基本Nginx配置: 可以用于反向代理本地服务,ip:port 或者 socket; 还可以简单地反向代理其他网站。 修改{{project.conf}}、{{domain}}、{{ip:port}}/{{to-porxy-domain}};
sudo nano /etc/nginx/sites-available/{{project.conf}}
server {
listen 80;
server_name {{domain}};
return 301 https://$host$request_uri;
}
server {
location / {
proxy_pass {{ip:port}}/{{to-porxy-domain}};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# auth_basic "Restricted";
# auth_basic_user_file /etc/nginx/sites-available/.bin_htpasswd;
}
}
使用htpasswd为网站设置密码(可选) 实现http验证
sudo apt install apache2-utils
sudo htpasswd -c .{{project-htpasswd}} jay # 在当前目录创建username为jay的.{{project-htpasswd}}的隐藏文件,-c覆盖以前的配置
sudo htpasswd -c .{{another-project-htpasswd}} admin # 在当前目录创建username为admin的.{{another-project-htpasswd}}的htpasswd文件
sudo htpasswd .{{project-htpasswd}} jaychou # # 在创建username为jaychou的用户,不覆盖配置)
sudo htpasswd -m .{{project-htpasswd}} jay # 修改用户jay密码
sudo htpasswd -D .reddit_htpasswd jay # 删除用户jay的信息
在/etc/nginx/sites-available/修改完基本的conf 使用以下命令启动nginx
sudo ln -s /etc/nginx/sites-available/{{project.conf}} /etc/nginx/sites-enabled/
sudo nginx -t
sudo nginx -s reload
在cloudflare配置好A记录
A | sub | xxx.xxx.xxx.xxx
申请letsencrypt证书 停用80端口
sudo certbot certonly --standalone -d {{domain}}
获取完证书后删除原来的{{project.conf}},替换为以下的配置 修改{{project.conf}}、{{domain}}、{{ip:port}}/{{to-porxy-domain}};
server {
listen 80;
server_name {{domain}};
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name {{domain}};
ssl_certificate /etc/letsencrypt/live/{{domain}}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{domain}}/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
location / {
proxy_pass {{ip:port}}/{{to-porxy-domain}};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# auth_basic "Restricted";
# auth_basic_user_file /etc/nginx/sites-available/.bin_htpasswd;
}
}
再次重启nginx
sudo rm /etc/nginx/sites-enabled/{{project.conf}}
sudo ln -s /etc/nginx/sites-available/{{project.conf}} /etc/nginx/sites-enabled/
sudo nginx -t
sudo nginx -s reload
You must log in or register to comment.