Portfolio

# Nginx 基本

# 環境

  • centos7
  • centos8

# 前提

  • ssl 証明書は開発環境での想定。本番時は適宜正式なものを設定する

# 共通手順

# インストール

※centos7 のみ以下実施

echo "[nginx]" >> /etc/yum.repos.d/nginx.repo
echo "name=nginx repo" >> /etc/yum.repos.d/nginx.repo
echo "baseurl=http://nginx.org/packages/centos/7/\$basearch/" >> /etc/yum.repos.d/nginx.repo
echo "gpgcheck=0" >> /etc/yum.repos.d/nginx.repo
echo "enabled=1" >> /etc/yum.repos.d/nginx.repo

yum install -y nginx

# 設定

ssl 設定

mkdir -p /etc/nginx/ssl
chmod 700 /etc/nginx/ssl
cd /etc/nginx/ssl

オレオレ証明書を作成する
SSL メモ

conf 設定

cp -p /etc/nginx/nginx.conf /etc/nginx/nginx.conf_old
vi /etc/nginx/nginx.conf

(設定内容)

user  nginx;
worker_processes auto;
worker_rlimit_nofile 100000;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
        worker_connections 65535;
        multi_accept on;
        use epoll;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;

    keepalive_timeout  65;

    server_tokens off;
    add_header X-Frame-Options SAMEORIGIN;
    add_header X-XSS-Protection "1; mode=block";
    client_max_body_size 10K;

    fastcgi_read_timeout 120;

    include /etc/nginx/conf.d/*.conf;
}

自動起動設定、再起動

systemctl enable nginx.service
systemctl restart nginx

# 個別設定ファイル作成

vi /etc/nginx/conf.d/mydmain.conf

(fpm 例)

server {
    listen 80;
    server_name localhost;
    return 301 https://$host$request_uri;
}

 server {
        listen 443;
        ssl on;
        ssl_certificate /etc/nginx/ssl/cert.crt;
        ssl_certificate_key /etc/nginx/ssl/cert.key;
        server_name localhost;
        client_max_body_size 128M;
        index index.php ;
        root /var/www/pjdir/public;
        etag off;
        try_files $uri $uri/ /index.php?q=$uri&$args;

        location / {
           root   /var/www/pjdir/public;
           index  index.html index.htm index.php;
           try_files $uri $uri/ /index.php?$args;
        }

        location ~ \.php$ {
                try_files $uri /index.php =404;
                fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
                include fastcgi_params;
        }
    }

(uwsgi 例)

server {
    listen 80;
    server_name localhost;
    return 301 https://$host$request_uri;
}

 server {
        listen 443;
        ssl on;
        ssl_certificate /etc/nginx/ssl/cert.crt;
        ssl_certificate_key /etc/nginx/ssl/cert.key;
        server_name localhost;
        client_max_body_size 128M;
        index index.php ;
        root /var/www;
        etag off;

        location /public {
            alias /var/www/pjdir/public;
        }
        location / {
            include /var/www/pjdir/uwsgi_params;
            uwsgi_pass unix:///var/uwsgi/sock/uwsgi.sock;
        }
    }

作成後、アプリケーションを設置し再起動する

最終更新日: 11/6/2021, 4:42:17 PM