侧边栏壁纸
博主头像
six

阶段性踌躇满志,持续性混吃等死

  • 累计撰写 8 篇文章
  • 累计创建 9 个标签
  • 累计收到 5 条评论

目 录CONTENT

文章目录

Linux(CentOS7)上安装OpenResty

six
six
2023-03-08 / 0 评论 / 0 点赞 / 257 阅读 / 507 字

环境

  • CentOS7
  • OpenResty 1.21.4.1

我环境里面原来有一个OpenResty1.19版本,我先卸载

备份/卸载

备份

cp -r /usr/local/openresty /usr/local/openresty.bk

卸载删除

yum remove openresty

sudo find / -name openresty
# 删除查出来的文件
rm -rf /usr/local/openresty

安装

http://openresty.org/cn/linux-packages.html#centos

wget https://openresty.org/package/centos/openresty.repo
sudo mv openresty.repo /etc/yum.repos.d/

# update the yum index:
sudo yum check-update

sudo yum install -y openresty

# 验证
openresty -V

软连接(可选)

ln -sf /usr/local/openresty/nginx/sbin/nginx /usr/local/bin/nginx
# 链接配置
ln -s /usr/local/openresty/nginx/conf /etc/nginx
# 链接日志
ln -s /usr/local/openresty/nginx/logs /var/log/nginx
# 链接html
mkdir /usr/share/nginx
ln -s /usr/local/openresty/nginx/html /usr/share/nginx/html

SSL配置

http://nginx.org/en/docs/http/ngx_http_ssl_module.html
https://www.361way.com/nginx-ssl-session-cache/6306.html
https://blog.csdn.net/eebaicai/article/details/84540439

server {
  listen 443 ssl;
  server_name sixmillions.cn;

  ssl_certificate /root/.acme.sh/sixmillions.cn/fullchain.cer;
  ssl_certificate_key /root/.acme.sh/sixmillions.cn/sixmillions.cn.key;
  ssl_session_cache shared:SSL:10m;
  ssl_prefer_server_ciphers on;

  client_max_body_size 1024m;

  location / {
    proxy_pass http://127.0.0.1:8160;
    proxy_set_header HOST $host;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }

  location = /robots.txt {
    default_type text/plain;
    content_by_lua_block {
      -- ngx.say('User-agent: *\nDisallow: /');
      ngx.say('User-agent: *\nAllow: /');
    }
  }

  location /hello {
    default_type text/html;
    content_by_lua_block {
      ngx.say("<H2>Hello OpenResty!!</H2><a target=\"_blank\" href=\"http://openresty.org/cn\">中文官方</a>");
    }
  }

  error_page 500 502 503 504 /50x.html;
  location = /50x.html {
    root /usr/share/nginx/html;
  }

  location /uri {
    stub_status;
  }
  location =/access.log {
    return 204;
  }
}
server {
  listen 80;
  server_name sixmillions.cn www.sixmillions.cn;
  rewrite ^/(.*)$ https://sixmillions.cn/$1 permanent;
}

server {
  listen 443 ssl;
  server_name www.sixmillions.cn;

  # http://nginx.org/en/docs/http/ngx_http_ssl_module.html
  ssl_certificate /root/.acme.sh/sixmillions.cn/fullchain.cer;
  ssl_certificate_key /root/.acme.sh/sixmillions.cn/sixmillions.cn.key;
  ssl_session_cache shared:SSL:10m;
  ssl_prefer_server_ciphers on;
  # 下面是默认,可以不写
  # ssl_session_timeout 5m;
  # ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  # ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;

  # 重定向,www跳无www的地址,这样url短一些
  return 301 https://sixmillions.cn$request_uri;
}
0

评论区