1 安装依赖

yum -y install gcc zlib zlib-devel pcre-devel openssl openssl-devel

2 下载Nginx

wget http://nginx.org/download/nginx-1.21.3.tar.gz

3 安装目录

mkdir -p /data/apps/nginx

4 安装

4.1 创建用户

创建用户nginx使用的nginx用户。

#添加www组    
# groupadd nginx  #创建nginx运行账户nginx并加入到nginx组，不允许nginx用户直接登录系统
# useradd -g  nginx nginx -s /bin/false  

4.2 安装

tar -zxvf nginx-1.21.3.tar.gz
cd nginx-1.21.3/
./configure --user=nginx --group=nginx --prefix=/data/apps/nginx  --with-http_stub_status_module --with-http_ssl_module --with-http_realip_module
makemake install

5 检查是否安装成功

cd /data/apps/nginx/sbin
./nginx -t

nginx: the configuration file /data/apps/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /data/apps/nginx/conf/nginx.conf test is successful

6 配置防火墙

6.1 自己配置

   # vi + /etc/sysconfig/iptables-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT# service iptables restart

6.2 腾讯云服务器(就不用6.1配置了)

nginx_56">7 启动nginx

/data/apps/nginx/sbin/nginx -c /data/apps/nginx/conf/nginx.conf

ssl_61">8 配置ssl

8.1 nacos

mkdir -p /data/apps/nginx/ssl

下载腾讯云免费ssl证书，nacos.xxx.com_nginx.zip

cp /tmp/nacos.xxx.com_nginx.zip /data/apps/nginx/ssl/
cd  /data/apps/nginx/ssl/
unzip nacos.xxx.com_nginx.zip
mv nacos.xxx.com_nginx nacos.xxx.com

修改配置文件
vim /data/apps/nginx/conf/nginx.conf

server {listen 443 ssl;server_name nacos.xxx.com;ssl_certificate  /data/apps/nginx/ssl/nacos.xxx.com/nacos.xxx.com_bundle.crt;ssl_certificate_key /data/apps/nginx/ssl/nacos.xxx.com/nacos.xxx.com.key;ssl_session_timeout 5m;ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;ssl_protocols TLSv1.2 TLSv1.3;ssl_prefer_server_ciphers on;client_max_body_size 50m;location / {proxy_pass http://127.0.0.1:8848;}}

重启nginx

cd /data/apps/nginx/sbin
./nginx -s reload

https://nacos.xxx.com/nacos

8.2 网关(api-gateway)

参考8.1

cp /tmp/stars.xxxx.com_nginx.zip /data/apps/nginx/ssl/
cd /data/apps/nginx/ssl/
unzip stars.wbbyy.com_nginx.zip
mv stars.wbbyy.com_nginx stars.wbbyy.com

server {listen 443 ssl;server_name gateway.xxx.com; ssl_certificate  /data/apps/nginx/ssl/gateway.xxx.com/gateway.xxx.com_bundle.crt; ssl_certificate_key /data/apps/nginx/ssl/gateway.xxx.com/gateway.xxx.com.key; ssl_session_timeout 5m;ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;ssl_protocols TLSv1.2 TLSv1.3;ssl_prefer_server_ciphers on;client_max_body_size 50m;location / {proxy_pass http://127.0.0.1:8088;}} 
```