錄下

docker run \
--name nginx \
--volume /var/data/nginx/vue:/usr/share/nginx/html \
--publish 80:80 \
--publish 443:443 \
--network fastbee-bridge \
--restart unless-stopped \
--detach \
nginx:stable

上面命令容器使用bridge網絡模式，需要開放對應端口80、443等。也可以使用下面命令，容器使用host網絡模式，容器共享宿主機的網絡設置。使用host模式可能會導致安全隱患，如果容器本身存在安全漏洞，則容易受到攻擊。

docker run \
--name nginx \
--net=host \
--volume /var/data/nginx:/usr/share/nginx \
--volume /var/data/nginx/nginx.conf:/etc/nginx/nginx.conf \
--volume /var/data/nginx/log:/var/log/nginx \
--restart unless-stopped \
--detach \
nginx:stable

2. 進入容器內部，執(zhí)行命令：docker exec -it nginx /bin/sh

3. 修改配置文件，直接復制進去執(zhí)行，exit用于退出容器

tee /etc/nginx/nginx.conf <<-'EOF'
worker_processes  1;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    client_max_body_size 10m;

    gzip on;
    gzip_min_length  1k;
    gzip_buffers     16 64K;
    gzip_http_version 1.1;
    gzip_comp_level 5;
    gzip_types     text/plain application/javascript application/x-javascript text/javascript text/css application/xml;
    gzip_vary on;
    gzip_proxied   expired no-cache no-store private auth;
    gzip_disable   "MSIE [1-6]\.";

    # Http跳轉Https
    # server {
    #     listen 80;
    #     server_name localhost;
    #     location / {
    #         rewrite ^(.*) https://$server_name$1 permanent;
    #     }
    # }

    server {
        listen      80;

        # SSL 默認訪問端口號為443
        listen 443 ssl;
        server_name  localhost;
        charset utf-8;

        # 證書文件的路徑
        ssl_certificate /usr/share/nginx/ssl/fastbee.crt;
        # 私鑰文件的路徑
        ssl_certificate_key /usr/share/nginx/ssl/fastbee.key;
        ssl_session_timeout 10m;
        # 請按照以下協議配置       
        ssl_protocols TLSv1.2 TLSv1.3; 
        # 請按照以下套件配置，配置加密套件，寫法遵循openssl 標準       
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_prefer_server_ciphers on;

        # 前端
        location / {
            root   /usr/share/nginx/html;
            try_files $uri $uri/ /index.html;
            index  index.html index.htm;
        }		
        # 后端接口
        location /prod-api/ {
            proxy_set_header Host $http_host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header REMOTE-HOST $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_pass http://localhost:8080/;
        }

        # wss連接代理到ws
        location /mqtt {
            proxy_pass http://localhost:8083/mqtt;
            proxy_read_timeout 60s;
            proxy_set_header Host $host;
            proxy_set_header X-Real_IP $remote_addr;
            proxy_set_header X-Forwarded-for $remote_addr;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'Upgrade';
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
}
EOF
exit

4. 重啟容器，使配置生效：docker restart nginx