Category Archives: nginx

nginxのリバースプロキシ(proxy_pass)を設定する方法

設定メモ:
server {
listen 80;
server_name localhost;
charset utf8;
access_log /var/log/nginx_api/access.log;
error_log /var/log/nginx_api/error.log;
location / {
root html;
index index.html index.htm;
}
location /apis {
rewrite ^.+apis/?(.*)$ /$1 break;
include uwsgi_params;
proxy_pass http://xxx.xxx.xxx.xxx/apis;
}
}

「lua+nginx入門」lua-nginx-moduleの使い方

1.lua-nginx-moduleのダウンロード
#wget https://github.com/openresty/lua-nginx-module/archive/master.zip
#unzip master.zip

2.コンパイル
#./configure \
–user=nginx \
–group=nginx \
–prefix=/usr/local/gacp/nginx \
–error-log-path=/data/logs/nginx/error/error.log \
–http-log-path=/data/logs/nginx/access/access.log \
–pid-path=/usr/local/gacp/nginx/conf/nginx.pid \
–lock-path=/var/lock/nginx.lock \
–with-http_flv_module \
–with-http_stub_status_module \
–with-http_ssl_module \
–with-pcre \
–with-http_realip_module \
–with-http_gzip_static_module \
–with-google_perftools_module \
–with-file-aio \
–add-module=../ngx_cache_purge-2.3 \
–add-module=../lua-nginx-module-master

# make && make install

3.設定内容
http {
…..
limit_req_zone $cookie_token zone=session_limit:3m rate=1r/s;
limit_req_zone $binary_remote_addr $uri zone=auth_limit:3m rate=1r/m;

}

server {
listen 80;
server_name localhost;
access_log /data/logs/nginx/access/localhost.access.log main;
error_log /data/logs/nginx/error/localhost.error.log;
charset utf-8;
client_max_body_size 75M;
root /data/www;

location / {

limit_req zone=session_limit burst=5;

rewrite_by_lua ‘
local random = ngx.var.cookie_random
if(random == nil) then
return ngx.redirect(“/auth?url=” .. ngx.var.request_uri)
end

local token = ngx.md5(“opencdn” .. ngx.var.remote_addr .. random)
if(ngx.var.cookie_token ~= token) then
return ngx.redirect(“/auth?url=” .. ngx.var.request_uri)
end
‘;
}

location /auth {
limit_req zone=auth_limit burst=1;

if ($arg_url = “”) {
return 403;
}

access_by_lua ‘
local random = math.random(9999)
local token = ngx.md5(“opencdn” .. ngx.var.remote_addr .. random)
if(ngx.var.cookie_token ~= token) then
ngx.header[“Set-Cookie”] = {“token=” .. token, “random=” .. random}
return ngx.redirect(ngx.var.arg_url)
end
‘;

}
}

Ubuntuにnginxをインストールするメモ

PGPキーを追加
wget http://nginx.org/keys/nginx_signing.key -O – | sudo apt-key add –

リポジトリを追加
/etc/apt/sources.list.d/nginx.list
deb http://nginx.org/packages/ubuntu/ CODENAME nginx
deb-src http://nginx.org/packages/ubuntu/ CODENAME nginx

nginxをインストール
sudo apt update
sudo apt install nginx

Linuxのnginxでdocument rootを設定する

修正ファイル:nginx.conf
修正前
location ~ \.php$ {
root html; //デフォルト/etc/nginx/html/
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}

修正後
location ~ \.php$ {
root /usr/share/nginx/html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}

CentOS7.0にnginx1.7.4をインストールするメモ

1.g++、gcc、openssl-devel、pcre-develとzlib-develのインストール
$ yum install gcc-c++
$ yum install pcre pcre-devel
$ yum install zlib zlib-devel
$ yum install openssl openssl–devel

2.nginxのインストール
$ find -name nginx
$ yum remove nginx
$ cd /usr/local

nginxのダウンロード
$ wget http://nginx.org/download/nginx-1.7.4.tar.gz

nginxを解凍
$ tar -zxvf nginx-1.7.4.tar.gz
$ cd nginx-1.7.4

$ ./configure $ディフォルトインストール先/usr/local/nginx
$ make
$ make install

nginxの確認
$ whereis nginx

「nginx入門」httpsを設定する方法メモ

1.nginxのSSLモジュールをインストール
#./configure –prefix=/usr/local/nginx –with-http_stub_status_module –with-http_ssl_module –with-http_realip_module
#make
#make install

2.SSLの設定
upstream tomcats {
server 127.0.0.1:8080 weight=10;
}

server {
listen 443;
server_name www.xxx.com;

ssl on;

ssl_certificate /usr/local/cert/xxx.pem;
ssl_certificate_key /usr/local/cert/xxx.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;

location / {
root html;
proxy_pass http://tomcats;
index index.html index.htm;
}

}

3.httpsリダイレクト
rewrite ^(.*)$ https://$host$1 permanent;

location / {
root html;
proxy_pass http://tomcats;
index index.html index.htm;
}

4.nginx再起動
/usr/local/nginx/sbin/nginx -s reload

nginxでSSL/HTTPS設定をするメモ

サンプルコード:
server {
listen   80;
listen 443 ssl spdy;
server_name www.domain.com;
ssl on;
ssl_certificate sample.net.crt;
ssl_certificate_key sample.net.key;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout  10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE:!kEDH;
ssl_prefer_server_ciphers on;

ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/startssl_trust_chain.crt;
add_header Strict-Transport-Security “max-age=31536000”;
resolver 8.8.8.8 8.8.4.4;
location / {
root   html;
index  index.html index.htm;
}
}

centosにphp-fpm起動スクリプトを設定する方法

#vim etc/init.d/php-fpm

#!/bin/bash
#
# Startup script for the PHP-FPM server.
#
# chkconfig: 345 85 15
# description: PHP is an HTML-embedded scripting language
# processname: php-fpm
# config: /usr/local/php/etc/php.ini

# Source function library.
. /etc/rc.d/init.d/functions

PHP_PATH=/usr/local
DESC=”php-fpm daemon”
NAME=php-fpm
DAEMON=$PHP_PATH/php/sbin/$NAME
CONFIGFILE=$PHP_PATH/php/etc/php-fpm.conf
PIDFILE=$PHP_PATH/php/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME

# Gracefully exit if the package has been removed.
test -x $DAEMON || exit 0

rh_start() {
$DAEMON -y $CONFIGFILE || echo -n ” already running”
}

rh_stop() {
kill -QUIT cat $PIDFILE || echo -n ” not running”
}

rh_reload() {
kill -HUP cat $PIDFILE || echo -n ” can’t reload”
}

case “$1” in
start)
echo -n “Starting $DESC: $NAME”
rh_start
echo “.”
;;
stop)
echo -n “Stopping $DESC: $NAME”
rh_stop
echo “.”
;;
reload)
echo -n “Reloading $DESC configuration…”
rh_reload
echo “reloaded.”
;;
restart)
echo -n “Restarting $DESC: $NAME”
rh_stop
sleep 1
rh_start
echo “.”
;;
*)
echo “Usage: $SCRIPTNAME {start|stop|restart|reload}” >&2
exit 3
;;
esac
exit 0

#sudo chmod +x /etc/init.d/php-fpm
#sudo /sbin/chkconfig php-fpm on
#sudo /sbin/chkconfig –list php-fpm
php-fpm           0:off   1:off   2:on    3:on    4:on    5:on    6:off

php-fpm起動、停止、再起動
service php-fpm start
service php-fpm stop
service php-fpm restart
service php-fpm reload

/etc/init.d/php-fpm start
/etc/init.d/php-fpm stop
/etc/init.d/php-fpm restart
/etc/init.d/php-fpm reload

Linuxにnginx起動スクリプトを設定するコード

サンプルコード

#!/bin/bash
#
# Startup script for Nginx – this script starts and stops the nginx daemon
#
# chkconfig:   – 85 15
# description:  Nginx is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3 proxy server
# processname: nginx
# config:      /usr/local/nginx/conf/nginx.conf
# pidfile:     /usr/local/nginx/logs/nginx.pid

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ “$NETWORKING” = “no” ] && exit 0

nginx=”/usr/local/nginx/sbin/nginx”
prog=$(basename $nginx)

NGINX_CONF_FILE=”/usr/local/nginx/conf/nginx.conf”

[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx

lockfile=/var/lock/subsys/nginx

start() {
[ -x $nginx ] || exit 5
[ -f $NGINX_CONF_FILE ] || exit 6
echo -n $”Starting $prog: ”
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}

stop() {
echo -n $”Stopping $prog: ”
killproc $prog -QUIT
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}

restart() {
configtest || return $?
stop
sleep 1
start
}

reload() {
configtest || return $?
echo -n $”Reloading $prog: ”
killproc $nginx -HUP
RETVAL=$?
echo
}

force_reload() {
restart
}

configtest() {
$nginx -t -c $NGINX_CONF_FILE
}

rh_status() {
status $prog
}

rh_status_q() {
rh_status >/dev/null 2>&1
}

case “$1″ in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart|configtest)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo $”Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}”
exit 2
esac

#sudo chmod +x /etc/init.d/nginx
#sudo /sbin/chkconfig nginx on
#sudo /sbin/chkconfig –list nginx
nginx           0:off   1:off   2:on    3:on    4:on    5:on    6:off

nginx起動、停止、再起動
#service nginx start
#service nginx stop
#service nginx restart
#service nginx reload

/etc/init.d/nginx start
/etc/init.d/nginx stop
/etc/init.d/nginx restart
/etc/init.d/nginx reload

「nginxサーバ」.htaccessファイルを設定するメモ

1.ファイル.htaccessの作成
# nginx rewrite rule
rewrite ^(.*?)/article/.*?-(d+)-(d+).html$  $1/display.html?id=$2&page=$3   break;
rewrite ^(.*?)/category/.*?-(d+)-(d+).html$ $1/listdata.html?id=$2&page=$3   break;
rewrite ^(.*?)/tag/([^/]+)/?$  $1/tag.html?w=$2    break;
rewrite ^(.*?)/tag/([^/]+)/(d+)$    $1/tag.html?w=$2&page=$3    break;
# end nginx rewrite rule

2.nginx.confの修正
# vim  /usr/local/etc/nginx/nginx.conf
下記追加
include /usr/www/.htaccess
nginx再起動
# /usr/local/etc/rc.d/nginx restart

1 / 612345...最後 »