I have been struggling recently, mainly about Nginx, a high-performance HTTP and reverse proxy web server. Since about 2018, Dream Chenfeng has been using the LNMP one button package of the military brother. Recently, it has tried to install Nginx and reverse proxy through apt. Therefore, this article focuses on two aspects. One is to install the latest Nginx through apt, and the other is the reverse proxy for websites.

I Debian installs the latest Nginx through Apt

On the Debian terminal, Nginx installed through Apt has always been an old version, such as 1.10, while the latest version has even reached 1.21.

So, first, simply try installing the latest Nginx. Why not compile and install the latest? Save as much as you can. The terminal executes the following commands as root:

1. Load Installation Source

 echo deb  http://nginx.org/packages/debian/   buster nginx | tee /etc/apt/sources.list.d/nginx.list Note: Mainline version source is deb http://nginx.org/packages/mainline/debian/   buster nginx

2. Ensure there is a gunpg and import the key

 apt install gnupg2 wget  http://nginx.org/keys/nginx_signing.key  && sudo apt-key add nginx_signing.key

3. Install Nginx

 apt update && apt install nginx -y

Done. Pass this time nginx -v You can view the version number directly.

be careful: The configuration directory of Nginx installed in this step is slightly different from that of nginx provided in the system. You can use the following simple commands to correct it:

 mkdir /etc/nginx/{sites-available, sites-enabled} mv /etc/nginx/conf.d/* /etc/nginx/sites-available rm -rf /etc/nginx/conf.d/ perl -pi -e 's/conf.d/sites-enabled/g' /etc/nginx/nginx.conf

Then, by whereis nginx Find your Nginx and configure the file.

2、 Reverse proxy and Nginx cache

Take the Nginx configuration of Fantasy Chenfeng as an example:

Configuration description: port 80 access is forced to port 443, SSL access is enabled, HTTP/2 is enabled, Nginx cache is enabled, and reverse proxy is sent to domestic nodes.

 server { #Listen to port 80 listen 80; listen [::]:80; #Set binding domain name server_name www.mhcf.net mhcf.net; #301 Jump to force SSL access return 301 https://$server_name$request_uri; } #Enable cache function proxy_cache_path /var/web/cache  keys_zone=learncache:5m max_size=2g inactive=60s use_temp_path=off; server { #Listen to port 443 listen       443 ssl http2; listen        [::]:443 ssl http2; #Set binding domain name server_name mhcf.net www.mhcf.net; #Set the first page file index index.html; #Set Encoding charset utf-8; #Set Root Directory #root  /var/web/mhcf.net; #Ssl configuration ssl_protocols TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_ecdh_curve secp384r1; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; ssl_session_tickets off; #Ssl certificate address ssl_certificate /var/web/server-web/ssl/mhcf.pem; ssl_certificate_key /var/web/server-web/ssl/mhcf.key; #Enable cache proxy_cache learncache; #Set cache expiration time for 200 and 304 status requests proxy_cache_valid 200 304 24h; #Proxy mode settings are reversed to domestic servers location / { #Ensure that the domestic server obtains the user IP correctly proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_ssl_server_name on; #This is the reverse address Proxy_pass https://[Dream Chenfeng's domestic server address]; #If there is an empty field in the request header, it will not be transmitted through the proxy server proxy_set_header Accept-Encoding ''; #Modify the string in the response content of the website Sub_filter "[Dream Chenfeng's domestic server address]" "www.mhcf.net"; #Find and replace only once, set to off sub_filter_once off; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { Proxy_pass https://[Dream Chenfeng's domestic server address]; #Validity period expires      30d; } location ~ .*\.(js|css)?$ { Proxy_pass https://[Dream Chenfeng's domestic server address]; #expires      12h; #Longer validity expires      30d; } location ~ /.well-known { allow all; } location ~ /\. { deny all; } #Access log access_log /var/web/log/mhcf.net.log; }

The above is the latest record of Nginx toss, for reference only.