diff --git a/nginx/es.jennie.im.conf b/nginx/es.jennie.im.conf new file mode 100644 index 0000000..838cc36 --- /dev/null +++ b/nginx/es.jennie.im.conf @@ -0,0 +1,43 @@ +server { + listen 80; + server_name es.jennie.im; + + # 强制跳转 HTTPS + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl; + server_name es.jennie.im; + + # 证书 + ssl_certificate /data/tengine/conf/certificate/jennie.im.crt; + ssl_certificate_key /data/tengine/conf/certificate/jennie.im.key; + + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + + # 推荐安全配置 + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers HIGH:!aNULL:!MD5; + + access_log /data/tengine/logs/es_jennie_im_access.log; + error_log /data/tengine/logs/es_jennie_im_error.log; + + location / { + proxy_pass https://10.0.0.38:9200; # ES 内网地址(HTTPS) + + # 关闭后端证书校验(必须,否则 Nginx 不认 ES 自签证书) + proxy_ssl_verify off; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + + # ES 大响应时需要提高 buffer + proxy_buffer_size 16k; + proxy_buffers 4 32k; + proxy_busy_buffers_size 64k; + } +} diff --git a/nginx/kibana.jennie.im.conf b/nginx/kibana.jennie.im.conf new file mode 100644 index 0000000..2b093ad --- /dev/null +++ b/nginx/kibana.jennie.im.conf @@ -0,0 +1,43 @@ +server { + listen 80; + server_name kibana.jennie.im; + + # 强制跳转到 HTTPS + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl; + server_name kibana.jennie.im; + + # 公网 HTTPS 证书 + ssl_certificate /data/tengine/conf/certificate/jennie.im.crt; + ssl_certificate_key /data/tengine/conf/certificate/jennie.im.key; + + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers HIGH:!aNULL:!MD5; + + access_log /data/tengine/logs/kibana_jennie_im_access.log; + error_log /data/tengine/logs/kibana_jennie_im_error.log; + + # Kibana 的反代配置 + location / { + proxy_pass http://10.0.0.38:5601; + + proxy_http_version 1.1; + proxy_set_header Connection "keep-alive"; + proxy_set_header Host $host; + + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + + # 防止 WebSocket 断开(Kibana 控制台需要) + proxy_read_timeout 300s; + proxy_send_timeout 300s; + } +} diff --git a/nginx/安装.md b/nginx/安装.md new file mode 100644 index 0000000..e5bb5e3 --- /dev/null +++ b/nginx/安装.md @@ -0,0 +1,196 @@ +1、下载安装包:`https://tengine.taobao.org/` + +2、上传,安装位置在:`/data/tengine` + +3、解压缩:`tar -zxvf tengine-3.1.0.tar.gz` + +4、安装编译环境:`yum -y install gcc-c++` + +5、安装依赖:`yum -y install pcre-devel zlib zlib-devel openssl openssl-devel` + +6、创建安装目录:`mkdir /data/tengine` + +7、进入解压好的文件夹:`cd tengine-3.1.0` + +8、执行并指定安装路径:`./configure --prefix=/data/tengine` 、`make`、`make install` + +```编译 +./configure --prefix=/data/tengine \ + --conf-path=/data/tengine/conf/nginx.conf \ + --error-log-path=/data/tengine/logs/error.log \ + --http-log-path=/data/tengine/logs/access.log \ + --pid-path=/data/tengine/logs/nginx.pid \ + --lock-path=/data/tengine/logs/nginx.lock \ + --with-http_ssl_module \ + --with-http_gzip_static_module \ + --with-pcre \ + --with-http_stub_status_module +#解释: +--prefix=/data/tengine → 指定安装到 /data/tengine/ +--conf-path=/data/tengine/conf/nginx.conf → 指定 nginx.conf 配置文件位置 +--error-log-path=/data/tengine/logs/error.log → 错误日志存放目录 +--http-log-path=/data/tengine/logs/access.log → 访问日志存放目录 +--pid-path=/data/tengine/logs/nginx.pid → 指定 nginx 进程 ID 存放路径 +--lock-path=/data/tengine/logs/nginx.lock → 进程锁文件路径 +--with-http_ssl_module → 开启 HTTPS 支持 +--with-http_gzip_static_module → 开启 Gzip 压缩 +--with-pcre → 支持 正则表达式(用于 Rewrite) +--with-http_stub_status_module → 启用 Nginx 状态监控 + +#安装 +make -j$(nproc) +make install + +#=============加上四层代理============== +./configure --prefix=/data/tengine \ + --conf-path=/data/tengine/conf/nginx.conf \ + --error-log-path=/data/tengine/logs/error.log \ + --http-log-path=/data/tengine/logs/access.log \ + --pid-path=/data/tengine/logs/nginx.pid \ + --lock-path=/data/tengine/logs/nginx.lock \ + --with-http_ssl_module \ + --with-http_gzip_static_module \ + --with-pcre \ + --with-http_stub_status_module \ + --with-stream + + + + + + +``` + +9、查看目录是否安装成功:`ls /data/tengine` + +10、启动tengine:`cd /data/tengine/sbin`、`./nginx` + +11、添加后续目录 + +mkdir -p /data/tengine/conf/vhosts +mkdir -p /data/tengine/conf/certificate + +`/data/tengine/conf/nginx.conf` 的 `http {}` 块cc的内添加,引用虚拟主机 + +http { + include mime.types; + default_type application/octet-stream; + + # 引入虚拟主机配置 + include /data/tengine/conf/vhosts/*.conf; + + # 其他配置... +} + + + +--- + +/data/tengine/sbin/nginx + +/data/tengine/sbin/nginx -s reload + +1、启动命令 2、重新加载配置文件命令 + + +全局使用nginx + +方式一 + +1. 执行以下命令创建软链接: + bash + + ```bash + ln -s /data/tengine/sbin/nginx /usr/local/bin/nginx + ``` + + (`/usr/local/bin` 通常已在系统环境变量 `$PATH` 中,优先选择此目录) +2. 验证是否生效: + bash + + ```bash + nginx -v # + ``` + + +方式二 + +1. 编辑环境变量配置文件(以 `bash` 为例): + bash + + ```bash + vi /etc/profile # 全局生效(所有用户),或编辑 ~/.bashrc(当前用户) + ``` +2. 在文件末尾添加一行,将 Nginx 所在目录加入 `PATH`: + bash + + ```bash + export PATH=$PATH:/data/tengine/sbin + ``` +3. 使配置立即生效: + bash + + ```bash + source /etc/profile # 对应全局配置文件,或 source ~/.bashrc + ``` +4. 验证: + bash + + ```bash + nginx -v # 直接执行命令测试 + ``` + + +--- + +配置nginx systemctl + +```gitlab +vim /etc/systemd/system/tengine.service +[Unit] +Description=Tengine Web Server +After=network.target + +[Service] +Type=forking +PIDFile=/data/tengine/logs/nginx.pid +ExecStart=/data/tengine/sbin/nginx +ExecReload=/data/tengine/sbin/nginx -s reload +ExecStop=/data/tengine/sbin/nginx -s stop + +# 防止被 killall/nginx 杀掉 +KillMode=process + +# 自动重启(如果你希望 Nginx 意外退出后自动拉起) +Restart=on-failure +RestartSec=2s + +[Install] +WantedBy=multi-user.target + +``` + +```gitlab +检查配置 使用 nginx -t +热加载 使用 systemctl reload tengine +启动服务 使用 systemctl start tengine +停止服务 使用 systemctl stop tengine +重启服务 使用 systemctl restart tengine +紧急操作 使用 nginx -s reload/stop +``` + + + +容器的: + +docker exec -it my-nginx nginx -t # 检查配置文件语法 +docker exec -it my-nginx nginx -s reload # 重载配置 + + + + + + + + +