Nginx
この章では、Nginxをインストールし、リバースプロキシを構築します。
よくあるパターンとして以下の例を勉強していきます!
- SSL証明書設定
- Webアプリへのリバースプロキシ
- 複数サーバへのServerNameでの振り分け
- 同種別サーバへの負荷分散設定
- TCPロードバランサー
- PHP-FPM連携
準備
rootに昇格
1 |
sudo su - |
便利ツールインストール
1 |
yum -y install vim bash-completion net-tools bind-utils |
SELinux停止
1 |
vi /etc/selinux/config |
1 |
SELINUX=disabled |
反映
1 |
reboot |
Nginxインストール
EPELリポジトリ登録
1 |
yum -y install epel-release |
Nginxインストール
1 |
yum --enablerepo=epel -y install nginx |
起動
1 2 |
systemctl start nginx systemctl enable nginx |
ファイアウォール
1 2 |
firewall-cmd --add-service=http --permanent firewall-cmd --reload |
動作確認
http://192.168.11.231/ へアクセス
証明書
自己証明書作成
1 2 |
openssl genrsa 2048 > server.key && openssl req -new -key server.key -subj "/C=JP/ST=Tokyo" -out server.csr && openssl x509 -days 3650 -req -signkey server.key -in server.csr -out server.crt mv server.* /etc/nginx/ |
HTTPSをListenする設定
-
/etc/nginx/nginx.conf
1234567891011121314151617181920212223242526server {listen 443 ssl http2 default_server;server_name _;root /usr/share/nginx/html;ssl_certificate "/etc/nginx/server.crt";ssl_certificate_key "/etc/nginx/server.key";ssl_session_cache shared:SSL:1m;ssl_session_timeout 10m;ssl_ciphers HIGH:!aNULL:!MD5;ssl_prefer_server_ciphers on;# Load configuration files for the default server block.include /etc/nginx/default.d/*.conf;location / {}error_page 404 /404.html;location = /404.html {}error_page 500 502 503 504 /50x.html;location = /50x.html {}}
コンフィグテスト
1 |
nginx -t |
起動
1 |
systemctl restart nginx |
ファイアウォール
1 2 |
firewall-cmd --add-service=https --permanent firewall-cmd --reload |
動作確認
https://192.168.11.231/ へアクセス
Webアプリへのリバースプロキシ(NextCloud)
インストール
1 2 3 4 |
yum -y install docker docker ps systemctl enable docker systemctl start docker |
nextcloud
1 |
docker run --name nextcloud -d -p 8080:80 nextcloud |
nextcloudコンテナの動作確認
1 |
curl -i http://localhost:8080 |
proxy_passを設定
- /etc/nginx/nginx.conf
全体
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 |
#server { # listen 80 default_server; # listen [::]:80 default_server; # server_name _; # root /usr/share/nginx/html; # # Load configuration files for the default server block. # include /etc/nginx/default.d/*.conf; # location / { # } # error_page 404 /404.html; # location = /404.html { # } # error_page 500 502 503 504 /50x.html; # location = /50x.html { # } #} server { listen 443 ssl http2 default_server; server_name nextcloud.vamemic.com; ssl_certificate "/etc/nginx/server.crt"; ssl_certificate_key "/etc/nginx/server.key"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; keepalive_timeout 300; # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; location / { proxy_pass http://127.0.0.1:8080/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port $server_port; } error_page 404 /404.html; location = /404.html { } } server { # httpをhttpsにリダイレクト listen 80; server_name _; return 301 https://$host$request_uri; } |
hostsに追記(ローカル)
1 |
192.168.11.221 nextcloud.vamdemic.com |
複数サーバへのServerNameでの振り分け
Mattermost(チャットアプリ)を起動
1 |
docker run --name mattermost-preview -d --publish 8065:8065 mattermost/mattermost-preview |
nginx.confの修正
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 |
# NextCloud 443 server { listen 443 ssl http2; server_name nextcloud.vamdemic.com; ssl_certificate "/etc/nginx/server.crt"; ssl_certificate_key "/etc/nginx/server.key"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; keepalive_timeout 300; location / { proxy_pass http://127.0.0.1:8080/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port $server_port; } } # mattermost443 server { listen 443 ssl http2; server_name mattermost.vamdemic.com; ssl_certificate "/etc/nginx/server.crt"; ssl_certificate_key "/etc/nginx/server.key"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; keepalive_timeout 300; location / { proxy_pass http://127.0.0.1:8065; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port $server_port; } } |
設定反映
1 |
systemctl restart nginx |
hostsに追記(ローカル)
1 |
127.0.0.1 mattermost.vamdemic.com |
ロードバランサー(負荷分散)
nginxを2台起動
1台目
1 2 3 |
mkdir nginx-1 echo 1 > nginx-1/index.html docker run --name nginx-1 -v /root/nginx-1/:/usr/share/nginx/html:ro -d -p 8081:80 nginx |
2台目
1 2 3 |
mkdir nginx-2 echo 2 > nginx-2/index.html docker run --name nginx-2 -v /root/nginx-2/:/usr/share/nginx/html:ro -d -p 8082:80 nginx |
nginx.confへ追記
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
# 負荷分散 upstream loadbalancer { server localhost:8081; server localhost:8082; } # nginx-lb server { listen 443 ssl http2; server_name nginx-lb.vamdemic.com; ssl_certificate "/etc/nginx/server.crt"; ssl_certificate_key "/etc/nginx/server.key"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; keepalive_timeout 300; location / { proxy_pass http://loadbalancer; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port $server_port; } } |
hostsに追記(ローカル)
1 |
127.0.0.1 nginx-lb.vamdemic.com |
動作確認
- ブラウザでアクセス or
curl https://nginx-lb.vamdemic.com/ --insecure -H "User-Agent: hoge"
TCPロードバランサー
Postgresqlを動作させる
1 |
docker run --name postgres -p 15432:5432 -e POSTGRES_PASSWORD=password -d postgres |
Nginx設定
1 2 3 4 5 6 7 8 9 10 11 12 |
stream { error_log /var/log/nginx/stream.log info; upstream postgres { server localhost:15432; } server { listen 5432; proxy_pass postgres; } } |
firewall
1 2 |
firewall-cmd --add-service=postgresql --permanent firewall-cmd --reload |
動作確認

php-fpm連携
php7.4用リポジトリ登録
1 |
rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm |
phpインストール(php7.4)
- php-fpmも一緒にインストール
1yum --enablerepo=remi-php74 -y install php php-devel php-mbstring php-gd php-pdo php-pgsql php-mysqlnd php-mcrypt php-xml php-bcmath php-tokenizer php-zip php-pecl-xdebug php-fpm
設定変更
- デフォルト設定がApache向けのようなので変更
- 高速化のためWebソケットで動作させる
1234567891011121314151617[root@localhost ~]# diff /etc/php-fpm.d/www.conf /etc/php-fpm.d/www.conf_bk12,13c12< ;listen = 127.0.0.1:9000< listen = /var/run/php-fpm/php-fpm.sock---> listen = 127.0.0.1:900035,36d33< listen.owner = nginx< listen.group = nginx42c39< user = nginx---> user = apache44c41< group = nginx---> group = apache
phpinfo作成
1 |
echo "<?php phpinfo(); ?>" > /var/www/html/index.php |
php-fpm再起動
1 |
systemctl restart php-fpm |
nginx設定変更
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
server { listen 443 ssl http2; server_name php.vamdemic.com; root /var/www/html; location / { index index.php index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } location ~ \.php$ { fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } } |
nginx再起動
1 |
systemctl restart nginx |
hostsに追記(ローカル)
1 |
127.0.0.1 php.vamdemic.com |
動作確認
https://php.vamdemic.com/
へアクセス
付録
動作している仮想マシンのovaファイルです。うまくいかない場合、こちらをインポートしていただき設定値をご確認いただければと思います!
https://vamdemic.sharepoint.com/:f:/s/vamdemicsystem/Ev8PMm4hm51Arfximf9punkBKIoGya9blqdZMmC2KbWc-w?e=yblewM
pass: nginx