本文Demo的完整工程代码, 参考nginx-demo-static / nginx-demo-server / nginx-demo-client / nginx-demo-assets
目录
VPS
ssh-copy-id root@104.200.25.103
ssh root@104.200.25.103
- nginx
apt update && apt install -y nginx
service nginx status
- 测试
# success
curl 104.200.25.103
静态资源
- code
apt install -y git
cd /var/www && git clone https://github.com/yl33643/nginx-demo-static.git
不直接使用root账户 / 代码放在/var目录
- nginx
rm /etc/nginx/sites-enabled/default
vim /etc/nginx/sites-available/demo
server {
listen 80;
server_name 104.200.25.103;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
location /download {
root /var/www/nginx-demo-static;
try_files $uri /download.html;
}
}
ln -s /etc/nginx/sites-available/demo /etc/nginx/sites-enabled/demo
nginx -s reload
不推荐service nginx restart
- 测试
# success
curl 104.200.25.103/download
反向代理
- node
curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.33.4/install.sh | bash
. ~/.bashrc
nvm install --lts
- code
cd /var/www && git clone https://github.com/yl33643/nginx-demo-server.git
cd nginx-demo-server && npm i
npm i -g pm2 && pm2 start bin/www
- 测试
# success
curl 104.200.25.103:3001/posts
- nginx
vim /etc/nginx/sites-available/demo
server {
listen 80;
server_name 104.200.25.103;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
location /download {
root /var/www/nginx-demo-static;
try_files $uri /download.html;
}
location / {
proxy_pass http://localhost:3001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
nginx -t
nginx -s reload
- 测试
# success
curl 104.200.25.103/posts
# success
curl 104.200.25.103:3001/posts
防火墙
apt install -y ufw
ufw status
ufw allow ssh
ufw enable && ufw status
- 测试
# fail
curl 104.200.25.103/posts
# fail
curl 104.200.25.103:3001/posts
nc -zv 104.200.25.103 80
ufw allow 80
ufw status
- 测试
# success
curl 104.200.25.103/posts
# fail
curl 104.200.25.103:3001/posts
白名单安全
域名
- GoDaddy 免域名备案
godaddy-01.png
- nginx
vim /etc/nginx/sites-available/demo
server_name yl33643.me www.yl33643.me;
nginx -s reload
- 测试
# success
curl yl33643.me/posts
# success
curl www.yl33643.me/posts
HTTPS
apt install -y software-properties-common
add-apt-repository ppa:certbot/certbot && apt update
apt install -y python-certbot-nginx
certbot --nginx
ufw allow https
- 测试
# fail
curl yl33643.me/posts
# success
curl https://yl33643.me/posts
跨域限制
- code
git clone https://github.com/yl33643/nginx-demo-client.git
cd nginx-demo-client && cnpm i
npm run dev
cors-failure.png
- nginx
vim /etc/nginx/sites-available/demo
add_header 'Access-Control-Allow-Origin' "$http_origin";
nginx -s reload
cors-success.png
二级域名
godaddy-02.png
- code
cd /var/www && git clone https://github.com/yl33643/nginx-demo-assets.git
- nginx
vim /etc/nginx/sites-available/demo
server {
listen 80;
server_name a.yl33643.me;
root /var/www/nginx-demo-assets;
location ~* /\. {
}
}
nginx -s reload
- 测试
# success
wget http://a.yl33643.me/video.mp4
规范
- 配置
实际配置文件/etc/nginx/sites-available/*
有效配置文件/etc/nginx/sites-enabled/*
有效配置文件是对实际配置文件的软链接
- 备份
修改实际配置文件前 备份初始配置文件
- 复用
# /etc/nginx/sites-available/zhgcloud/frontend.zhgcloud.com
include /etc/nginx/sites-available/zhgcloud/ssl-conf;
# /etc/nginx/sites-available/zhgcloud/ssl-conf
ssl on;
ssl_certificate /etc/nginx/sites-available/zhgcloud/zhgcloud.com.ssl/nginx.crt;
ssl_certificate_key /etc/nginx/sites-available/zhgcloud/zhgcloud.com.ssl/gongchengbing.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_prefer_server_ciphers on;
