# 在Ubuntu上安装nginx
在一般的云服务器上面安装nginx,以下为阿里云文档
# 步骤 1. 更新 Ubuntu
始终建议在安装任何新软件之前将 Ubuntu 服务器更新到最新版本。您可以通过在终端中运行以下命令来完成此操作:
sudo apt-get update
sudo apt-get upgrade
# 步骤 2. 移除其他现有 Web 服务器
如果您的 Ubuntu 服务器上安装了其他 Web 服务器(例如 Apache),请在安装 Nginx 之前卸载它们。这将避免任何冲突或端口绑定问题。
sudo apt-get remove apache2
或者,如果您想与 Apache 一起运行 Nginx,您可以选择使用 Nginx 作为 Apache 的反向代理。此配置允许 Nginx 处理传入请求并将其转发给 Apache 进行处理。此设置可以提供两个 Web 服务器的优点。
# 步骤 3.安装Nginx
Nginx 在 Ubuntu 存储库中可用。因此,您不需要添加任何其他第三方存储库。相反,在终端上执行以下命令来安装 Nginx。
sudo apt install nginx
# 步骤 4. 启动 Nginx:
安装后,Nginx 应该会自动启动。但是,如果安装后未启动该服务,您可以运行以下命令来启动该服务。
sudo systemctl start nginx
# 步骤 5.检查Nginx状态:
您可以使用以下命令检查 Nginx 的状态:
sudo systemctl status nginx
提示:如果启动 Nginx 服务时出现错误,很有可能是 80 端口已被使用。Nginx 默认使用端口 80 进行 HTTP 流量。如果另一个服务已经使用了80端口,Nginx将无法启动。要检查80端口是否被使用,可以运行以下命令:
sudo lsof -i :80
如果另一个服务使用端口 80,您可以停止该服务或将 Nginx 配置为使用其他端口。
# 步骤 6. 配置防火墙
如果您已在系统上启用 UFW 防火墙,请确保对其进行适当配置,以允许 Nginx 使用的端口上的传入流量。Nginx 使用的默认端口是 HTTP 的 80 和 HTTPS 的 443。您可以运行以下命令来允许 Nginx 的流量。
sudo ufw allow 'Nginx HTTP'
sudo ufw allow 'Nginx HTTPS'
配置允许其他的端口
sudo ufw allow 8081/tcp 允许防火墙
# 步骤 7. 测试 Nginx
找个浏览器输入服务器的公网ip,看到nginx的欢迎页面即表示成功了。
# 常用命令
# nginx语法检查
sudo nginx -t
# nginx 重启
sudo systemctl restart nginx
# 防火墙开启端口
- 在【服务器列表】中找到目标轻量应用服务器,并点击进入
- 在左侧栏找到【安全】>>【防火墙】,找到右上角的【添加规则】
# 上传SSL证书
比如你的域名是xxx.cn, 你下载的SSL证书一般是xxx.cn.csr,xxx.cn.key,xxx.cn_bundle.crt,xxx.cn_bundle.pem这四个文件
直接上传到/etc/nginx目录下即可
一个可参考的默认ngxin配置如下
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
#填写绑定证书的域名
server_name xdyuan.cn;
#把http的域名请求转成https
return 301 https://xdyuan.cn;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
# root /var/www/html;
# root /data/blogvuepress/dist;
# Add index.php to the list if you are using PHP
# index index.html index.htm index.nginx-debian.html;
# server_name _;
# location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
# try_files $uri $uri/ =404;
# }
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
server {
#SSL 访问端口号为 443
listen 443 ssl;
#填写绑定证书的域名
server_name xdyuan.cn;
#证书文件名称
ssl_certificate xdyuan.cn_bundle.crt;
#私钥文件名称
ssl_certificate_key xdyuan.cn.key;
ssl_session_timeout 5m;
#请按照以下协议配置
ssl_protocols TLSv1.2 TLSv1.3;
#请按照以下套件配置,配置加密套件,写法遵循 openssl 标准。
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
# location / {
# #网站主页路径。此路径仅供参考,具体请您按照实际目录操作。
# #例如,您的网站运行目录在/etc/www下,则填写/etc/www。
# root html;
# index index.html index.htm;
# }
root /data/blogvuepress/dist;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
}