2. 需求清单

Linux: 服务器：centos 7.x 系统

MySql: 5.7 版本，暂时在服务器内搭建

Nginx

nvm

NodeJs: 12.16.0

3. 服务器环境配置

3.1 安装配置 MySql

3.1.1 安装

按照下面的命令依次输入

echo "================================= 添加MySql的yum reposity ================================"
wget http://dev.mysql.com/get/mysql57-community-release-el7-7.noarch.rpm
yum localinstall mysql57-community-release-el7-7.noarch.rpm

echo "================================= 查看yum reposity是否安装成功 ================================"
yum repolist enabled | grep "mysql.-community."

echo "================================= 安装mysql ================================"
yum install mysql-community-server

echo "================================= 安装的mysql版本 ================================"
mysql --version

当输入 mysql —version 有相应版本信息时，MySql 安装成功

3.1.2 初始化

# myqsl 初始化
mysqld --initialize 

# 给相应文件夹读写权限
chown mysql:mysql -R /var/lib/mysql

# 开启服务
systemctl start mysqld

如果启动报错，可删除锁定文件：

rm -fr /var/lib/mysql/* 
rm /var/lock/subsys/mysqld

服务器开启成功后，需要先找出 root 账号初始密码 cat /var/log/mysqld.log | grep password

然后登入数据库：mysql -u root -p

输入正确密码，成功进入后，先修改 root 密码 alter user root@localhost identified by '你的密码';

更新权限：FLUSH PRIVILEGES;

以上，就完成数据库安装和初始配置

3.1.3 添加数据库且配置账号权限

# 进入某个库
use mysql;

# 添加用户
CREATE USER '账号名'@'localhost' IDENTIFIED BY '密码';

# 创建数据库
CREATE DATABASE XXX

# 给用户添加该数据库的操作权限
# 根据你的需要，选择权限
GRANT CREATE ROUTINE, CREATE VIEW, ALTER, SHOW VIEW, CREATE, ALTER ROUTINE, EVENT, INSERT, SELECT, DELETE, TRIGGER, GRANT OPTION, REFERENCES, UPDATE, DROP, EXECUTE, LOCK TABLES, CREATE TEMPORARY TABLES, INDEX ON `数据库名`.* TO '账号名'@'localhost';

3.2 安装 nvm 和 NodeJs

nvm 是用于管理 NodeJs 版本的工具，所以我们先安装 nvm

因为下载的链接是在 github 的，所以如果出现 443 错误的时候，可以修改 hosts 文件，添加下面的配置

199.232.68.133 raw.githubusercontent.com

# 下载安装 nvm
curl https://raw.githubusercontent.com/creationix/nvm/v0.30.2/install.sh | bash

# 安装 NodeJs 版本
nvm install v12.16.0

# 设置默认版本
nvm alias default v12.16.0

# 选择版本
nvm use v12.16.0

3.3 安装和配置 Nginx

3.3.1 安装 Nginx

# 安装
yum install nginx

# 开启服务
service nginx start

# 安装完后，配置文件在 /etc/nginx

3.3.2 配置 Nginx

Nginx 需要配置几处地方：nginx.conf、代理、SSL

3.3.2.1 配置 nginx.conf

这是现在的配置文件

{
  user nginx;
  worker_processes auto;
  error_log /var/log/nginx/error.log;
  pid /run/nginx.pid;

  # Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
  include /usr/share/nginx/modules/*.conf;

  events {
      worker_connections 4096;
  }

  http {
     log_format  main escape=json  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

     access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   300;
    keepalive_requests  10000;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;
    underscores_in_headers on;
    include /etc/nginx/conf.d/*.conf;
  }
}

events.worker_connections 和 http.keepalive_requests 要根据当前服务器的配置进行设置

3.3.2.2 配置 SSL

在 /etc/nginx 下新建 cer 文件夹，然后添加 SSL 需要的文件

在 /etc/nginx/conf.d/ 添加 ssl.config 文件

ssl_certificate /etc/nginx/cer/deerma.cer;
ssl_certificate_key /etc/nginx/cer/deerma.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:5m;
ssl_session_timeout 10m;
ssl_session_tickets off;
ssl_trusted_certificate /etc/nginx/cer/ca.cer;
ssl_dhparam /etc/nginx/cer/dh.pem;
server_tokens off;
fastcgi_hide_header X-Powered-By;

3.3.2.3 配置代理

在 /etc/nginx/conf.d/ 添加 proxy.config 文件

location /dddd {
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_pass https://com;
}

3.3.2.4 添加转发配置

在 /etc/nginx/conf.d/ 添加 *.conf` 文件

server {
	listen 443 ssl;
	server_name  xxx.com;
  include conf.d/ssl.config;

	#charset koi8-r;

	#access_log  logs/host.access.log  main;

  location / {
    proxy_set_header host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto  $scheme;
    proxy_http_version 1.1;
    proxy_pass http://localhost:4010;
	}

	location /admin {
		alias  /apps/svr/x-x-x-ui/dist;
		index  index.html index.htm;
		try_files $uri $uri/ /index.html last;
		add_header Cache-Control "no-cache, no-store";
                proxy_http_version 1.1;

		gzip on;
		gzip_min_length 1k;
		gzip_buffers 4 16k;
		gzip_http_version 1.0;
		gzip_comp_level 2;
		gzip_types application/javascript text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
		gzip_vary off;
		gzip_disable "MSIE [1-6]\.";
	}
	error_page   500 502 503 504  /50x.html;
	location = /50x.html {
		root   html;
	}
	
	include conf.d/proxy.config;
}

现在的配置，访问根路径时，是转发到后端服务，访问 /admin 才是转发到管理后台页面