搭建ngin網站(防禦機)的總結
在伺服器沒安裝任何軟體的情況下:
二、修改配置檔案(新增配置檔案:使用負載均衡(upstream叢集池)進行多域名跳轉(主盤口server的ip),固定IP)
網站檔案位置:/usr/local/nginx/conf/conf.d/
第一份是80埠的 名字_proxy.conf 檔案
upstream hbsfs_Server(需更改的叢集池名稱) {
server 156.236.72.156(需更改的主ip);
}
server {
listen 80;
location /
{
proxy_next_upstream http_500 http_502 http_504 error timeout invalid_header;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X_FORWARED_HOST $host;
client_max_body_size 200M;
proxy_pass http://hbsfs_Server
# access_log /data/logs/ access.log access; }
#多域名(加密和非加密)以下則需要多份配置檔案
如果盤口主伺服器有做了加密網站 還需要另外一份檔案
可以用 名字_https_proxy.conf
upstream gbh_proxy(需要更改) { server 118.184.0.26(需要更改); } server { listen 443; server_name 05300.com www.05300.com(需要更改); index index.php index.html; ssl on; ssl_certificate /usr/local/nginx/conf/key/05300.com.nginx.crt(需要更改); ssl_certificate_key /usr/local/nginx/conf/key/05300.com.key(需要更改); ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
location / { proxy_next_upstream http_500 http_502 http_504 error timeout invalid_header; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X_FORWARED_HOST $host; client_max_body_size 200M; proxy_pass http://gbh_proxy(需要更改); }
access_log /data/logs/159_proxy.log access; } 有幾個域名 就複製幾份
主配置檔案:/usr/local/nginx/conf/
http {
include mime.types;
default_type application/octet-stream;
log_format access '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log access;
#最後新增網站配置檔案載入
include /usr/local/nginx/conf/conf.d/*.conf; #與網站配置檔案絕對路徑一致
}
新增完之後要把原來的證書金鑰 拷貝的新的防禦機裡面去
三、建立日誌檔案
mkdir -p /data/logs
touch /data/logs/app.access.log
四、編寫systmctl支援(vi /usr/lib/systemd/system/nginx.service)
[Unit]
Description=nginx
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s quit
PrivateTmp=true
[Install]
WantedBy=multi-user.target
使用systemctl daemon-reload重新載入配置
五、載入配置,啟動服務並設定開機自啟
-
載入配置
systemctl reload nginx.service
-
啟動服務
systemctl start nginx.service
-
設定開機自啟
systemctl enable nginx.service
六、使用域名開啟網頁檢查