LIVE_STREAM_CONNECTED
Nginx 安装配置与使用指南
A
Mastermind
admin
Dimension
Linux
Timestamp
2025年12月21日
Nginx 是高性能的 Web 服务器和反向代理服务器,广泛用于生产环境。
安装
Ubuntu/Debian
sudo apt update
sudo apt install nginx
CentOS
sudo yum install epel-release
sudo yum install nginx
验证安装
nginx -v
sudo systemctl status nginx
基础配置
配置文件位置:/etc/nginx/nginx.conf
站点配置:/etc/nginx/sites-available/ 和 /etc/nginx/sites-enabled/
静态网站
server {
listen 80;
server_name example.com;
root /var/www/html;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
反向代理
server {
listen 80;
server_name example.com;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cache_bypass $http_upgrade;
}
}
负载均衡
upstream backend {
server 127.0.0.1:3001 weight=3;
server 127.0.0.1:3002 weight=2;
server 127.0.0.1:3003 weight=1;
}
server {
listen 80;
server_name example.com;
location / {
proxy_pass http://backend;
}
}
HTTPS 配置
Let's Encrypt (Certbot)
# 安装 certbot
sudo apt install certbot python3-certbot-nginx
# 申请证书
sudo certbot --nginx -d example.com -d www.example.com
# 自动续期
sudo certbot renew --dry-run
手动配置 SSL
server {
listen 443 ssl http2;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
ssl_prefer_server_ciphers off;
location / {
proxy_pass http://localhost:3000;
}
}
# HTTP 重定向到 HTTPS
server {
listen 80;
server_name example.com;
return 301 https://$server_name$request_uri;
}
常用配置
Gzip 压缩
gzip on;
gzip_vary on;
gzip_min_length 1024;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml;
缓存静态资源
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
expires 30d;
add_header Cache-Control "public, immutable";
}
SPA 应用
server {
listen 80;
server_name example.com;
root /var/www/dist;
index index.html;
location / {
try_files $uri $uri/ /index.html;
}
location /api {
proxy_pass http://localhost:8080;
}
}
限流
limit_req_zone $binary_remote_addr zone=one:10m rate=10r/s;
server {
location /api {
limit_req zone=one burst=20 nodelay;
proxy_pass http://localhost:8080;
}
}
跨域配置
location /api {
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,Content-Type';
if ($request_method = 'OPTIONS') {
return 204;
}
proxy_pass http://localhost:8080;
}
服务管理
# 测试配置
sudo nginx -t
# 重载配置
sudo nginx -s reload
# 启动/停止/重启
sudo systemctl start nginx
sudo systemctl stop nginx
sudo systemctl restart nginx
# 查看日志
tail -f /var/log/nginx/access.log
tail -f /var/log/nginx/error.log
常见问题
502 Bad Gateway
- 检查后端服务是否运行
- 检查 proxy_pass 地址是否正确
- 查看 error.log 定位问题
权限问题
sudo chown -R www-data:www-data /var/www/html
sudo chmod -R 755 /var/www/html
总结
Nginx 核心功能:静态文件服务、反向代理、负载均衡、SSL 终端。配置灵活强大,是生产环境首选。