目录
安装Nginx
1. 安装依赖项
#我只用Debian和Ubuntu,需要centos的自行去nginx官网查找#Debiansudo apt install curl gnupg2 ca-certificates lsb-release debian-archive-keyring -y#Ubuntusudo apt install curl gnupg2 ca-certificates lsb-release ubuntu-keyring -y2 . 导入 Nginx 官方签名密钥
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \ | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null3 . 验证密钥
gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg应看到如下输出中的指纹:
pub rsa2048 2011-08-19 [SC] [expires: 2027-05-24] 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62uid nginx signing key <signing-key@nginx.com>4 . 添加 Nginx 稳定版软件源
#Debianecho "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \http://nginx.org/packages/debian `lsb_release -cs` nginx" \ | sudo tee /etc/apt/sources.list.d/nginx.list#Ubuntuecho "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" \ | sudo tee /etc/apt/sources.list.d/nginx.list5 . 更新软件包索引并安装 Nginx
sudo apt updatesudo apt install nginx -y安装所需程序
#安装所需程序sudo apt install certbot python3-certbot-nginx python3-certbot-dns-cloudflare -y#手动编辑sudo nano /etc/nginx/conf.d/vw.conf#从Cloudflare获取区域DNS APIsudo nano /etc/letsencrypt/cloudflare.inidns_cloudflare_api_token = L7JVL_mjc-XbViGhAuQg48g736epLUgPqt1e5Cgo#赋予权限sudo chmod 600 /etc/letsencrypt/cloudflare.ini#使用CF-DNS申请证书,你不想关小黄云用这个,全程y就行sudo certbot certonly --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/cloudflare.ini -d example.com #替换为你的域名#直接申请证书,上面的申请完后可以用这个命令自动配置HTTPS,选1sudo certbot --nginx -d example.com #替换为你的域名#如果报错试试下面的命令sudo cp /usr/lib/python3/dist-packages/certbot/ssl-dhparams.pem /etc/letsencrypt/ssl-dhparams.pemsudo openssl dhparam -out /etc/letsencrypt/ssl-dhparams.pem 2048Nginx反代示例
server { listen 80; #端口可以随意修改 listen [::]:80; #端口可以随意修改 server_name _; #这里可以写域名也可以不写,看你要不要申请证书
location / { proxy_pass http://127.0.0.1:3000; #你的后端服务端口 proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; }}较为通用的配置
#这个推荐写到nginx.confmap $http_upgrade $connection_upgrade { ~^\s*$ close; default upgrade;}
server { listen 80; listen [::]:80; server_name _; #这里可以写域名也可以不写,看你要不要申请证书 http2 on;
client_max_body_size 100M;
location / { proxy_pass http://127.0.0.1:3000; # 你的后端服务端口
proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_set_header X-Real-IP ""; proxy_set_header X-Forwarded-For ""; proxy_set_header X-Forwarded-Proto ""; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 3600s; proxy_send_timeout 3600s; proxy_connect_timeout 10s;
proxy_buffering off; }}重载
sudo nginx -t #检查配置sudo systemctl reload nginx #重新加载配置