Nginx配置

SSL支持

  1. SSL支持(同时支持HTTP、HTTPS)

     server {
         listen      80;
         listen      443 ssl;
         server_name xxx.xxx.com;
         root        /www/xxx;
    
         location / {
             index  index.php index.html index.htm;
         }
    
         location ~* \.php {
             include                 fastcgi_params;
             fastcgi_index           index.php;
             fastcgi_pass            127.0.0.1:9000;
             fastcgi_split_path_info ^(.+\.php)(.*)$;
             fastcgi_param           PATH_INFO $fastcgi_path_info;
             fastcgi_param           SCRIPT_NAME $fastcgi_script_name;
             fastcgi_param           SCRIPT_FILENAME $document_root$fastcgi_script_name;
         }
    
         ssl_session_timeout         5m;
         ssl_prefer_server_ciphers   on;
         ssl_certificate             /fullchain.pem;
         ssl_certificate_key         /privkey.pem;
         ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;
         ssl_ciphers                 ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
     }
    

日志定制

  1. 日志定制
     # 关键在于自定义日志格式名要一致
     log_format [自定义日志格式名] '[格式]';
     error_log [日志路径] [自定义日志格式名];
     access_log [日志路径] [自定义日志格式名];
     # 举例如下
     log_format my_style '[$time_local] $remote_addr $status $request';
     access_log logs/access.log my_style;
    

资源缓存

  1. 资源缓存

     location / {
         #expires max; #缓存10年
         #expires 1d;  #缓存1天
         #expires 1h;  #缓存1小时
         #expires -1;  #永远过期
     }
    
  2. 单页应用缓存

     server {
         listen          80;
         server_name     m.xxx.com;
         root            /www/view/dist;
    
         location / {
             try_files   $uri $uri/ /index.html;
             add_header  Cache-Control "private,no-store,no-cache,must-revalidate,proxy-revalidate";
         }
    
         location ~ .*\.(js|css|jpg|png|gif|ico|ttf|woff|woff2|svg)$ {
             expires max;
         }
     }
    

防止盗链

  1. 防止盗链

     # 域名白名单
     location / {
         valid_referers none blocked *.xxx.com;
         if ($invalid_referer) {
             return 444;
         }
     }
    
     # 域名白名单+搜索引擎域名正则
     location / {
         valid_referers none blocked *.xxx.com server_names ~\.google\. ~\.baidu\.;
         if ($invalid_referer) {
             return 444;
         }
     }
    

多个判断

  1. 多个判断
     set $flag "0";
     if ($uri = '/') {
         set $flag "${flag}1";
     }
     if ($http_user_agent ~* ^(.*Baiduspider.*)|(.*Googlebot.*)|(.*bingbot.*)|(.*spider.*)$) {
         set $flag "${flag}1";
     }
     if ($flag = '011') {
         root     /www/seo/;
     }
    

URL重写

  1. URL重写

     server {
         listen  80;
         listen  443 ssl;
         server_name *.xxx.com xxx.com;
    
         rewrite ^(.*)  https://$host$1 permanent;
    
         ssl_session_timeout         5m;
         ssl_prefer_server_ciphers   on;
         ssl_certificate             /fullchain.pem;
         ssl_certificate_key         /privkey.pem;
         ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;
         ssl_ciphers                 ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
     }
    

反向代理

  1. 反向代理

     # 反向代理
     # http://127.0.0.1:8080
     # 到http://www.xxx.com
     server {
         listen              80;
         server_name         www.xxx.com;
         location / {
             proxy_pass          http://127.0.0.1:8080;
         }
     }
    
     # 反向代理
     # http://127.0.0.1:8080
     # http://127.0.0.1:8888
     # 到http://www.xxx.com
     server {
         listen              80;
         server_name         www.xxx.com;
         location /route1 {
             proxy_pass          http://127.0.0.1:8080;
         }
         location /route2 {
             proxy_pass          http://127.0.0.1:8888;
         }
     }
    
  2. 反向代理实践-php

     server {
         listen      80;
         listen      443 ssl;
         server_name www.xxx.com;
         root        /www/book_note/dist;
    
         location / {
             index   index.php index.html index.htm;
         }
    
         location ~* \.php {
             include                 fastcgi_params;
             fastcgi_index           index.php;
             fastcgi_pass            127.0.0.1:9000;
             fastcgi_split_path_info ^(.+\.php)(.*)$;
             fastcgi_param           PATH_INFO       $fastcgi_path_info;
             fastcgi_param           SCRIPT_NAME     $fastcgi_script_name;
             fastcgi_param           SCRIPT_FILENAME $document_root$fastcgi_script_name;
         }
     }
    
  3. 反向代理应用-symfony3.x

     server {
         listen      80;
         listen      443 ssl;
         server_name test.com;
         server_name www.test.com;
         root        /www/book_read/web;
    
         location / {
             try_files $uri /app.php$is_args$args;
         }
    
         location ~ ^/(app_dev|config)\.php(/|$) {
             fastcgi_pass            127.0.0.1:9000;
             fastcgi_split_path_info ^(.+\.php)(/.*)$;
             include                 fastcgi_params;
             fastcgi_param           SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
             fastcgi_param           DOCUMENT_ROOT $realpath_root;
         }
    
         location ~ ^/app\.php(/|$) {
             fastcgi_pass            127.0.0.1:9000;
             fastcgi_split_path_info ^(.+\.php)(/.*)$;
             include                 fastcgi_params;
             fastcgi_param           SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
             fastcgi_param           DOCUMENT_ROOT $realpath_root;
             internal;
         }
    
         location ~ \.php$ {
             return 404;
         }
     }
    

负载均衡

  1. IP列表

     192.168.0.1  (负载均衡服务器)
     192.168.0.2  (WEB 服务器1)
     192.168.0.3  (WEB 服务器2)
    
  2. 相关配置

     #均询式负载均衡
     upstream load_blc {
         server 192.168.0.2:80;
         server 192.168.0.3:80;
     }
    
     #权重式负载均衡
     #upstream load_blc {
     #    server 192.168.0.2:80 weight=10;
     #    server 192.168.0.3:80 weight=10;
     #}
    
     #ip_hash负载均衡(session稳定)
     #upstream load_blc {
     #    ip_hash;
     #    server 192.168.0.2:80;
     #    server 192.168.0.3:80;
     #}
    
     #fair负载均衡(第三方)(响应最快服务器优先分配给用户)
     #upstream load_blc {
     #    server 192.168.0.2:80;
     #    server 192.168.0.3:80;
     #    fair;
     #}
    
     #url_hash负载均衡(第三方)(后端服务器为缓存时效果较好)
     #upstream load_blc {
     #    server 192.168.0.2:80;
     #    server 192.168.0.3:80;
     #    hash $request_uri;
     #    hash_method crc32;
     #}
    
     #upstream中server格式:
     #server ip:port [down|weight=?|max_fails|fail_timeout|backup];
     #down:         表示单前的server暂时不参与负载
     #weight:       默认为1.weight越大,负载的权重就越大。
     #max_fails:    允许请求失败的次数默认为1.当超过最大次数时,返回proxy_next_upstream模块定义的错误
     #fail_timeout: max_fails次失败后,暂停的时间。
     #backup:       其它所有的非backup机器down或者忙的时候,请求backup机器。所以这台机器压力会最轻。
    
     server {
         listen       80;
         server_name  www.xxx.com;
         location / {
             proxy_pass     http://load_blc;
             proxy_redirect off;
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         }
     }
    
  3. 注意事项

     nginx支持同时设置多组的负载均衡,用来给不同的负载均衡server来使用。
     client_body_in_file_only: 设置为On 可以讲client post过来的数据记录到文件中用来做debug
     client_body_temp_path:    设置记录文件的目录 可以设置最多3层目录
     location:                 对URL进行匹配.可以进行重定向或者进行新的代理 负载均衡
    
@耿志环 2012-∞ 冀ICP备17033181号, powered by Gitbook修订: 2019-07-16 09:47:42

results matching ""

    No results matching ""