Install
# download pcre from <https://sourceforge.net/projects/pcre/files/pcre/>
tar -xvf pcre-8.41.tar.gz
# download zlib from <http://zlib.net/>
tar -xvf zlib-1.2.11.tar.gz
# download nginx-dav-ext-module form <https://github.com/arut/nginx-dav-ext-module>
tar -xvf nginx-dav-ext-module-3.0.0.tar.gz
# maybe needed: yum -y install libxml2 libxml2-dev && yum -y install libxslt-devel
./configure --prefix=/home/ywmu/.soft/nginx --pid-path=/tmp/nginx/nginx.pid --lock-path=/tmp/nginx/ --http-proxy-temp-path=/tmp/nginx/proxy --http-fastcgi-temp-path=/tmp/nginx/fastcgi --http-uwsgi-temp-path=/tmp/nginx/uwsgi --http-scgi-temp-path=/tmp/nginx/-scgi --error-log-path=/tmp/nginx/error.log --http-log-path=/tmp/nginx/web.log --http-client-body-temp-path=/tmp/nginx/client --with-http_ssl_module --with-http_stub_status_module --with-http_dav_module --with-pcre=/home/ywmu/backup/compiled.soft/nginx/pcre-8.44 --with-zlib=/home/ywmu/backup/compiled.soft/nginx/zlib-1.2.11 --add-module=/home/ywmu/backup/compiled.soft/nginx/nginx-dav-ext-module-3.0.0
make
make install
echo ywmu:$(/home/user/soft/nginx/sbin/ngpw.pl $password)>/home/user/soft/nginx/conf/.ngpass
/home/user/soft/nginx/sbin/sslkey.sh
## run as root
firewall-cmd --zone=public --add-port=8080/tcp --permanent
firewall-cmd --zone=public --add-port=8081/tcp --permanent
firewall-cmd --zone=public --add-port=8082/tcp --permanent
firewall-cmd --zone=public --add-port=8083/tcp --permanent
firewall-cmd --reload
firewall-cmd --list-all
Configuration
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
pid /tmp/nginx/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /tmp/nginx/php/log/www.access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#For BQSS
server {
listen 1215;
listen 8080 ssl;
server_name localhost;
if ($scheme = http) {
return 301 https://$host:8080$request_uri;
#rewrite ^(.*)$ https://$server_name:8080$1 permanent;
}
ssl_certificate server.crt;
ssl_certificate_key server.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
#charset koi8-r;
location / {
root /tmp/muqtask;
index index.html index.htm;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Cookie $http_cookie;
set $ifproxy 0;
if ($server_addr ~ "^115.24.") {
set $ifproxy "${ifproxy}1";
}
if ($arg_head ~* "ims01") {
set $ifproxy "${ifproxy}2";
}
if ($ifproxy = "012") {
proxy_pass https://172.21.168.101:8080;
break;
}
}
location /CentOS/ {
allow 192.168.8.0/24;
allow 115.24.3.0/24;
allow 172.24.3.0/24;
#allow 172.21.0.0/16;
deny all;
alias /home/user/backup/CentOS/;
index index.html index.htm;
}
location /Tasks/ {
alias /home/user/soft/Manuals/;
index Tasks_self.html;
auth_basic "Tasks For Mu";
auth_basic_user_file /home/user/soft/nginx/conf/.ngpass;
}
location ~* \.(ini|docx|txt|doc|tmp)$ {
deny all;
}
#error_page 404 /404.html;
#redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
#reverse proxy
server {
listen 8081 ssl;
server_name localhost;
ssl_certificate server.crt;
ssl_certificate_key server.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 60s;
proxy_read_timeout 60s;
proxy_send_timeout 60s;
location / {
proxy_pass https://172.21.168.101:443/;
}
}
#With php+SSL
server {
listen 8082 ssl;
server_name localhost;
root /home/user/soft/nginx/Blog/ ;
index index.html index.htm index.php;
ssl_certificate server.crt;
ssl_certificate_key server.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location ~ \.(jpg|png|gif|js|css|swf|flv|ico)$ {
expires 12h;
}
location / {
auth_basic "Pass For Proxy";
auth_basic_user_file /home/user/soft/nginx/conf/.ngpass;
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?$1 last ;
break;
}
}
location ~* ^/(doc|logs|app|sys)/ {
return 403;
}
location ~ .*\.(php|php5)?$
{
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_pass unix:/tmp/nginx/php/run/php7-fpm.sock ;
#fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
#Proxy
server {
listen 8083;
access_log off;
location / {
resolver 202.207.208.8 202.207.208.9;
proxy_pass $scheme://$http_host$request_uri;
proxy_buffers 256 4k;
proxy_max_temp_file_size 0k;
auth_basic "Pass For Proxy";
auth_basic_user_file /home/user/.soft/nginx/conf/.ngpass;
}
}
}