Nginx部署文件服务之远程访问文件

通用编译环境安装命令（最后一次更新于2020年7月10日15:57:23）

yum install gcc gcc-c++ automake pcre pcre-devel zlip zlib-devel openssl openssl-devel

1.在线yum下载安装nginx(当前最新版本1.18.0发布于2020-04-21,Nginx手动下载地址)

$ wget http://nginx.org/download/nginx-1.18.0.tar.gz  
$ useradd -d /home/nginx -m nginx  
$ tar -zxvf nginx-1.18.0.tar.gz  
$ cd nginx-1.18.0  
$ ./configure --user=nginx --group=nginx --prefix=/home/nginx --with-http_stub_status_module --with-http_ssl_module --with-stream --with-stream_ssl_module  
$ make && make install  

$ 配置文件服务器

server {
    listen 端口 ssl;
    server_name  域名;
    access_log /home/nginx/download.log;
    charset utf-8;
    root /home/ftp;
    ssl_certificate   cert/xxxxxxxxxxxxxx.pem;
    ssl_certificate_key  cert/xxxxxxxxxxxxxx.com.key;
    ssl_session_timeout 60m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    location / {
	    autoindex_exact_size off;
	    proxy_set_header X-Real-IP $remote_addr;
	    proxy_set_header   Host $host;
	    client_max_body_size 100m;
	    client_body_buffer_size  128k;
	    proxy_connect_timeout 1200;
	    proxy_read_timeout   1200;
	    proxy_send_timeout   6000;
	    proxy_buffer_size 32k;
	    proxy_buffers 4 64k;
	    proxy_busy_buffers_size 128k;
	    proxy_temp_file_write_size 128k;
	    autoindex on;
	    limit_rate_after 25m; # 达到最大带宽时开始限制  
	    limit_rate 25m; # 带宽限制
	    if ($request_filename ~* ^.*?.(jar|txt|doc|pdf|rar|gz|zip|docx|exe|xlsx|ppt|pptx)$){
	    add_header Content-Disposition: 'attachment;';
    	}
	#新增解决图片跨域问题
	add_header Access-Control-Allow-Origin *;
        add_header Access-Control-Allow-Methods 'GET,POST';
        add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
	}
}

--------------------------启动/校验/停止----------------
访问地址：https://域名:端口/

检查配置文件是否有错误

  $./nginx -t 

指定配置文件

  $./nginx -c /home/nginx/conf/nginx.conf  

优雅停止

  $./nginx -s stop  

---

以下为编译模块命令，用来备忘（无需关注，防止忘记，记录在下面）：

./configure 
--user=nginx 
--group=nginx 
--prefix=/home/nginx 
--with-threads 
--with-file-aio 
--with-http_ssl_module 
--with-http_v2_module 
--with-http_realip_module 
--with-http_addition_module 
--with-http_xslt_module 
--with-http_gunzip_module 
--with-http_gzip_static_module 
--with-http_auth_request_module 
--with-http_random_index_module 
--with-http_secure_link_module 
--with-http_degradation_module 
--with-http_slice_module 
--with-http_stub_status_module 
--with-stream 
--with-stream_ssl_module 
--with-stream_realip_module 
--with-stream_ssl_preread_module 

---

其他使用实例

user  root;
worker_processes  1;

error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

pid        logs/nginx.pid;


events {
    worker_connections  1024;
}

stream {
    upstream ssh40 {
    server 192.168.3.40:55555;
    }
    upstream ssh41 {
    server 192.168.3.41:55555;
    }
    upstream ssh42 {
    server 192.168.3.42:55555;
    }
    upstream ssh43 {
    server 192.168.3.43:55555;
    }
    upstream ssh44 {
    server 192.168.3.44:55555;
    }
    upstream ssh45 {
    server 192.168.3.45:55555;
    }
    upstream ssh47 {
    server 192.168.3.47:55555;
    }
    upstream ssh48 {
    server 192.168.3.48:55555;
    }
    upstream ssh49 {
    server 192.168.3.49:55555;
    }
    upstream ssh50 {
    server 192.168.3.50:22;
    }
    
    upstream ssh49-harbor {
    server 192.168.3.49:9343;
    }
    upstream ssh49-docker {
    server 192.168.3.49:9349;
    }
    upstream ssh49-portainer-ce {
    server 192.168.3.49:9350;
    }
    upstream ssh49-minio {
    server 192.168.3.49:9351;
    }
    upstream ssh49-registry {
    server 192.168.3.49:9352;
    }
    
    server { 
    #里面可以有多个监听服务，配置监听端口和代理的ip和端口就可以进行tcp代理了。 
    listen 10040;
    proxy_pass ssh40;
    proxy_connect_timeout 1h;
    proxy_timeout 1h;
    }
    server { 
    #里面可以有多个监听服务，配置监听端口和代理的ip和端口就可以进行tcp代理了。 
    listen 10041;
    proxy_pass ssh41;
    proxy_connect_timeout 1h;
    proxy_timeout 1h;
    }
    server { 
    #里面可以有多个监听服务，配置监听端口和代理的ip和端口就可以进行tcp代理了。 
    listen 10042;
    proxy_pass ssh42;
    proxy_connect_timeout 1h;
    proxy_timeout 1h;
    }
    server { 
    #里面可以有多个监听服务，配置监听端口和代理的ip和端口就可以进行tcp代理了。 
    listen 10043;
    proxy_pass ssh43;
    proxy_connect_timeout 1h;
    proxy_timeout 1h;
    }
    server { 
    #里面可以有多个监听服务，配置监听端口和代理的ip和端口就可以进行tcp代理了。 
    listen 10044;
    proxy_pass ssh44;
    proxy_connect_timeout 1h;
    proxy_timeout 1h;
    }
    server { 
    #里面可以有多个监听服务，配置监听端口和代理的ip和端口就可以进行tcp代理了。 
    listen 10045;
    proxy_pass ssh45;
    proxy_connect_timeout 1h;
    proxy_timeout 1h;
    }
    server { 
    #里面可以有多个监听服务，配置监听端口和代理的ip和端口就可以进行tcp代理了。 
    listen 10047;
    proxy_pass ssh47;
    proxy_connect_timeout 1h;
    proxy_timeout 1h;
    }
    server { 
    #里面可以有多个监听服务，配置监听端口和代理的ip和端口就可以进行tcp代理了。 
    listen 10048;
    proxy_pass ssh48;
    proxy_connect_timeout 1h;
    proxy_timeout 1h;
    }
    server { 
    #里面可以有多个监听服务，配置监听端口和代理的ip和端口就可以进行tcp代理了。 
    listen 10049;
    proxy_pass ssh49;
    proxy_connect_timeout 1h;
    proxy_timeout 1h;
    }
    server { 
    #里面可以有多个监听服务，配置监听端口和代理的ip和端口就可以进行tcp代理了。 
    listen 10050;
    proxy_pass ssh50;
    proxy_connect_timeout 1h;
    proxy_timeout 1h;
    }

    # 49服务器专用
    server { 
    #49上的Harbor仓库
    listen 9343 ssl;
    ssl_certificate /root/.cert/************.pem;
    ssl_certificate_key /root/.cert/************.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_prefer_server_ciphers on;
    ssl_handshake_timeout 10s;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 1h;
    proxy_pass ssh49-harbor;
    proxy_connect_timeout 1h;
    proxy_timeout 1h;
    }
    server { 
    #49上的Docker
    listen 9349 ssl;
    ssl_certificate /root/.cert/************.pem;
    ssl_certificate_key /root/.cert/************.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_prefer_server_ciphers on;
    ssl_handshake_timeout 10s;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 1h;
    proxy_pass ssh49-docker;
    proxy_connect_timeout 1h;
    proxy_timeout 1h;
    }
    server { 
    #49上的docker管理工具Portainer-ce
    listen 9350 ssl;
    ssl_certificate /root/.cert/************.pem;
    ssl_certificate_key /root/.cert/************.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_prefer_server_ciphers on;
    ssl_handshake_timeout 10s;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 1h;
    proxy_pass ssh49-portainer-ce;
    proxy_connect_timeout 1h;
    proxy_timeout 1h;
    }
    server { 
    #49上的docker管理工具Portainer-ce
    listen 9351 ssl;
    ssl_certificate /root/.cert/************.pem;
    ssl_certificate_key /root/.cert/************.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_prefer_server_ciphers on;
    ssl_handshake_timeout 10s;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 1h;
    proxy_pass ssh49-minio;
    proxy_connect_timeout 1h;
    proxy_timeout 1h;
    }
    server { 
    #49上的Registry
    listen 9352 ssl;
    ssl_certificate /root/.cert/************.pem;
    ssl_certificate_key /root/.cert/************.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_prefer_server_ciphers on;
    ssl_handshake_timeout 10s;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 1h;
    proxy_pass ssh49-registry;
    proxy_connect_timeout 1h;
    proxy_timeout 1h;
    }
}