nginx域名反向代理配置(https/负载均衡)：nginx.conf

简介

1. nginx域名反向代理，整合http和https，同时实现iphash的负载均衡配置；
2. 本篇博客展示nginx的配置文件nginx.conf的详细配置；

实践

#user  nobody;
worker_processes  1; #lscpu修改成内核数

events {
    worker_connections  1024;  #修改成：65535
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    fastcgi_cache_path /usr/local/nginx/fastcgi_cache levels=1:2 keys_zone=licache:10m inactive=5m;
    fastcgi_cache_key "$request_method://$host$request_uri";
    fastcgi_connect_timeout 300;
    fastcgi_send_timeout 300;
    fastcgi_read_timeout 300;
    fastcgi_buffer_size 64k;
    fastcgi_buffers 8 64k;
    fastcgi_busy_buffers_size 128k;
    fastcgi_temp_file_write_size 128k;
    fastcgi_cache licache;
    fastcgi_cache_valid 200 302 1h;
    fastcgi_cache_valid 301 1d;
    fastcgi_cache_valid any 1m;
    fastcgi_cache_min_uses 1;
    fastcgi_cache_use_stale error timeout invalid_header http_500;

    open_file_cache max=65535 inactive=20s;
    open_file_cache_min_uses 1;
    open_file_cache_valid 30s;

    sendfile        on;
    keepalive_timeout 120;
     upstream tomcat1{ #配置代理映射ip以及端口
             server 192.168.2.22:8080;
            }

     upstream tomcat2{
            ip_hash; #配置iphash，多台服务器负载，不需要则去掉
            server 192.168.2.22:8081;
            server 192.168.2.23:8081;
            }

#1. nginx默认接入端口为80；
#2. 多少个域名配置则配置使用多少个server；
#3. nginx接入https端口默认是443；

#配置nginx域名默认访问页面
server{
     listen  80;
     server_name   www.admin.com; #申请的域名

     location  / {
             root  webapp; #表示sbin同级目录webapp，也可设置根目录
             index index.html; #默认访问的html
     }

}

#配置http反向代理域名1
server {
	listen       80;
    server_name  www.admin.com; #申请的域名

    location / {
		proxy_pass   http://tomcat1; #区分域名映射的tomcat
		index  index.html index.htm;
	}

	error_page   500 502 503 504  /50x.html;
	location = /50x.html {
		root   html;
	}
}

#配置http反向代理域名2
server {
        listen       80;
        server_name  www.test.com; #申请的域名
        location / {
             proxy_pass   http://tomcat2; #区分域名映射的tomcat
            index  index.html index.htm;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }

# 配置https反向代理域名，默认监听端口443，需自行申请ssl证书，下载证书到同级目录下，引入即可
server {
    listen 443;
    server_name open.36change.com;
    ssl on;
    root html;
    index index.html index.htm;
    ssl_certificate     cert/admin/214877699140754.pem; #ssl证书
    ssl_certificate_key  cert/admin/214877699140754.key; #ssl证书秘钥
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    location / {
        proxy_pass   http://tomcat1; #https域名对应的tomcat
        index index.html index.htm;
        client_max_body_size 40M;
    }
}

server {
    listen 443;
    server_name www.opensporting.com;
    ssl on;
    root html;
    index index.html index.htm;
    ssl_certificate     cert/test/214926212910754.pem; #ssl证书
    ssl_certificate_key  cert/test/214926212910754.key; #ssl证书秘钥
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    location / {
        proxy_pass   http://tomcat2; #https域名对应的tomcat
        index index.html index.htm;
        client_max_body_size 1000M;
	proxy_connect_timeout 600;
	proxy_send_timeout 600;
	proxy_read_timeout 600;
	proxy_buffer_size 32k;
        proxy_buffers 32 256k;
        proxy_busy_buffers_size 512k;
        proxy_temp_file_write_size 512k;
    }
}


}

总结

实践是检验认识真理性的唯一标准，自己动手，丰衣足食~~