Nginx deployment configuration

Common commands

• start up:

 nginx

• Stop now:

 nginx -s stop

• Stop gracefully:

 nginx -s quit

• reboot

 nginx -s reload

• Check whether the configuration file is normal and there is no syntax error

 nginx -t

• View logs

 tail -f /var/log/nginx/access.log

upstream

basic grammar

upstream的基本语法如下， upstream名称， server里面当作proxy 。

 upstream ws {
     server 127.0.0.1:8080;
}

upstream server ，通常情况下Nginx会轮询每一个server ，从而达到最基本的负载循环Effect.

 upstream default {
    server  tflinux_php-fpm-tfphp_1:9000;
    server  tflinux_php-fpm-tfphp_2:9000;
}

other

You can also configure some max_fails (maximum number of errors), fail_timeout (failure waiting timeout), backup (standby server parameters), etc. , you can check it when you need it.

configure http

Enter the nginx directory, configure /etc/nginx/nginx.conf , mainly to confirm whether the configuration file you want to store has been imported ( include upstream , and then there is the configuration upstream , so you can reference it directly in the project's .conf file.

 http {

    # 省略其他一些默认配置
    
    # 单纯使用一个server的时候有点类似在全局定义了哥别名-ws,后面你在子配置文件里使用http://ws/就是等价http://127.0.01:8080
    upstream ws {
        server 127.0.0.1:8080;
    }

    # ....
    include /etc/nginx/sites-enabled/*;
}

no certificate

 server {
        # 域名，没有域名就不用写这行，直接用ip访问
    server_name dev.xxx.com;
    # 监听的端口，访问时通过 ip:9099 访问
    listen 9099;
    # gzip 压缩，加快传输效率，有利于页面首次渲染
    gzip on;
    gzip_min_length 1k;
    gzip_comp_level 9;
    gzip_types text/plain text/css text/javascript application/json application/javascript application/x-javascript application/xml;
    gzip_vary on;
    gzip_disable "MSIE [1-6]\.";
        
        # 指定项目入口文件index.html存放的位置
    root /home/xxx/my-project/dist;
    
    # 配置反向代理，路径中匹配到了/api开头，就转发到http://127.0.0.1:8888下，所以你本地发的请求就不需要带端口了
    location /api {
        proxy_set_header Host $http_host;
        # 这里也可以使用upstream，然后用它的名字代替，都一样，看你自己
        proxy_pass http://127.0.0.1:8888;
    }
    # 配置重定向，防止页面刷新404
    location / {
        try_files $uri $uri/ /index.html;
    }
}

configure ssl certificate

1. Application ssl certificate
2. 把证书copy到nginx目录下,比如我放在了一个叫ca的目录， .cer文件， .key文件, a total of two files
3. config .conf file

 server {
    server_name ghostwang.xxx.com;
    # 注意这里是443端口
    listen 443 ssl;

    # gzip config
    gzip on;
    gzip_min_length 1k;
    gzip_comp_level 9;
    gzip_types text/plain text/css text/javascript application/json application/javascript application/x-javascript application/xml;
    gzip_vary on;
    gzip_disable "MSIE [1-6]\.";

        # 证书配置相关
        # cer文件存放目录
    ssl_certificate /etc/nginx/ca/xxx.xxx.com.cer;
    # key文件存放目录
    ssl_certificate_key /etc/nginx/ca/xx.xx.com.key;
    # ssl其他的一些配置...
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE;
    ssl_prefer_server_ciphers on;

    root /var/www/my-project/dist;

        # 配置websocket的代理，这样后端的ws就不需要配置wss了，通过反向代理，去请求ws协议的接口，不然你https的网站，在ajax的请求里直接请求ws会报错
    location /api/v1/ws {
        # ws 就是http里面配置的upstream
            # 等价 proxy_pass http://localhost:8080
        proxy_pass http://ws;

        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_connect_timeout 60;
        proxy_read_timeout 60;
        proxy_send_timeout 60;
    }

        # 反向代理http接口
    location /api {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_pass http://ws;

    }

    location / {
        try_files $uri $uri/ /index.html;
    }
}