--- 标签: - nginx类别: - 网络日期:创建时间:2024-01-17# 更新时间:2024-01-19---
在 RHEL 上使用 Nginx 进行反向代理¶
介绍本文介绍了一种在 RHEL 上使用 Nginx Web 服务器进行反向代理的方法。¶
1.安装Nginx```¶
sudo dnf install nginx
## 2.编辑Nginx配置文件### (1).`/etc/nginx/nginx.conf````
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
}
(2)。/etc/nginx/conf.d/*.conf中的站点配置```¶
server { server_name WEB.DOMAIN.com; location / { proxy_ssl_server_name on; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host \(host; proxy_pass http://\)host:$remote_port; } listen 443 ssl http2; # DO NOT NEED IF YOU USE NGINX ssl_certificate path/to/certificate/fullchain.pem; # DO NOT NEED IF YOU USE NGINX ssl_certificate_key path/to/certificate//privkey.pem; # DO NOT NEED IF YOU USE NGINX }
(2)。 (可选)安装 nginx 插件```¶
sudo dnf install python3-certbot-nginx
(4)。申请SSL证书根据以上步骤,获得证书的方法有很多种。我们演示了两种匹配之前步骤(2)和(3)的方法。¶
- 使用 Nginx 签名
这样,证书将自动配置在文件夹/etc/nginx/conf.d/中的 *.conf 中。
2. 使用 dns-cloudflare 签名
sudo certbot certonly --dns-cloudflare \
--dns-cloudflare-credentials \
~/.secrets/certbot/cloudflare.ini \
-d example.com
这样就需要一个cloudflare密钥文件:cat cloudflare.ini # Cloudflare API credentials used by Certbot
dns_cloudflare_api_token = 0123456789abcdef0123456789abcdef01234
4.设置SELinux sebool```¶
sudo setsebool -P httpd_can_network_connect 1 ```
参考文献[1]. https://certbot.eff.org/¶
[2]. https://certbot-dns-cloudflare.readthedocs.io/en/stable/
[3]. https://docs.nginx.com/
[4]. https://stackoverflow.com/questions/23948527/13-permission-denied-while-connecting-to-upstreamnginx
[5]. 让 Certbot 加密 [6]. SElinux-初探 [7]. RHEL9-激活 [8]. RHEL9-RPM-Fusion-Repo