Nginx配置

多条判断

  1. 多个条件判断
     set $flag "0";
     if ($uri = '/') {
         set $flag "${flag}1";
     }
     if ($http_user_agent ~* ^(.*Baiduspider.*)|(.*Googlebot.*)|(.*bingbot.*)|(.*spider.*)$) {
         set $flag "${flag}1";
     }
     if ($flag = '011') {
         root     /www/seo/;
     }
    

反向代理

  1. 反向代理一个

     # 反向代理http://127.0.0.1:8080到http://www.xxx.com
     server {
         listen              80;
         server_name         www.xxx.com;
         location / {
             proxy_pass          http://127.0.0.1:8080;
         }
     }
    
  2. 反向代理多个

     # 反向代理
     # http://127.0.0.1:8080
     # http://127.0.0.1:8888
     # 到http://www.xxx.com
     server {
         listen              80;
         server_name         www.xxx.com;
         location /test1 {
             proxy_pass          http://127.0.0.1:8080;
         }
         location /test2 {
             proxy_pass          http://127.0.0.1:8888;
         }
     }
    

Nigix负载均衡

  1. 3台及以上Nignx server服务器

     192.168.0.1  (负载均衡服务器)
     192.168.0.2  (WEB 服务器1)
     192.168.0.3  (WEB 服务器2)
    
  2. 负载均衡服务器配置

     gzip on;
    
     #均询式负载均衡
     upstream load_blc {
         server 192.168.0.2:80;
         server 192.168.0.3:80;
     }
    
     #权重式负载均衡
     #upstream load_blc {
     #    server 192.168.0.2:80 weight=10;
     #    server 192.168.0.3:80 weight=10;
     #}
    
     #ip_hash负载均衡(session稳定)
     #upstream load_blc {
     #    ip_hash;
     #    server 192.168.0.2:80;
     #    server 192.168.0.3:80;
     #}
    
     #fair负载均衡(第三方)(响应最快服务器优先分配给用户)
     #upstream load_blc {
     #    server 192.168.0.2:80;
     #    server 192.168.0.3:80;
     #    fair;
     #}
    
     #url_hash负载均衡(第三方)(后端服务器为缓存时效果较好)
     #upstream load_blc {
     #    server 192.168.0.2:80;
     #    server 192.168.0.3:80;
     #    hash $request_uri;
     #    hash_method crc32;
     #}
    
     #upstream中server格式:
     #server ip:port [down|weight=?|max_fails|fail_timeout|backup];
     #down:         表示单前的server暂时不参与负载
     #weight:       默认为1.weight越大,负载的权重就越大。
     #max_fails:    允许请求失败的次数默认为1.当超过最大次数时,返回proxy_next_upstream模块定义的错误
     #fail_timeout: max_fails次失败后,暂停的时间。
     #backup:       其它所有的非backup机器down或者忙的时候,请求backup机器。所以这台机器压力会最轻。
    
     server {
         listen       80;
         server_name  www.xxx.com;
         location / {
             proxy_pass     http://load_blc;
             proxy_redirect off;
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         }
     }
    
  3. 注意事项

     nginx支持同时设置多组的负载均衡,用来给不同的负载均衡server来使用。
     client_body_in_file_only: 设置为On 可以讲client post过来的数据记录到文件中用来做debug
     client_body_temp_path:    设置记录文件的目录 可以设置最多3层目录
     location:                 对URL进行匹配.可以进行重定向或者进行新的代理 负载均衡
    

HTTPS

  1. 一个server

     server{
         listen       443 ssl http2;
         server_name  www.xxx.com;
         ssl_session_timeout         5m;
         ssl_prefer_server_ciphers   on;
         ssl_certificate             /fullchain.pem;
         ssl_certificate_key         /privkey.pem;
         ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;
         ssl_ciphers                 ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
     }
    
  2. 多个server

     http{
         ssl_session_timeout         5m;
         ssl_prefer_server_ciphers   on;
         ssl_certificate             /fullchain.pem;
         ssl_certificate_key         /privkey.pem;
         ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;
         ssl_ciphers                 ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
         # server_1
         server{
             listen       443 ssl http2;
             server_name  www.xxx.com;
         }
         # server_2
         server{
             listen       443 ssl http2;
             server_name  test.xxx.com;
         }
     }
    
  3. 同时支持HTTP、HTTPS

     server {
         listen      80;
         listen      443 ssl;
         server_name xxx.xxx.com;
         root        /www/xxx;
    
         location / {
             index  index.php index.html index.htm;
         }
    
         location ~* \.php {
             fastcgi_index   index.php;
             fastcgi_pass    127.0.0.1:9001;
    
             fastcgi_split_path_info            ^(.+\.php)(.*)$;
             fastcgi_param   PATH_INFO          $fastcgi_path_info;
    
             include         fastcgi_params;
             fastcgi_param   SCRIPT_FILENAME    $document_root$fastcgi_script_name;
             fastcgi_param   SCRIPT_NAME        $fastcgi_script_name;
         }
     }
    

HTTP自动跳HTTPS

  1. HTTP自动跳HTTPS

     server {
         listen  80;
         server_name *.xxx.com xxx.com;
         rewrite ^(.*)  https://$host$1 permanent;
     }
    
  2. 一级域名、IP自动跳指定二级域名

     # 通常,这里的$host就是xxx.com
     server {
         listen       80;
         server_name  xxx.com 10.10.10.10;
         rewrite      ^(.*) https://www.xxx.com/$1 permanent;
     }
    

$http_referer

  1. 禁$http_referer

     if ($http_referer ~* ^https://www.xxx.com) {
         return 403;
     }
    
  2. 开$http_referer

     if ($http_referer !~* ^https://www.xxx.com) {
         return 403;
     }
    

资源缓存

  1. nginx静态文件缓存客户端
     server {
         listen       80;
         server_name  www.xxx.com;
         location ~ .*\.(js|css|html|jpg|png|gif|ico|svg)$ {
             #缓存10年
             #expires max;
             #缓存1天
             #expires 1d;
             #缓存1小时
             #expires 1h;
             #永远过期
             #expires -1;
             #这里选择3天
             expires 3d;
         }
     }
    

日志格式

  1. nginx配置日志格式
     # 关键在于自定义日志格式名要一致
     log_format [自定义日志格式名] '[格式]';
     error_log [日志路径] [自定义日志格式名];
     access_log [日志路径] [自定义日志格式名];
     # 举例如下
     log_format my_style '[$time_local] $remote_addr $status $request';
     access_log logs/access.log my_style;
    

文档参考

  1. 参考链接
@耿志环 2012-∞ 冀ICP备17033181号, powered by Gitbook修订: 2019-02-25 13:37:34

results matching ""

    No results matching ""