安装 Nginx
一、下载 nginx 源文件
进入 nginx 官网下载 nginx 的稳定版本,我下载的是 1.10.0。
解压:tar -zxvf nginx-1.24.0.tar.gz
以 CentOS7 为例, 安装对应的依赖
yum -y install gcc pcre pcre-devel zlib zlib-devel openssl openssl-devel
Ubuntu
sudo apt install -y build-essential libpcre3 libpcre3-dev zlib1g-dev libssl-dev
二、开始编译安装
cd nginx-1.24.0/
./configure --prefix=/usr/local/nginx --with-http_ssl_module
make && make install
# 安装完成后查看状态
systemctl status nginx
./configure --prefix=/usr/local/software/nginx --with-http_ssl_module
二、Nginx 使用配置
server {
#SSL 默认访问端口号为 443
listen 443 ssl;
#请填写绑定证书的域名
server_name domain;
#请填写证书文件的相对路径或绝对路径
ssl_certificate /etc/nginx/ca/domain_bundle.crt;
#请填写私钥文件的相对路径或绝对路径
ssl_certificate_key /etc/nginx/ca/domain.key;
ssl_session_timeout 5m;
#请按照以下协议配置
ssl_protocols TLSv1.2 TLSv1.3;
#请按照以下套件配置,配置加密套件,写法遵循 openssl 标准。
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
add_header Access-Control-Allow-Origin * always;
add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,accessToken,FrontVersion';
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, PUT, PATCH, DELETE, HEAD" always;
add_header Access-Control-Max-Age 86400 always;
client_max_body_size 2000M;
client_body_buffer_size 10240k;
location / {
#网站主页路径。此路径仅供参考,具体请您按照实际目录操作。
#例如,您的网站主页在 Nginx 服务器的 /etc/www 目录下,则请修改 root 后面的 html 为 /etc/www。
root /home/vserver/ZLMediaKit/release/linux/Debug/www;
index index.m3u8 index.html index.htm;
}
location /static {
alias /var/www/static;
}
location /assets {
alias /home/myworkspace/sftproot;
}
location /media {
root /home/myworkspace/static;
}
location ^~ /smartApi {
proxy_pass http://127.0.0.1:9133/;
proxy_set_header Host $host;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 600;
}
if ($request_method = 'OPTIONS') {
return 204;
}
}
- 添加播放视频端口转换 端口不够用
location ~ ^/rtc {
proxy_set_header Host $host;
proxy_pass http://localhost:1985;
proxy_read_timeout 600;
}
- nginx 取反
if ($request_uri !~ "(/img|/js|/index)") {set $rewrite_yes "y";}
- Access to XMLHttpRequest at ‘xxx’ from origin ‘xxx’ has been blocked by CORS policy: The ‘Access-Control-Allow-Origin’ header contains multiple values ‘_, _’, but only one is allowed.
背景: 我的后端使用了 Django + corsheaders 允许跨域, 而昨天同事在配置 Nginx 时, 将整个 server 块都添加了跨域支持, 也就是在同一个响应报文里, Access-Control-Allow-Origin 头被设置了两次(corsheaders 设置一次, 在 nginx 中又被设置了一次), 也就成为了多值(本应该是’‘, 实际返回的是’, *‘), 导致浏览器禁止跨域.
解决方案就是把 Nginx 中的 add_header Access-Control-Allow-Origin *;指令, 应用在同事的 location 块而非整个 server 块, 恢复正常.
nginx: [emerg] “add_header” directive is not allowed here in xx
add_header 指令不能直接在 if 判断内, 可以在 http、server、server.location、server.location.if 下
location ~ ^/(?!rtc)/
location ~ .*.(gif|js|css)$
{
expires 5d;
access_log off;
}VITE HTTPS
//1.添加依赖
pnpm add vite-plugin-mkcert -D
//2.在 vite.config.js 里面引入
import mkcert from “vite-plugin-mkcert”;
export default defineConfig({
server: {
https: true // 需要开启 https 服务
},
plugins: [mkcert()] // 插件引用
})
- 配置 websocket 代理
location ^~ /imserver {
proxy_pass http://127.0.0.1:9502;
proxy_set_header Host $host;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
}