【笔记】openwrt - nginx编译、配置反向代理(https下netdata不显示)
文章目录
- # 完整交叉编译
- # 完整交叉编译ssl
- # SDK编译
- # 配置反向代理
- # 群晖内置nginx配置
# 完整交叉编译
参考:https://servertesa.wordpress.com/2011/05/22/how-to-compile-and-configure-nginx-on-openwrt/
前提:编译了一次openwrt的环境
(编译教程:【速记】openwrt - 编译、刷固件https://lawsssscat.blog.csdn.net/article/details/103744761)
Note, nginx is not on openwrt base package. So you must download additional package (feeds).
./scripts/feeds update -a
./scripts/feeds install -a
make menuconfig
On ‘make menuconfig’ select Network->nginx
Compiling nginx is very easy, thanks to openwrt developers!
make menuconfig
choose Network->Nginx
make ./package/feeds/packages/nginx/compile
The nginx package will be placed at bin/[board_arch]/packages/nginx_0.7.67-3_ar71xx.ipk . In tplink tl wr1043nd : bin/ar71xx/packages/nginx_0.7.67-3_ar71xx.ipk
Configure Nginx
create nginx root directory
mkdir /www-nginx/default -p
Edit /etc/nginx/nginx.conf:
- change the user from nobody to root
- change nginx root directory to /www-nginx/default
this is the diff file
--- nginx.conf.ori Mon Mar 14 12:21:24 2011
+++ nginx.conf Tue Apr 6 08:53:37 2010
@@ -1,5 +1,5 @@-#user nobody;
+user root;worker_processes 1;#error_log logs/error.log;
@@ -41,7 +41,7 @@#access_log logs/host.access.log main;location / {
- root html;
+ root /www-nginx/default;index index.html index.htm;}
Testing the configuration
create simple html file on /www-nginx/default/index.html.
Stop openwrt default web server and start nginx
/etc/init.d/uhttpd stop
/etc/init.d/nginx star
# 完整交叉编译ssl
# OpenWrt/LEDE source
git clone https://github.com/openwrt/openwrt.git
cd openwrt
git checkout v18.06.0# Make/Build OpenWRT
make menuconfig # Target System (Marvell Armada 37x/38x/XP) | Target Profile (Linksys WRT1900ACv2 (Cobra))
make V=s# Make/Build nginx with SSL
./scripts/feeds update
./scripts/feeds install nginx
make menuconfig # Network > Web Servers/Proxies > nginx (M) > nginx > Configuration > Enable SSL Module (Y)
make -j5# Copy up new package to router
scp bin/packages/arm_cortex-a9_vfpv3/packages/nginx_1.12.2-1_arm_cortex-a9_vfpv3.ipk root@router:
# SDK编译
参考:https://www.freesion.com/article/2474294226/
# 配置反向代理
问题:
https模式下,实时监控(netdata)在openwrt的luci中不显示
原因:
netdata的服务(http://192.168.1.1:19999)在http下,在https界面下无法访问
需求:
http://192.168.1.1:8880/netdata ⇒
https://192.168.1.1:8443/netdata ⇒
http://192.168.1.1:19999
效果:
配置:
/etc/config/nginx
config main globaloption uci_enable 'true'config server '_lan'list listen '8443 ssl default_server'list listen '[::]:8443 ssl default_server'option server_name '_lan'list include 'restrict_locally'list include 'conf.d/*.locations'option uci_manage_ssl 'self-signed'option ssl_certificate '/etc/sslcert/nginx_lan.crt'option ssl_certificate_key '/etc/sslcert/nginx_lan.key'option ssl_session_cache 'shared:SSL:32k'option ssl_session_timeout '64m'################### access_log path format# option access_log 'off; # logd openwrt'option access_log '/var/log/nginx/access_log.log openwrt'################### error_log path level# level: debug | info | notice | warn | error | crit | alert | emergoption error_log '/var/log/nginx/error_log.log info'##################config server '_redirect2ssl'list listen '8880'list listen '[::]:8880'option server_name '_redirect2ssl'option return '302 https://$host:8443$request_uri'# write /etc/nginx/conf.d/reverse_proxy.locations
# config server '_ssl2netdata'
# list listen '19998 ssl'
# option server_name '_ssl2netdata_server_name'
# list proxy_set_header 'Host $host'
# list proxy_set_header 'X-Real-IP $remote_addr'
# list proxy_set_header 'X-Forwarded-For $proxy_add_x_forwarded_for'
# list proxy_set_header 'X-Forwarded-Proto $scheme'
# option proxy_pass 'http://localhost:19999'
/etc/nginx/uci.conf.template
# Consider using UCI or creating files in /etc/nginx/conf.d/ for configuration.
# Parsing UCI configuration is skipped if uci set nginx.global.uci_enable=false
# For details see: https://openwrt.org/docs/guide-user/services/webserver/nginxworker_processes auto;user root;events {}http {access_log off; # logd openwrtlog_format openwrt'$request_method $scheme://$host$request_uri => $status'' (${body_bytes_sent}B in ${request_time}s) <- $http_referer';## write /etc/config/nginx## access_log /proc/self/fd/1 openwrt;# access_log logd openwrt; # logd openwrt## 证书## ssl_certificate '/etc/sslcert/nginx_lan.crt';# ssl_certificate_key '/etc/sslcert/nginx_lan.key';include mime.types;default_type application/octet-stream;sendfile on;client_max_body_size 128M;large_client_header_buffers 2 1k;gzip on;gzip_vary on;gzip_proxied any;root /www;#UCI_HTTP_CONFIGinclude conf.d/*.conf;
}
/etc/nginx/conf.d/reverse_proxy.locations
location /netdata/ {proxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Proto $scheme;proxy_pass http://127.0.0.1:19999/;# return 302 https://$host:8443$request_uri;}
修改页面
root@openwrt_d2550:/# find / -name netdata
/etc/init.d/netdata
/etc/netdata
/lib/upgrade/keep.d/netdata
/overlay/upper/etc/netdata
/overlay/upper/usr/lib/lua/luci/view/netdata
/overlay/upper/usr/share/netdata
/rom/etc/init.d/netdata
/rom/etc/netdata
/rom/lib/upgrade/keep.d/netdata
/rom/usr/lib/lua/luci/view/netdata
/rom/usr/lib/netdata
/rom/usr/sbin/netdata
/rom/usr/share/netdata
/tmp/cache/netdata
/tmp/lib/netdata
/tmp/log/netdata
/usr/lib/lua/luci/view/netdata
/usr/lib/netdata
/usr/sbin/netdata
/usr/share/netdata
root@openwrt_d2550:/# vim /usr/lib/lua/luci/view/netdata/netdata.htm
root@openwrt_d2550:/# cat /usr/lib/lua/luci/view/netdata/netdata.htm
<%+header%>
<div class="cbi-map"><h2 name="content"><%=translate("NetData")%></h2><iframe id="netdata" style="width: 100%; min-height: 1200px; border: none; border-radius: 3px;"></iframe>
</div>
<script type="text/javascript">// document.getElementById("netdata").src = "http://" + window.location.hostname + ":19999";document.getElementById("netdata").src = "https://" + window.location.hostname + ":8443/netdata";
</script>
<%+footer%>
root@openwrt_d2550:/#
添加备份
https://192.168.1.1:8443/cgi-bin/luci/admin/system/flashops/backupfiles
## This file contains files and directories that should
## be preserved during an upgrade.## this file is '/etc/sysupgrade.conf'
## what config of ipk will be backuped is indicated in '/lib/upgrade/keep.d/'# /etc/example.conf
# /etc/openvpn//usr/lib/lua/luci/view/netdata/
查看备份信息是否添加成功
https://192.168.1.1:8443/cgi-bin/luci/admin/system/flashops/backupfiles?display=list
...
/usr/lib/lua/luci/view/netdata/netdata.htm
/usr/lib/lua/luci/view/netdata/netdata.htm.bak
...
备份。。。
# 群晖内置nginx配置
root@nas50:~# nginx -V
nginx version: nginx/1.16.1
TLS SNI support enabled
root@nas50:~# cat /etc/nginx/nginx.conf
# Copyright (c) 2000-2017 Synology Inc. All rights reserved.worker_processes auto;
#worker_cpu_affinity auto;
worker_rlimit_nofile 65535;include conf.d/main.conf;events {use epoll;multi_accept on;accept_mutex off;worker_connections 1024;include conf.d/events.conf;
}http {include mime.types;default_type application/octet-stream;log_format main '$remote_addr - $remote_user [$time_local] "$request" ''$status $body_bytes_sent "$http_referer" ''"$http_user_agent" "$http_x_forwarded_for"';access_log off;#access_log syslog:server=unix:/dev/log,facility=local7,tag=nginx_access,nohostname main;error_log syslog:server=unix:/dev/log,facility=local7,tag=nginx_error,nohostname error;tcp_nopush on;tcp_nodelay on;sendfile on;server_tokens off;proxy_request_buffering off;fastcgi_request_buffering off;scgi_request_buffering off;proxy_buffering off;fastcgi_buffering off;scgi_buffering off;resolver_timeout 5s;client_header_timeout 10s;client_body_timeout 60s;send_timeout 60s;keepalive_timeout 65s 20s;client_max_body_size 0;server_names_hash_max_size 8192;server_names_hash_bucket_size 128;ssl_certificate /usr/syno/etc/certificate/system/default/fullchain.pem;ssl_certificate_key /usr/syno/etc/certificate/system/default/privkey.pem;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;ssl_dhparam /usr/syno/etc/ssl/dh2048.pem;ssl_prefer_server_ciphers on;ssl_session_tickets off;ssl_session_cache shared:SSL:1m;ssl_session_timeout 3600s;real_ip_header X-Forwarded-For;real_ip_recursive on;set_real_ip_from 127.0.0.1;include /var/tmp/nginx/trusted_proxy/*.conf;map $http_upgrade $connection_upgrade {default upgrade;'' close;}server_tag "nginx";gzip_disable "msie6";gzip_min_length 1000;gzip_types text/plain text/css application/javascript application/json;gzip_vary on;gzip_static on;open_file_cache max=1000 inactive=60s;open_file_cache_valid 3s;open_file_cache_min_uses 2;open_file_cache_errors on;upstream synoscgi {server unix:/run/synoscgi.sock;}index index.html index.htm index.php;server {listen 5000 default_server;listen [::]:5000 default_server;server_name _;gzip on;include app.d/alias.*.conf;root /usr/syno/synoman;index index.cgi;ignore_invalid_headers off;include app.d/dsm.*.conf;include /usr/syno/share/nginx/conf.d/dsm.*.conf;include conf.d/dsm.*.conf;location = / {try_files $uri /index.cgi$is_args$query_string;}location ~ ^/volume(?:X|USB|SATA|Gluster)?\d+/ {internal;root /;open_file_cache off;include app.d/x-accel.*.conf;include conf.d/x-accel.*.conf;}location ~ /webman/modules/(PersonalSettings|ExternalDevices|FileBrowser)/index_ds.php$ {alias /usr/syno/share/OAuth/index_ds.php;default_type text/html;}location ~ \.cgi {include scgi_params;scgi_pass synoscgi;scgi_read_timeout 3600s;}error_page 403 404 500 502 503 504 @error_page;location @error_page {root /usr/syno/share/nginx;rewrite (.*) /error.html break;allow all;}location ~ ^/webman/modules/Indexer/ {deny all;}location ~ ^/webapi/lib/ {deny all;}location ~ ^/webapi/(:?(:?.*)\.lib|(:?.*)\.api|(:?.*)\.auth|lib.def)$ {deny all;}location ~ /\. { access_log off; log_not_found off; deny all; }location ~* \.(?:js|css|png|jpg|gif|ico)$ {access_log off;log_not_found off;}location = /favicon.ico {access_log off;log_not_found off;}location = /robots.txt {allow all;access_log off;log_not_found off;}}server {listen 5001 default_server ssl;listen [::]:5001 default_server ssl;server_name _;include app.d/alias.*.conf;root /usr/syno/synoman;index index.cgi;ignore_invalid_headers off;include app.d/dsm.*.conf;include /usr/syno/share/nginx/conf.d/dsm.*.conf;include conf.d/dsm.*.conf;location = / {try_files $uri /index.cgi$is_args$query_string;}location ~ ^/volume(?:X|USB|SATA|Gluster)?\d+/ {internal;root /;open_file_cache off;include app.d/x-accel.*.conf;include conf.d/x-accel.*.conf;}location ~ /webman/modules/(PersonalSettings|ExternalDevices|FileBrowser)/index_ds.php$ {alias /usr/syno/share/OAuth/index_ds.php;default_type text/html;}location ~ \.cgi {include scgi_params;scgi_pass synoscgi;scgi_read_timeout 3600s;}error_page 403 404 500 502 503 504 @error_page;location @error_page {root /usr/syno/share/nginx;rewrite (.*) /error.html break;allow all;}location ~ ^/webman/modules/Indexer/ {deny all;}location ~ ^/webapi/lib/ {deny all;}location ~ ^/webapi/(:?(:?.*)\.lib|(:?.*)\.api|(:?.*)\.auth|lib.def)$ {deny all;}location ~ /\. { access_log off; log_not_found off; deny all; }location ~* \.(?:js|css|png|jpg|gif|ico)$ {access_log off;log_not_found off;}location = /favicon.ico {access_log off;log_not_found off;}location = /robots.txt {allow all;access_log off;log_not_found off;}}server {listen 80 default_server;listen [::]:80 default_server;gzip on;server_name _;location ~ ^/volume(?:X|USB|SATA|Gluster)?\d+/ {internal;root /;open_file_cache off;include app.d/x-accel.*.conf;include conf.d/x-accel.*.conf;}include app.d/www.*.conf;include app.d/alias.*.conf;include /usr/syno/share/nginx/conf.d/www.*.conf;include conf.d/www.*.conf;location = /webdefault/images/logo.jpg {alias /usr/syno/share/nginx/logo.jpg;}error_page 403 404 500 502 503 504 @error_page;location @error_page {root /usr/syno/share/nginx;rewrite (.*) /error.html break;allow all;}location ^~ /.well-known/acme-challenge {root /var/lib/letsencrypt;default_type text/plain;}include app.d/.location.webstation.conf*;location / {rewrite ^ / redirect;}location ~ ^/$ {rewrite / http://$host:5000/ redirect;}}server {listen 443 default_server ssl;listen [::]:443 default_server ssl;server_name _;location ~ ^/volume(?:X|USB|SATA|Gluster)?\d+/ {internal;root /;open_file_cache off;include app.d/x-accel.*.conf;include conf.d/x-accel.*.conf;}include app.d/www.*.conf;include app.d/alias.*.conf;include /usr/syno/share/nginx/conf.d/www.*.conf;include conf.d/www.*.conf;location = /webdefault/images/logo.jpg {alias /usr/syno/share/nginx/logo.jpg;}error_page 403 404 500 502 503 504 @error_page;location @error_page {root /usr/syno/share/nginx;rewrite (.*) /error.html break;allow all;}location ^~ /.well-known/acme-challenge {root /var/lib/letsencrypt;default_type text/plain;}include app.d/.location.webstation.conf*;location / {rewrite ^ / redirect;}location ~ ^/$ {rewrite / https://$host:5001/ redirect;}}include conf.d/http.*.conf;include app.d/server.*.conf;include sites-enabled/*;
}
【笔记】openwrt - nginx编译、配置反向代理(https下netdata不显示)相关推荐
- 【Asp.net Core】在 Linux 子系统中安装 nginx 并配置反向代理
上一篇鸟文中,老周已经介绍过在 Ubuntu 子系统中安装 dotnet-sdk 的方法,本文老周给大伙伴们说说安装 nginx 服务,并配置反向代理.同样,老周假设你从来没有用过 Linux,所以老 ...
- Nginx http和反向代理配置实例介绍
Nginx 是一个高性能的 HTTP 和反向代理服务器,本节以实际实例介绍如何实现Nginx 反向代理. 1. 安装Nginx 安装Nginx之前,首先安装相关模块的依赖库: 这里安装Pcre和O ...
- Nginx总结(反向代理、负载均衡、动静分离)篇
一.Nginx简介 什么是Nginx Nginx ("engine x")是一个高性能的HTTP和反向代理服务器,特点是占有内存少,并发能力强,事实上ngimx,的并发能力确实在同 ...
- nginx笔记 安装nginx 配置 反向代理 多虚拟主机
1,检测linux上是否 通过yum安装了nginx rpm -qi nginx 2.安装nginx之前的依赖包 yum install gcc patch libffi-devel pytho ...
- nginx https透明代理_Nginx反向代理https,配置lets-encrypt证书教程
前言 本站也终于迁移到https了,由于全Docker部署,迁移过程中真是艰难无比(wordpress那块被折腾的想放弃了),也欢迎访问本人博客,(知乎的排版有些乱) Nginx反向代理https,配 ...
- nginx 反向代理https配置
配置nginx 反向代理https server {listen 443 ;#ssl http2 default_server;server_name xxxx.com;# access_log lo ...
- Centos7编译安装nginx并设置反向代理
一.编译部署Nginx 1.12 安装配置: [root@localhost ~]# groupadd nginx [root@localhost ~]# useradd -s /sbin/nolog ...
- Nginx安装及配置反向代理
本片博客记录在ubuntu16下安装nginx,以及如何实现负载均衡 安装nginx 如果是新机器,安装相关依赖环境 sudo apt install build-essential sudo apt ...
- 编译安装nginx并实现反向代理负载均衡和缓存功能
一.编译安装nginx 1.下载 [root@ns1 ~]# wget http://nginx.org/download/nginx-1.10.0.tar.gz 2.解压 [root@ns1 ~]# ...
最新文章
- output_buffering详细介绍
- 从DDD DSL DCI 说起
- 我对“POST和GET的区别”的理解
- OpenCV C++ 05 - Change Contrast
- @font-face详细用法+实例——Web响应式前端学习笔记
- 盘点数据治理的6个价值
- postgreSQL源码分析——索引的建立与使用——各种索引类型的管理和操作(1)
- 基于JAVA+SpringMVC+Mybatis+MYSQL的高校运动会管理系统
- python 如何看到图标_如何设置CEF窗口图标(在python中)
- 漏洞payload 靶机_hackme:2 靶机攻略
- LINUX安装7Zip
- CQU python题库
- 自己动手编程实现“电子地图下载器
- php 更换外网ip,WordPress站点更换公网IP后不能正常访问的解决过程
- 手机logging什么意思_手机logging怎么关闭
- 关于Navicat Premium连接Oracle数据库闪退(失败)的解决办法(带ocl.dll)
- APP安装与卸载测试点
- Android Settings模块
- 工程中脉冲函数 c语言,怎样用C语言画出二阶系统单位脉冲响应函数的动态曲线...
- FFmpeg功能命令集合(超详细)
热门文章
- angular五大服务顺序_双11五折特惠!49.9元抢贵安欢乐世界夜场活动票,五大惊魂大咖点、网红项目女巫塔罗牌占卜,游荡鬼巡游,鬼妆派对~...
- webpack的一些常用打包配置
- Qt软件打包后报错“无法定位程序输入点于动态链接库.exe上。”解决办法(超详细,看完不会怪我)
- 我说我不会算法,阿里把我挂了。
- linux 网卡驱动升级,安装或更新CentOS平台的网卡驱动程序
- Cannot download sources的问题复现及解决
- jni学习实例(二)-a7105模块驱动之jni
- 南宁站之行| FileStorm生态建设离不开“你们”的支持
- 四川企立方电商:拼多多店包爆款打造
- tcping扫描所有端口_ping TCP端口的实用小工具tcping