思路

  • Image Server:Nginx部署一台图片服务器,启用10080端口。
  • Nginx server:前置Nginx做反向代理。

Image Server

  • 图片文件夹: /usr/local/images
  • 图片文件夹权限: nginx:nginx

1.安装

# 配置文件夹权限
chown -R nginx:nginx /usr/local/images

# 安装epel-release
yum install -y epel-release

# 安装Nginx
yum install -y nginx

# 开启启动Nginx
systemctl enable nginx

# 安装semanage
yum provides semanage
yum -y install policycoreutils-python

# Selinux允许10080端口使用http
semanage port -a -t http_port_t  -p tcp 10080

# Selinux允许http
setsebool -P httpd_can_network_connect 1

# 防火墙放行10080端口
firewall-cmd --add-port=10080/tcp --permanent
firewall-cmd --reload

2.配置Nginx

# 注释默认端口
vi /etc/nginx/nginx.conf

#        listen       10080 default_server;
#        listen       [::]:80 default_server;

# 配置文件
vi /etc/nginx/conf.d/images.conf

server {
    listen 10080;
    location / {
        root /usr/local/;
        autoindex on;
    }
}

# 启动Nginx
systemctl start nginx

Nginx Server

1.配置SSl

参考链接:https://spex.top/archives/acme-ssl-https.html

2.配置Nginx

# 配置文件
vi /etc/nginx/conf.d/nginximage.conf

upstream image-server {
    server image-server:10080;
}
server {
    listen 443;
    server_name domain.com;
    ssl on;
    ssl_certificate /etc/nginx/ssl/miniprogram/fullchain.cer;
    ssl_certificate_key /etc/nginx/ssl/miniprogram/miniprogram.zywchina.com.key;
    ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:20m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers   on;
    location /images/ {
        proxy_pass http://image-server;
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
        }
}

# Nginx刷新配置文件
nginx -s reload

# 防火墙放行
firewall-cmd --add-service=https --permanent
firewall-cmd --reload

Last modification:May 7th, 2019 at 03:03 pm