还是依照简单的方式来吧。
命令依次如下

sudo rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
sudo yum install -y nginx
sudo service nginx start
# 如果需要nginx开机自动启动
sudo systemctl enable nginx.service

网上有很多下载安装包自行安装的,也不是不行。不过这里说几个省时的优点。
1、yum安装会自动安装logrotate
简单来说,就是日志分割服务,可以根据日期自动分割并进行gz访问日志。
而nginx的默认访问日志是位于/var/log/nginx目录的。所以我们只需要把其他子站的访问日志设定于该目录下,即可利用该配置,再也不用担心日志文件爆炸式大小了。
1593767907813.jpg
2、直接通过服务启动
就是上一篇提到的ssl证书自动更新后,强制重启需要
service nginx force-reload
此命令非服务启动是没有的

当然咯以上操作在linux上都是完全可以手动替代的,但是yum安装自动帮你做了,不是更简单吗?

个人常用的一些配置约定。适用于单应用配置。
根目录的nginx.conf
 配置一些公共属性即可。
conf.d目录
 该目录下放各站点的配置。
ssl目录
 一般会按域名命名ssl证书的名称。

放上自己的简单配置
主nginx.conf配置

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

worker_rlimit_nofile 65535;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $host $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    server_tokens       off;
    keepalive_timeout   65;
    types_hash_max_size 2048;
    client_max_body_size 10m;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    gzip on;
    gzip_min_length 1k;
    gzip_buffers 4 32k;
    gzip_http_version 1.1;
    gzip_comp_level 2;
    gzip_types text/plain application/x-javascript application/javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png application/vnd.ms-fontobject font/ttf application/json font/opentype font/x-woff image/svg+xml;
    gzip_vary on;
    gzip_disable "MSIE [1-6]\.";
    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    proxy_headers_hash_max_size 51200;
    proxy_headers_hash_bucket_size 6400;
    include conf.d/*.conf;
}

ssl/ssl.conf 加密方法可以自行更换

ssl_protocols       TLSV1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-ECDSA-AES128-SHA ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA384 ECDHE-ECDSA-AES256-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA ECDHE-ECDSA-DES-CBC3-SHA ECDHE-RSA-DES-CBC3-SHA EDH-RSA-DES-CBC3-SHA AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES256-SHA256 AES128-SHA AES256-SHA DES-CBC3-SHA !DSS";

#openssl dhparam -out dhparams.pem 2048
#https://weakdh.org/sysadmin.html
ssl_dhparam         ssl/dhparams.pem;

ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;

ssl_session_tickets on;
#openssl rand 48 > session_ticket.key
ssl_session_ticket_key ssl/session_ticket.key;

#ssl_stapling on;
#ssl_stapling_verify on; 

#ssl_stapling_file ssl/ocsp/stapling.ocsp;
#现在的证书一般会包含证书链,所以就不需要再单独配CA证书链了
#ssl_trusted_certificate ssl/qzmer.me.trustchain.cer
#resolver 8.8.8.8 8.8.4.4 223.5.5.5 valid=300s;
#resolver_timeout 5s;

conf.d/qzmer.me.conf 子站根据情况决定是否强制301吧

server {
    listen 80; 
    server_name  www.qzmer.me;
    return 301 https://$host$request_uri;
}

server {
        #listen       80;
        listen       443 ssl;
        server_name  www.qzmer.me;

        #证书文件
        ssl_certificate     ssl/qzmer.me.cer;
        #私钥文件
        ssl_certificate_key ssl/qzmer.me.key;

	include ssl/ssl.conf;
        
	access_log  /var/log/nginx/qzmer.me.log main;
        
	ssi on;
        ssi_silent_errors off;
        ssi_types text/shtml text/css application/javascript;

        charset utf-8;
      
       location / {
           root /opt/www/h5-test;
           try_files $uri $uri/ /index.html;
           index home.html;
           if ($request_uri ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|rar|swf|html|eot|woff|ttf|svg)$) {
              expires 30d;
           }
       }

       location /api {
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $host;
            proxy_connect_timeout   30s;
            proxy_send_timeout      30s;
            proxy_read_timeout      60s;
            proxy_pass http://localhost:8266/api;
        }
       
       error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
 }