当先锋百科网

首页 1 2 3 4 5 6 7

nginx部署以及反向代理多域名实现

1.nginx部署

1.1 编写nginx部署文件 docker-compose.yml

version: '3'
services: 
  nginx:
    restart: always 
    image: nginx:1.20
    container_name: nginx-main
    ports:
      - 80:80
      - 443:443
    volumes: 
      # 基础配置
      - /opt/nginx_main/nginx-info/nginx.conf:/etc/nginx/nginx.conf
      # 日志文件
      - /opt/nginx_main/nginx-info/log:/var/log/nginx
      # 配置文件
      - /opt/nginx_main/nginx-info/conf.d/default.conf:/etc/nginx/conf.d/default.conf
      # 前端网页访问
      - /opt/nginx_main/nginx-info/html:/usr/share/nginx/html
      # 后期用来创建ssl证书会需要用到
      - /opt/nginx_main/nginx-info/ssl:/etc/nginx/ssl

2.2 创建所需文件 根据上面的路径进行创建

直接进入/opt/nginx_main/nginx-info里面创建了

cd /opt/nginx_main/nginx-info
touch nginx.conf
mkdir log
mkdir conf.d
# 进入创建的这个目录
cd conf.d
touch default.conf
cd ..
mkdir html
mkdir ssl

2.3 获取ssl证书

选择域名 然后配置免费ssl证书 证书设置我们需要的域名

然后申请之后稍等一段时间

之后点击下载,下载nginx的证书文件 一个pem,一个key

然后把下载的证书放到上面的 ssl路径 记录好位置即可,步骤 2.5会用到

1.先进入阿里云的数字证书管理服务页面 选择免费证书

2.点击创建证书

之后会出现一条记录 显示待申请

3.配置证书

输入要使用的域名
在这里插入图片描述

4.确认完成之后返回,看到有记录了,就点击下载

在这里插入图片描述

因为我们用的是nginx代理,所以选择nginx下载

在这里插入图片描述

下载解压之后就是我们需要的文件了,一个pem,一个key

2.4 编辑nginx.conf

user  nginx;
worker_processes  auto;
error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;
events {
    worker_connections  1024;
}
http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    # types {
    #    application/javascript   js;
    # }
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    sendfile        on;
    #tcp_nopush     on;
    keepalive_timeout  65;
    #gzip  on;
    include /etc/nginx/conf.d/*.conf;
}

2.5 编辑default.conf

# 前端服务代理
server {
    listen       80;
    listen  [::]:80;
    # 设置域名
    server_name  aa.bb.baiding.com;
    # 代理域名
    return 301 https://aa.bb.baiding.com;
}
server {
    listen 443 ssl; 
    server_name aa.bb.baiding.com;
    # 配置ssl证书 2.3 步骤说的证书的位置 详细到指定的文件名
    ssl_certificate /etc/nginx/ssl/aa.bb.baiding.com.pem;  
    ssl_certificate_key /etc/nginx/ssl/aa.bb.baiding.com.key; 
	# 其他配置
    ssl_session_timeout 5m;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_session_cache shared:SSL:1m;
    fastcgi_param  HTTPS        on;
    fastcgi_param  HTTP_SCHEME     https;
    # 代理配置
    location / {
        proxy_set_header   X-Real-IP         $remote_addr;
        proxy_set_header   Host              $http_host;
        proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
        # 访问路径
        root   /usr/share/nginx/html/dev;
        index  index.html index.htm;
        try_files  $uri $uri/ /index.html;
        add_header Access-Control-Allow-Origin * always;
    }
}
# 后端服务代理
server {
    listen       80;
    listen  [::]:80;
    # 设置域名
    server_name  api.bb.baiding.com;
    # 代理https域名
    return 301 https://api.bb.baiding.com;
}
server {
    listen 443 ssl; 
    server_name api.bb.baiding.com;
    # 配置ssl证书
    ssl_certificate /etc/nginx/ssl/api.bb.baiding.com.pem;  
    ssl_certificate_key /etc/nginx/ssl/api.bb.baiding.com.key; 
    
    ssl_session_timeout 5m;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_session_cache shared:SSL:1m;
    fastcgi_param  HTTPS        on;
    fastcgi_param  HTTP_SCHEME     https;
    # 路径代理配置
    location / {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_cache_bypass $http_upgrade;
        # 反向代理的路径
        proxy_pass  http://111.11.111.123:8081;
    }
}

2.6 启动nginx