【AWS】建立Nginx服务器的备忘录在EC2上
事前准备
-
- EC2インスタンスの起動
-
- ドメイン名を取得済み
-
- Elastic IPの関連付け済み
- Route53とパブリックIPアドレスの設定済み
设置步骤
-
- 连接到EC2的SSH
-
- ssh -i “mykeypair.pem” ec2-user@ec2-********.ap-northeast-1.compute.amazonaws.com
安装Nginx和Emacs
sudo yum -y update
sudo yum install emacs
sudo amazon-linux-extras install nginx1
y
nginx -v
启动Nginx
sudo systemctl start nginx
sudo systemctl status nginx
sudo systemctl enable nginx
sudo systemctl is-enabled nginx
确认服务器已启动
在浏览器中访问http://公共IP
安装OpenSSL和mod_ssl
sudo yum install openssl
sudo yum install mod_ssl
运行脚本以生成自签名的虚拟证书和密钥供测试使用
cd /etc/pki/tls/certs
sudo ./make-dummy-cert localhost.crt
生成新的私钥
cd /etc/pki/tls/private/
sudo openssl genrsa -out custom.key
sudo chown root:root custom.key
sudo chmod 600 custom.key
ls -al custom.key
创建证书签名请求(CSR)
sudo openssl req -new -key custom.key -out csr.pem
将CSR发送到证书授权机构(CA)。本示例中,我们使用免费的身份验证机构IdenTrust的Let’s Encrypt作为CA。
sudo amazon-linux-extras install epel
sudo yum install certbot
sudo systemctl stop nginx
sudo certbot certonly –standalone -d example.com
设置定期执行以在证书过期前3个月自动更新
$ sudo certbot renew –pre-hook “systemctl stop nginx” –post-hook “systemctl start nginx”
$ crontab -e
PATH=/sbin:/bin:/usr/sbin:/usr/bin
* * 1 * * sudo certbot renew –pre-hook “systemctl stop nginx” –post-hook “systemctl start nginx”
//检查下次更新的时间
$ sudo certbot renew
//删除证书
$ sudo certbot revoke –cert-path /etc/letsencrypt/live/example.com/cert.pem
如果成功,将在/etc/letsencrypt/live下创建指向最新版本证书的符号链接。请将其复制到/etc/pki/tls/certs目录中备份。
sudo ls /etc/letsencrypt/live/example.com/
sudo cp -LR /etc/letsencrypt/live/example.com /etc/pki/tls/certs/
sudo cp /etc/pki/tls/certs/example.com/* /etc/pki/tls/certs/
编辑或添加/etc/nginx/nginx.conf的以下内容
sudo emacs /etc/nginx/nginx.conf
# Settings for a TLS enabled server.
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
root /usr/share/nginx/html;
ssl_certificate “/etc/pki/tls/certs/cert.pem”;
ssl_certificate_key “/etc/pki/tls/certs/privkey.pem”;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
#ssl_ciphers PROFILE=SYSTEM;
#ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
try_files $uri /index.html;
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
启动Nginx服务器
sudo systemctl start nginx
sudo systemctl status nginx
修改html/js文件
修改以下文件夹中的文件
/usr/share/nginx/html/
如何搭建快速的 API
-
- 安装库:
-
- pip3 安装 fastapi uvicorn
-
- pip3 安装 pydantic
在 /etc/nginx/nginx.conf 文件中添加以下内容:
location / {
proxy_pass http://localhost:8000/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
创建名为 /user/share/nginx/html/myapp 的文件夹,并创建以下文件:
main.py
from fastapi import FastAPI
app = FastAPI()
@app.get(“/api”)
def read_root():
return {“Hello”: “World”}
@app.get(“/items/{item_id}”)
def read_item(item_id: int, q: str = None):
return {“item_id”: item_id, “q”: q}
在 myapp 文件夹中运行以下命令:
uvicorn main:app –host localhost –port 8000
使Next.js能够启用对特定页面URL的跳转。
在next.config.js中添加以下内容
trailingSlash: true,
总结
这次我们介绍了如何在EC2上使用SSL/TLS认证配置Nginx服务器。
