nginx
nginx 配置详解
- nginx 配置文件默认路径为
/etc/nginx/nginx.conf
- nginx 静态文件默认路径为
/usr/share/nginx/html
- nginx 访问日志默认路径为
/var/log/nginx/access.log
- nginx 错误日志默认路径为
/var/log/nginx/error.log
centos 的 nginx.conf 例子如下
user root; #nginx的启动用户
worker_processes auto;
error_log /var/log/nginx/error.log; #错误日志地址
pid /run/nginx.pid; #pid文件地址
# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80 default_server; #nginx端口号
listen [::]:80 default_server;
server_name nfs.hnbdata.cn; #nginx服务器地址
# root /usr/share/nginx/html;
autoindex_exact_size off; #关闭详细文件大小统计,让文件大小显示MB,GB单位,默认为b;
autoindex_localtime on; #开启以服务器本地时区显示文件修改日期!
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / { #nginx服务根目录
root html; #真实物理绝对路径,默认在 /usr/share/nginx/html
index index.html index.htm;
}
location /images/ { #nginx服务虚拟目录
root /home/ftpuser/www/; #真实物理绝对路径 /home/ftpuser/www/
rewrite ^/images/(.*)$ /$1 break; #收到以 /images/ 开头的请求后转向这里
autoindex on; #列出目录下所有文件
}
location /nfs {
root /nfs_share/;
rewrite ^/nfs/(.*)$ /$1 break;
autoindex on;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
# Settings for a TLS enabled server.
#
# server {
# listen 443 ssl http2 default_server;
# listen [::]:443 ssl http2 default_server;
# server_name _;
# root /usr/share/nginx/html;
#
# ssl_certificate "/etc/pki/nginx/server.crt";
# ssl_certificate_key "/etc/pki/nginx/private/server.key";
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 10m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# location / {
# }
#
# error_page 404 /404.html;
# location = /40x.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }
}
修改完 nginx 配置文件后
nginx -t #检查nginx配置文件是否有错误
nginx -s reload #nginx配置文件无问题,重新加载nginx配置文件
nginx配置https
端口转发
在nginx.conf添加如下配置,并使用 nginx -s reload
重载nginx使其生效,同时注意防火墙/安全组放行对应的端口。
stream {
#将12345端口转发到192.168.1.23的3306端口
server {
listen 12345;
proxy_connect_timeout 5s;
proxy_timeout 20s;
proxy_pass 192.168.1.23:3306;
}
#将udp 53端口转发到192.168.1.23 53端口
server {
listen 53 udp reuseport;
proxy_timeout 20s;
proxy_pass 192.168.1.23:53;
}
#ipv4转发到ipv6
server {
listen 9135;
proxy_connect_timeout 10s;
proxy_timeout 30s;
proxy_pass [2607:fcd0:107:3cc::1]:9135;
}
}
- listen:后面填写源端口(也就是当前服务器端口),默认协议为TCP,可以指定为UDP协议
- proxy_connect_timeout:连接超时时间
- proxy_timeout:超时时间
- proxy_pass:填写转发目标的IP及端口号
注意:nginx可以将IPV4的数据包转发到IPV6,IPV6的IP需要使用[]括起来。
设置页面编码utf-8
server {
listen 8000;
server_name localhost;
charset utf-8;
}
常见问题
遇到问题,先看
- 访问日志
/var/log/nginx/access.log
- 错误日志
/var/log/nginx/error.log
1. Forbidden问题
访问时总是出现 Forbidden错误
,原因可能有多种,但常见的解决方法有
关闭Selinux
临时关闭Selinux,重启后无效
setenforce 0 #临时关闭Selinux sestatus -v #查看Selinux Current mode是否为 permissive SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: permissive Mode from config file: error (Success) Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 31 .......
- 永久关闭Selinux,重启后也有效
sed -i "s/^SELINUX=.*/SELINUX=disable/" /etc/selinux/config #永久关闭Selinux
参考
- 解决Nginx出现403 forbidden (13: Permission denied)报错的四种方法 . https://blog.csdn.net/onlysunnyboy/article/details/75270533?utm_source=blogxgwz3