nginx

/ 工具和中间件 / 2 条评论 / 1271浏览

nginx

nginx

反向代理(通过域名区分不同项目)
动静分离
配置https证书

nginx命令

检测配置文件:[root@localhost sbin]# ./nginx -t

启动:[root@localhost sbin]# ./nginx

关闭nginx:[root@localhost sbin]# ./nginx -s stop    

刷新配置文件:[root@localhost sbin]# ./nginx -s reload

配置文件

http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;
	
    server {
        listen  80;
        server_name  blog.imwj.club;
		
        listen 443 ssl;
        ssl_certificate      C://ssl//证书.pem;
        ssl_certificate_key  C://ssl//证书.key; 
		
        location /{
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header REMOTE-HOST $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             client_max_body_size  100M;
             proxy_pass http://127.0.0.1:8081;
        }
        location /upload{
             alias C:/myblog/upload;
        }
    }
	
    server {
        listen  80;
        server_name  tmall.imwj.club;
		
        location /{
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header REMOTE-HOST $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             client_max_body_size  100M;
             proxy_pass http://127.0.0.1:8888;
        }
        location ~\.(css|js|png|ttf|woff|woff2|eot|svg|map|jpg|gif)$ {
             root C:/tmall/webapp;
        }	
    }
}

负载均衡

http {
    include       mime.types;
    default_type  application/octet-stream;
	
    access_log  logs/access.log  main;

    sendfile        on;

    keepalive_timeout  65;
	
	upstream upstream_name{
        server 127.0.0.1:8081;
        server 127.0.0.1:8882 weight=2;
    }
	
    server {
        listen  80;
		server_name  blog.imwj.club;
		
		listen 443 ssl;
		ssl_certificate      C://ssl//3200634_blog.imwj.club.pem;
		ssl_certificate_key  C://ssl//3200634_blog.imwj.club.key; 
		
		location /{
			proxy_set_header Host $host;
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header REMOTE-HOST $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			client_max_body_size  100M;
			proxy_pass http://upstream_name;
        }
		location /upload{
			alias C:/myblog/upload;
        }
    }
}

前后端分离&小程序


user  root;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    client_max_body_size 1000M;

    #gzip  on;
	
	# ---------------------prod环境-------------------------
	server {
		# 非 SSL 监听端口 80 和 SSL 监听端口 443
		listen 80;
		listen 443 ssl;

		# 请填写绑定证书的域名
		server_name xxx.com;
		
		# 请填写证书文件的相对路径或绝对路径
		ssl_certificate ../ssl/xxx_bundle.crt; 
		# 请填写私钥文件的相对路径或绝对路径
		ssl_certificate_key ../ssl/xxx.key; 
		ssl_session_timeout 5m;
		# 请按照以下套件配置,配置加密套件,写法遵循 openssl 标准。
		ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; 
		ssl_prefer_server_ciphers on;

		location / {
			proxy_pass http://127.0.0.1:8269;
			proxy_set_header Host $host;
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header REMOTE-HOST $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			# 可选:如果你的后端服务器需要知道原始协议是 HTTP 还是 HTTPS,可以添加以下行
			# proxy_set_header X-Forwarded-Proto $scheme;
			proxy_set_header X-Forwarded-Proto https;
		}

		error_page   500 502 503 504  /50x.html;
		location = /50x.html {
			root   html;
		}    
	}
	
	server {
        listen       8269;
        server_name  localhost;
		charset utf-8;

		# 前端部署路径
		location / {
			root  /data/idh_filing_prod/front-8269/dist;
			try_files $uri $uri/ /index.html;
            index  index.html index.htm;
        }
		
		# 后端接口地址
		location /prod-api/ {
			proxy_set_header Host $http_host;
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header REMOTE-HOST $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			proxy_pass http://127.0.0.1:8266/idh/;
		}

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
	
	# ---------------------小程序-------------------------
	server { 
		listen 80; 
		server_name xxx.com;
		return 301 https://$server_name$request_uri;
	}

	server {
		#SSL 默认访问端口号为 443
		listen 443 ssl; 
		#请填写绑定证书的域名
		server_name xxx.com;
		#请填写证书文件的相对路径或绝对路径
		ssl_certificate ../ssl/xxx_bundle.crt; 
		#请填写私钥文件的相对路径或绝对路径
		ssl_certificate_key ../ssl/xxx.key; 
		ssl_session_timeout 5m;
		#请按照以下协议配置
		#ssl_protocols TLSv1.2 TLSv1.3; 
		#请按照以下套件配置,配置加密套件,写法遵循 openssl 标准。
		ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; 
		ssl_prefer_server_ciphers on;

		location / {
			proxy_pass http://127.0.0.1:8080;
			proxy_set_header Host $host;
			proxy_set_header X-Real-IP $remote_addr;
			proxy_set_header REMOTE-HOST $remote_addr;
			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
			# 可选:如果你的后端服务器需要知道原始协议是 HTTP 还是 HTTPS,可以添加以下行
			#proxy_set_header X-Forwarded-Proto $scheme;
			proxy_set_header X-Forwarded-Proto https;
		}
        
		location /s7nNOc0Uf6.txt {
			root /data/nginx/html;
		}

		error_page   500 502 503 504  /50x.html;
		location = /50x.html {
			root   html;
		}    
    }
}

本站文章除注明转载/出处外,均为本站原创或翻译,转载前请务必署名,转载请标明出处
最后编辑时间为: 2024/04/22 09:46