如何设置Nginx反向代理

设置Nginx反向代理

步骤1.首先，让我们首先确保您的系统是最新的。

sudo dnf update

步骤2.在Linux系统上安装Nginx。

• 在CentOS 8上安装Nginx只需输入以下内容即可：

sudo dnf install nginx

• 在Ubuntu 20.04 LTS上安装Nginx只需键入以下命令：

sudo apt install nginx

安装完成后，启用并启动Nginx服务：

sudo systemctl enable nginx
sudo systemctl start nginx

在浏览器中导航到，以验证网络服务器是否按预期运行：http://localhost

步骤3.设置并将NGINX用作反向代理。

首先，按照以下命令禁用虚拟主机：

sudo unlink /etc/nginx/sites-enabled/default

我们需要在包含反向代理信息的目录中创建一个文件。我们可以举个例子：/etc/nginx/sites-availablereverse-proxy.conf

nano reverse-proxy.conf

server {
    listen 80;
    location / {
        proxy_pass http://192.168.77.20;
    }
}

这里重要的部分是proxy_pass指令，该指令实际上告诉所有通过Nginx反向代理的请求都将传递到Apache远程套接字192.168.77.20:80。

将适当的指令添加到文件后，通过链接到以下命令来激活它：.conf/sites-enabled/

ln -s /etc/nginx/sites-available/reverse-proxy.conf /etc/nginx/sites-enabled/reverse-proxy.conf

测试Nginx配置文件：

$ sudo nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

最后，我们需要运行Nginx配置测试并重新启动Nginx来检查其性能：

sudo systemctl restart nginx

步骤4.使用“让我们加密”的Nginx反向代理。

在计算机上的命令行上运行以下命令以安装Certbot：

wget https://dl.eff.org/certbot-auto
sudo mv certbot-auto /usr/local/bin/certbot-auto
sudo chown root /usr/local/bin/certbot-auto
sudo chmod 0755 /usr/local/bin/certbot-auto

然后，运行以下命令以获取证书，并让Certbot自动编辑Nginx配置：

sudo /usr/local/bin/certbot-auto --nginx

结果如下：

Creating virtual environment...
Installing Python packages...
Installation succeeded.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): your@email.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: your-domain.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for your-domain-a.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/reverse-proxy.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/reverse-proxy.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://your-domain.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=your-domain.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/your-domain.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/your-domain.com/privkey.pem
   Your cert will expire on 2020-08-03. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again with the "certonly" option. To non-interactively renew *all*
   of your certificates, run "certbot-auto renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

恭喜你！您已成功设置反向代理。感谢您使用本教程在Linux系统上设置Nginx反向代理。有关其他帮助或有用信息，我们建议您检查Nginx官方网站。