CentOS 7 Nginx 使用示例

1. 使用yum安装Nginx

yum install -y epel-release
yum makecache fast
yum install -y nginx

2. 配置Nginx，这里仅提供一个七层HTTP代理的示例，实际中请根据需要修改

# （1）HTTP代理
# 新建配置文件 /etc/nginx/conf.d/remote_xxx.conf

upstream remote-xxx {
    server x.x.x.x:43747;
}

server {
    listen 43747;
    server_name 111.206.120.158;
    access_log  /var/log/nginx/remote-xxx-access.log  main;
    error_log /var/log/nginx/remote-xxx-error.log;
    add_header Cache-Control no-cache;

    location / {
        proxy_pass http://remote-xxx/;
        proxy_http_version 1.1;
        proxy_connect_timeout 30m;
        proxy_send_timeout 30m;
        proxy_read_timeout 30m;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;
        proxy_buffering off;
    }
}

# （2）HTTPS代理
# 在 /etc/nginx/nginx.conf 中配置SSL证书
。。。。。。
http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;
    ssl_certificate /data/demo/ssl/3838460__xesv5.com.pem;  # 指定证书的位置，绝对路径
    ssl_certificate_key /data/demo/ssl/3838460__xesv5.com.key;  # 绝对路径，同上
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
    ssl_prefer_server_ciphers on;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;
。。。。。。


# 新建配置文件 /etc/nginx/conf.d/xxx_xx_ssl.conf
upstream xxx-xx {
    server x.x.x.x:6088;
}

server {
    listen 0.0.0.0:9606 ssl;
    server_name xxx-xx;
    access_log  /var/log/nginx/xxx-xx-access.log  main;
    error_log /var/log/nginx/xxx-xx-error.log;

    location / {
        proxy_pass http://xxx-xx/;
        proxy_http_version 1.1;
        proxy_connect_timeout 30m;
        proxy_send_timeout 30m;
        proxy_read_timeout 30m;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;
    }
}

# （3）TCP代理
# 在 /etc/nginx/nginx.conf 配置同时可以使用http和stream
。。。。。。
http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;
    ssl_certificate /data/demo/ssl/3838460__xesv5.com.pem;  # 指定证书的位置，绝对路径
    ssl_certificate_key /data/demo/ssl/3838460__xesv5.com.key;  # 绝对路径，同上
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
    ssl_prefer_server_ciphers on;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/http_*.conf;
。。。。。。

stream {
    include /etc/nginx/conf.d/stream_*.conf;
}

# 新建配置文件 /etc/nginx/conf.d/stream_prom_snmp.conf
upstream backend1 {
    server 192.168.112.130:41782 max_fails=3 fail_timeout=30s;
}

server {
    listen 41782;
    proxy_connect_timeout 1s;
    proxy_timeout 3s;
    proxy_pass backend1;
}

# （4）UDP代理
# 在 /etc/nginx/nginx.conf 配置同时可以使用http和stream
。。。。。。
http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;
    ssl_certificate /data/demo/ssl/3838460__xesv5.com.pem;  # 指定证书的位置，绝对路径
    ssl_certificate_key /data/demo/ssl/3838460__xesv5.com.key;  # 绝对路径，同上
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
    ssl_prefer_server_ciphers on;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/http_*.conf;
。。。。。。

stream {
    include /etc/nginx/conf.d/stream_*.conf;
}

# 新建配置文件 /etc/nginx/conf.d/stream_core_dns.conf
upstream backend2 {
    server 192.168.112.130:31857 max_fails=3 fail_timeout=30s;
}

server {
    listen 53 udp;
    proxy_connect_timeout 1s;
    proxy_timeout 3s;
    proxy_pass backend2;
}

4. 启动Nginx

systemctl start nginx.service
systemctl status nginx.service

5. 参考资料

https://blog.csdn.net/weixin_44723434/article/details/97809824
http://nginx.org/en/docs/stream/ngx_stream_core_module.html
http://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_connect_timeout