配置域名
在阿里云找到主域名
进入主域名之后,右上角添加解析,添加子域名,
记录类型选择cname,主机记录填写子域名的名称,记录值为主域名,至此阿里云已经配置好了。
检查nginx安装
首先检查服务器是否安装nginx:
find / -name 'nginx.conf' -ls
或者
ps -ef|grep nginx
安装nginx
如果没安装,则先安装
sudo apt-get update
sudo apt-get install nginx
在根目录,进入服务器nginx目录下,
cd /etc/nginx
配置nginx文件
进入备用的填写nginx配置文件的地方,默认sites-enabled是创建文件的地方,sites-available是源文件,sites-enabled是通过sites-available创建的文件软连过去的,这样在sites-available修改文件,sites-enabled下的文件也会自动改变。如果要删除软链接,就到软链接的地方把该文件删除即可。
cd sites-enabled
新建配置文件,如
sudo vim test
如果不存在test文件,则自动创建(这里注意,要sudo模式下进入vim方可编辑之后保存,否则报错没有权限),填写nginx配置信息,然后软链接到nginx配置文件目录
软链接命令要在没有写该文件的想要链接跟源文件一样的位置上输入:
sudo ln -s 源文件路径 目标文件路径
比如我部署一个项目交pc-yishijie,我这里是:
sudo ln -s /etc/nginx/sites-available/pc-yishijie /etc/nginx/sites-enabled/pc-yishijie
如果要删除软链接:
rm -rf 目标文件
进入nginx配置文件目录,
ls -l 可以查看当前配置文件所在的软连接的路径
查看nginx是否配置正确
在任意目录下执行
sudo service nginx configtest
显示ok,则配置正确
然后重启nginx配置
sudo service nginx reload
在指定目录下上传文件内容
打开对应域名即可看到网页已经可以正常显示
nginx服务器ssl https部署
首次使用cerbot:
Nginx on Ubuntu 16.04
Install
On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you’ll need to do is apt-get the following packages. $ sudo apt-get update $ sudo apt-get install software-properties-common $ sudo add-apt-repository ppa:certbot/certbot $ sudo apt-get update $ sudo apt-get install python-certbot-nginx Certbot’s DNS plugins which can be used to automate obtaining a wildcard certificate from Let’s Encrypt’s ACMEv2 server are not available for your OS yet. This should change soon but if you don’t want to wait, you can use these plugins now by running Certbot in Docker instead of using the instructions on this page. Get Started
Certbot has an Nginx plugin, which is supported on many platforms, and certificate installation. $ sudo certbot --nginx Running this command will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. If you’re feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonly subcommand: $ sudo certbot --nginx certonly To learn more about how to use Certbot read our documentation[https://certbot.eff.org/docs/]. Automating renewal
The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let’s Encrypt certificates last for days, it’s highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command: $ sudo certbot renew --dry-run More detailed information and options about renewal can be found in the full documentation[https://certbot.eff.org/docs/].
二次使用cerbot
配置好nginx文件之后,在任意目录下执行命令:
sudo certbot --nginx
输入服务器密码
然后会列出当前nginx服务器配置好了哪些域
选择相应的域名对应的数字编号,
则会自动部署ssl,申请https证书,该证书有效期1个月,一个月之后会自动重新申请证书
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
选择 1
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
然后成功
Congratulations! You have successfully enabled https://xx.xxx.com
进入对应的nginx配置文件,发现配置文件中多了ssl的配置
server { listen ; server_name m.xxx.com; access_log /var/log/nginx/shuzi-wap-access.log; error_log /var/log/nginx/shuzi-wap-error.log; location / { root /data/deploy/tangren-wap/; index index.html index.htm; try_files $uri $uri/ /index.html; } listen ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/m.shuzi.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/m.shuzi.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot }
ubuntu下卸载nginx
sudo apt-get remove nginx nginx-common # 卸载删除除了配置文件以外的所有文件。 sudo apt-get purge nginx nginx-common # 卸载所有东东,包括删除配置文件。 sudo apt-get autoremove # 在上面命令结束后执行,主要是卸载删除Nginx的不再被使用的依赖包。 sudo apt-get remove nginx-full nginx-common #卸载删除两个主要的包。
部署node项目
把node整个项目文件夹放到对应的项目目录下,不包括node_modules的文件,然后进入项目文件夹目录下
npm install
全局安装pm2
npm install pm2 -g
用pm2启动项目,默认在package.json里配置了启动命令:
"scripts": {
"start": "node bin/www",
"dev": "NODE_ENV=development gulp",
"nodemon": "open http://localhost:9990 && ./node_modules/.bin/nodemon bin/www",
"prd": "NODE_ENV=production pm2 start bin/www --watch",
"test": "echo \"Error: no test specified\" && exit 1",
"test_env": "NODE_ENV=test gulp"
},
首先保证ubuntu下安装了nodejs8.0以上版本,(因为是koa2项目),mongdb(使用了mongodb数据库),在服务器开启mongodb服务。
常用命令:
进入项目目录下:
pm2 list 查看进程
pm2 start app.js 启动项目
pm2 reload all --update-env to update 重启
pm2常用命令:https://www.jianshu.com/p/d2a640b8661c
node项目部署到nginx服务器对应域名下,打开域名显示403,那是因为端口号会根据node项目的端口号来定,要给nginx配置的location中加一个转发到对应端口,比如我转发到3000端口:
location / {
proxy_http_version 1.1;
proxy_pass http://127.0.0.1:3000;
}
注意:
如果多个域名重定向到主域名,则需要配置多个ssl证书。
server {
server_name www.zhongwentoutiao.com;
access_log /var/log/nginx/www.zhongwentoutiao-access.log;
error_log /var/log/nginx/www.zhongwentoutiao-error.log;
location / {
root /data/deploy/zhongwentoutiao/;
index index.html index.htm;
try_files $uri $uri/ /index.html;
} # managed by Certbot listen ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.zhongwentoutiao.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.zhongwentoutiao.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server {
if ($host = www.zhongwentoutiao.com) {
return https://$host$request_uri;
} # managed by Certbot server_name www.zhongwentoutiao.com; listen ;
return ; # managed by Certbot
} server {
server_name zhongwentoutiao.com;
return https://www.zhongwentoutiao.com$request_uri; listen ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/zhongwentoutiao.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/zhongwentoutiao.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server {
if ($host = zhongwentoutiao.com) {
return https://$host$request_uri;
} # managed by Certbot listen ;
server_name zhongwentoutiao.com;
return ; # managed by Certbot }