I Debian installs the latest Nginx through Apt
1. Load Installation Source
echo deb http://nginx.org/packages/debian/ buster nginx | tee /etc/apt/sources.list.d/nginx.list Note: Mainline version source is deb http://nginx.org/packages/mainline/debian/ buster nginx
2. Ensure there is a gunpg and import the key
apt install gnupg2 wget http://nginx.org/keys/nginx_signing.key && sudo apt-key add nginx_signing.key
3. Install Nginx
apt update && apt install nginx -y
mkdir /etc/nginx/{sites-available, sites-enabled} mv /etc/nginx/conf.d/* /etc/nginx/sites-available rm -rf /etc/nginx/conf.d/ perl -pi -e 's/conf.d/sites-enabled/g' /etc/nginx/nginx.conf
2、 Reverse proxy and Nginx cache
server { #Listen to port 80 listen 80; listen [::]:80; #Set binding domain name server_name www.mhcf.net mhcf.net; #301 Jump to force SSL access return 301 https://$server_name$request_uri; } #Enable cache function proxy_cache_path /var/web/cache keys_zone=learncache:5m max_size=2g inactive=60s use_temp_path=off; server { #Listen to port 443 listen 443 ssl http2; listen [::]:443 ssl http2; #Set binding domain name server_name mhcf.net www.mhcf.net; #Set the first page file index index.html; #Set Encoding charset utf-8; #Set Root Directory #root /var/web/mhcf.net; #Ssl configuration ssl_protocols TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_ecdh_curve secp384r1; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; ssl_session_tickets off; #Ssl certificate address ssl_certificate /var/web/server-web/ssl/mhcf.pem; ssl_certificate_key /var/web/server-web/ssl/mhcf.key; #Enable cache proxy_cache learncache; #Set cache expiration time for 200 and 304 status requests proxy_cache_valid 200 304 24h; #Proxy mode settings are reversed to domestic servers location / { #Ensure that the domestic server obtains the user IP correctly proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_ssl_server_name on; #This is the reverse address Proxy_pass https://[Dream Chenfeng's domestic server address]; #If there is an empty field in the request header, it will not be transmitted through the proxy server proxy_set_header Accept-Encoding ''; #Modify the string in the response content of the website Sub_filter "[Dream Chenfeng's domestic server address]" "www.mhcf.net"; #Find and replace only once, set to off sub_filter_once off; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { Proxy_pass https://[Dream Chenfeng's domestic server address]; #Validity period expires 30d; } location ~ .*\.(js|css)?$ { Proxy_pass https://[Dream Chenfeng's domestic server address]; #expires 12h; #Longer validity expires 30d; } location ~ /.well-known { allow all; } location ~ /\. { deny all; } #Access log access_log /var/web/log/mhcf.net.log; }