xiaoshuai
76 lines
1.8 KiB
Markdown
76 lines
1.8 KiB
Markdown
---
|
|
name: nginx
|
|
description: Nginx 站点配置、反向代理、SSL 证书、热重载
|
|
---
|
|
|
|
# Nginx 管理
|
|
|
|
## 快速命令
|
|
|
|
| 命令 | 说明 |
|
|
|------|------|
|
|
| `sudo nginx -t` | 测试配置语法 |
|
|
| `sudo systemctl reload nginx` | 热重载生效 |
|
|
| `ls /etc/nginx/sites-enabled/` | 查看已启用站点 |
|
|
| `sudo nginx -T` | 查看完整加载配置 |
|
|
|
|
## 站点配置
|
|
|
|
站点配置放在 `/etc/nginx/sites-available/`,软链接到 `/etc/nginx/sites-enabled/` 启用。
|
|
|
|
### 反向代理模板
|
|
|
|
```nginx
|
|
server {
|
|
listen 80;
|
|
server_name www.xsinfo.vip;
|
|
return 301 https://$host$request_uri;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl http2;
|
|
server_name www.xsinfo.vip;
|
|
|
|
ssl_certificate /etc/letsencrypt/live/www.xsinfo.vip/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/www.xsinfo.vip/privkey.pem;
|
|
include /etc/letsencrypt/options-ssl-nginx.conf;
|
|
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
|
|
|
location / {
|
|
proxy_pass http://127.0.0.1:1234;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
}
|
|
}
|
|
```
|
|
|
|
### 启用/禁用站点
|
|
|
|
```bash
|
|
sudo ln -s /etc/nginx/sites-available/mysite /etc/nginx/sites-enabled/mysite
|
|
sudo rm /etc/nginx/sites-enabled/mysite
|
|
```
|
|
|
|
## SSL 证书
|
|
|
|
```bash
|
|
# 申请 Let's Encrypt 证书
|
|
sudo certbot --nginx -d www.xsinfo.vip
|
|
|
|
# 续期测试
|
|
sudo certbot renew --dry-run
|
|
|
|
# 查看已有证书
|
|
sudo certbot certificates
|
|
```
|
|
|
|
## 常见问题
|
|
|
|
| 问题 | 排查 |
|
|
|------|------|
|
|
| 502 Bad Gateway | `curl http://127.0.0.1:1234` 确认后端运行 |
|
|
| 配置无效 | `sudo nginx -t` 检查语法 |
|
|
| proxy_pass 路径错 | 末尾斜杠含义不同:无斜杠保持路径,有斜杠替换路径 | |