dxin/Work-configuration-file
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

增加

Browse Source
This commit is contained in:
dxin
2025-12-12 00:20:13 +08:00
parent 6f7b24926d
commit bd2656037b
3 changed files with 282 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
nginx/es.jennie.im.conf Normal file
View File

@@ -0,0 +1,43 @@
server {
listen 80;
server_name es.jennie.im;
# 强制跳转 HTTPS
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name es.jennie.im;
# 证书
ssl_certificate /data/tengine/conf/certificate/jennie.im.crt;
ssl_certificate_key /data/tengine/conf/certificate/jennie.im.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# 推荐安全配置
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
access_log /data/tengine/logs/es_jennie_im_access.log;
error_log /data/tengine/logs/es_jennie_im_error.log;
location / {
proxy_pass https://10.0.0.38:9200; # ES 内网地址HTTPS
# 关闭后端证书校验(必须,否则 Nginx 不认 ES 自签证书)
proxy_ssl_verify off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
# ES 大响应时需要提高 buffer
proxy_buffer_size 16k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
}
}

43
nginx/kibana.jennie.im.conf Normal file
View File

@@ -0,0 +1,43 @@
server {
listen 80;
server_name kibana.jennie.im;
# 强制跳转到 HTTPS
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name kibana.jennie.im;
# 公网 HTTPS 证书
ssl_certificate /data/tengine/conf/certificate/jennie.im.crt;
ssl_certificate_key /data/tengine/conf/certificate/jennie.im.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
access_log /data/tengine/logs/kibana_jennie_im_access.log;
error_log /data/tengine/logs/kibana_jennie_im_error.log;
# Kibana 的反代配置
location / {
proxy_pass http://10.0.0.38:5601;
proxy_http_version 1.1;
proxy_set_header Connection "keep-alive";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
# 防止 WebSocket 断开Kibana 控制台需要)
proxy_read_timeout 300s;
proxy_send_timeout 300s;
}
}

196
nginx/安装.md Normal file
View File

@@ -0,0 +1,196 @@
1、下载安装包`https://tengine.taobao.org/`
2、上传安装位置在`/data/tengine`
3、解压缩`tar -zxvf tengine-3.1.0.tar.gz`
4、安装编译环境`yum -y install gcc-c++`
5、安装依赖`yum -y install pcre-devel zlib zlib-devel openssl openssl-devel`
6、创建安装目录`mkdir /data/tengine`
7、进入解压好的文件夹`cd tengine-3.1.0`
8、执行并指定安装路径`./configure --prefix=/data/tengine``make``make install`
```编译
./configure --prefix=/data/tengine \
--conf-path=/data/tengine/conf/nginx.conf \
--error-log-path=/data/tengine/logs/error.log \
--http-log-path=/data/tengine/logs/access.log \
--pid-path=/data/tengine/logs/nginx.pid \
--lock-path=/data/tengine/logs/nginx.lock \
--with-http_ssl_module \
--with-http_gzip_static_module \
--with-pcre \
--with-http_stub_status_module
#解释:
--prefix=/data/tengine → 指定安装到 /data/tengine/
--conf-path=/data/tengine/conf/nginx.conf → 指定 nginx.conf 配置文件位置
--error-log-path=/data/tengine/logs/error.log → 错误日志存放目录
--http-log-path=/data/tengine/logs/access.log → 访问日志存放目录
--pid-path=/data/tengine/logs/nginx.pid → 指定 nginx 进程 ID 存放路径
--lock-path=/data/tengine/logs/nginx.lock → 进程锁文件路径
--with-http_ssl_module → 开启 HTTPS 支持
--with-http_gzip_static_module → 开启 Gzip 压缩
--with-pcre → 支持 正则表达式(用于 Rewrite
--with-http_stub_status_module → 启用 Nginx 状态监控
#安装
make -j$(nproc)
make install
#=============加上四层代理==============
./configure --prefix=/data/tengine \
--conf-path=/data/tengine/conf/nginx.conf \
--error-log-path=/data/tengine/logs/error.log \
--http-log-path=/data/tengine/logs/access.log \
--pid-path=/data/tengine/logs/nginx.pid \
--lock-path=/data/tengine/logs/nginx.lock \
--with-http_ssl_module \
--with-http_gzip_static_module \
--with-pcre \
--with-http_stub_status_module \
--with-stream
```
9、查看目录是否安装成功`ls /data/tengine`
10、启动tengine`cd /data/tengine/sbin``./nginx`
11、添加后续目录
mkdir -p /data/tengine/conf/vhosts
mkdir -p /data/tengine/conf/certificate
`/data/tengine/conf/nginx.conf``http {}` 块cc的内添加引用虚拟主机
http {
include mime.types;
default_type application/octet-stream;
# 引入虚拟主机配置
include /data/tengine/conf/vhosts/*.conf;
# 其他配置...
}
---
/data/tengine/sbin/nginx
/data/tengine/sbin/nginx -s reload
1、启动命令 2、重新加载配置文件命令
全局使用nginx
方式一
1. 执行以下命令创建软链接:
bash
```bash
ln -s /data/tengine/sbin/nginx /usr/local/bin/nginx
```
`/usr/local/bin` 通常已在系统环境变量 `$PATH` 中,优先选择此目录)
2. 验证是否生效:
bash
```bash
nginx -v #
```
方式二
1. 编辑环境变量配置文件(以 `bash` 为例):
bash
```bash
vi /etc/profile # 全局生效(所有用户),或编辑 ~/.bashrc当前用户
```
2. 在文件末尾添加一行,将 Nginx 所在目录加入 `PATH`
bash
```bash
export PATH=$PATH:/data/tengine/sbin
```
3. 使配置立即生效:
bash
```bash
source /etc/profile # 对应全局配置文件,或 source ~/.bashrc
```
4. 验证:
bash
```bash
nginx -v # 直接执行命令测试
```
---
配置nginx systemctl
```gitlab
vim /etc/systemd/system/tengine.service
[Unit]
Description=Tengine Web Server
After=network.target
[Service]
Type=forking
PIDFile=/data/tengine/logs/nginx.pid
ExecStart=/data/tengine/sbin/nginx
ExecReload=/data/tengine/sbin/nginx -s reload
ExecStop=/data/tengine/sbin/nginx -s stop
# 防止被 killall/nginx 杀掉
KillMode=process
# 自动重启(如果你希望 Nginx 意外退出后自动拉起)
Restart=on-failure
RestartSec=2s
[Install]
WantedBy=multi-user.target
```
```gitlab
检查配置 使用 nginx -t
热加载 使用 systemctl reload tengine
启动服务 使用 systemctl start tengine
停止服务 使用 systemctl stop tengine
重启服务 使用 systemctl restart tengine
紧急操作 使用 nginx -s reload/stop
```
容器的:
docker exec -it my-nginx nginx -t # 检查配置文件语法
docker exec -it my-nginx nginx -s reload # 重载配置