前言
本文记载一些nginx常见问题
1. connect() fail
转发的服务挂了,确保主服务正常运行。可以使用 lsof -i:端口号 确定被转接的服务的状态
2. nginx 50X 的错误日志去哪看,配置的默认路径去哪配
日志在/var/log/nginx/
配置路径在 /etc/nginx/conf.d
, 配置文件以.ini
结尾。
3. nginx 怎么对服务热更新,热重启
使用负载均衡,对业务服务开启最少两个。
upstream srv_name {
server localhost:8112 weight=3;
server localhost:10112 weight=1;
}
热更新时,只要分别对两个均衡的服务更新,即可。这里有两个nginx的特点:
- 均衡的某个服务挂了,nginx自动屏蔽该服务,使用其他均衡的服务节点。
- 已经挂起的服务重新跑起,nginx会自动接受新的服务,并按照权重回到正常均衡场景。
4. nginx修改配置后平滑重载热更
nginx -t
nginx -s reload
5. nginx如何配置证书ssl
如下图第六,七行。通过云服务商申请https证书,或者获取免费的证书,所有的证书都支持tomcat和nginx,nginx的证书格式一般是*.crt
和*.key
。将证书放置在对应的位置,重置nginx即可。重置命令见#4
server {
listen 443 ssl;
server_name xyx.zonst.com;
root /usr/share/nginx/html;
ssl_certificate "/etc/nginx/certs/xyx.crt";
ssl_certificate_key "/etc/nginx/certs/xyx.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# request header
proxy_set_header Host $http_host;
proxy_set_header Cookie $http_cookie;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location / {
}
location /api/ {
proxy_pass http://xyx_srv_http;
}
}
6. nginx如何配置tcp
stream {
upstream backend {
server 10.0.0.5:2000;
}
server {
listen 2000;
proxy_connect_timeout 8s;
proxy_timeout 24h;
proxy_pass backend;
}
}
7. nginx如何配置websocket
location /{
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
8 400 Bad Request: The plain HTTP request was sent to HTTPS port
尝试将80的http转发到443时,发生了这个错误,解决方法是
在80的proxy_pass里,将http改成https
跨域
以下4个可以解决跨域
proxy_set_header Host $http_host;
proxy_set_header Cookie $http_cookie;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
9. nginx如何查看实时/归档异常接口
> tail -n 200 -f xyx.zzect.log.access | awk '{print $9 $7}' | grep '^[4-5][0-9][0-9]'
403/api/xxx/
403/api/xxx/
403/api/user-mail-box/external/read-status-by-type/
403/api/xxx/