配置文件如下
[root@Nginx www]# cat test.conf
server {
listen 80;
server_name test.com;
location / {
root html/test;
index index.html index.htm;
}
if ( $http_host ~* "^(.*)") {
set $domain $1;
rewrite ^(.*) http://www.test.com break;
}
access_log logs/brian.log main gzip buffer=128k flush=5s;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# ssl on;
# ssl_certificate test/test.com.pem;
# ssl_certificate_key test/test.com.key;
# ssl_session_timeout 5m;
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# ssl_ciphers HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM;
# ssl_prefer_server_ciphers on;
}
常见的nginx配置文件
worker_processes auto;
load_module modules/ngx_http_geoip2_module.so;
events {
worker_connections 8000;
use epoll;
multi_accept on;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$proxy_add_x_forwarded_for" "$binary_remote_addr" "$http_x_real_ip" "$http_x_forwarded_for" "$geoip2_data_country_code" "$geoip2_data_city_name"';
access_log logs/access.log main;
sendfile on;
server_tokens off;
keepalive_timeout 65;
client_max_body_size 20m;
client_header_timeout 10;
client_body_timeout 65;
reset_timedout_connection on;
send_timeout 10;
#limit_req_zone $binary_remote_addr zone=wwwzone:10m rate=10r/s;
#limit_req_zone $binary_remote_addr zone=mzone:10m rate=10r/s;
#limit_req_zone $binary_remote_addr zone=clubzone:10m rate=100r/s;
include gzip.conf;
add_header X-Frame-Options SAMEORIGIN;
geoip2 /etc/GeoLite2-Country.mmdb {
$geoip2_data_country_code default=DEFAULT_COUNTRY source=$http_x_forwarded_for country iso_code;
$geoip2_data_country_name country names en;
}
geoip2 /etc/GeoLite2-City.mmdb {
$geoip2_data_city_name default=DEFAULT_CITY source=$http_x_forwarded_for city names en;
}
fastcgi_intercept_errors on;
geo $http_x_forwarded_for $ip_whitelist {
default 0;
include ip.conf;
}
#禁止ip访问
server {
server_name _;
return 404;
}
#前台server
#server {
# listen 80;
# charset UTF-8;
# server_name www.test.com;
## if ( $host != 'https://www.xxx.vip' ) {
## rewrite ^/(.*)$ https://www.xxx.vip/$1 permanent;
## }
#
#
# location / {
# proxy_pass http://127.0.0.1:8080;
# proxy_set_header Host $host;
# proxy_set_header Remote_Addr $remote_addr;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# index index;
#
# }
#
#
# location ^~ /manage/static/ueditor/index.html {
# return 404;
# }
# location ^~ /admin/WEB-INF/web.xml {
# return 404;
# }
#}
upstream frontcluster {
server 127.0.0.1:8081 weight=1;
}
server {
listen 80;
server_name test.com;
if ( $http_host ~* "^(.*)") {
set $domain $1;
rewrite ^(.*) http://www.test.com break;
}
access_log logs/brian.log main gzip buffer=128k flush=5s;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 80;
server_name www.test.com;
charset utf-8;
#limit_req zone=wwwzone burst=5 nodelay;
error_page 403 /403.html;
location /403.html {
allow all;
root /home/deploy/nginx/static/;
}
location /chinaintercept {
allow all;
root /home/deploy/nginx/static/;
}
location / {
# set $flag 0;
# if ($ip_whitelist != 1) {
# set $flag "1";
# }
# if ($geoip2_data_country_code ~ "(CN)") {
# set $flag "${flag}2";
# }
# if ($flag ~ "(12)") {
# return 403;
# }
proxy_pass http://frontcluster/;
proxy_redirect default;
client_max_body_size 500m;
proxy_send_timeout 180;
proxy_read_timeout 180;
proxy_connect_timeout 180;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location ^~ /manage/static/ueditor/index.html {
return 404;
}
location ^~ /admin/WEB-INF/web.xml {
return 404;
}
#location ^~ /swagger-ui {
# deny all;
#}
}
server {
listen 81;
server_name m.test.com;
charset utf-8;
#limit_req zone=mzone burst=5 nodelay;
location / {
proxy_pass http://frontcluster/;
proxy_redirect default;
client_max_body_size 500m;
proxy_send_timeout 180;
proxy_read_timeout 180;
proxy_connect_timeout 180;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location ^~ /manage/static/ueditor/index.html {
return 404;
}
location ^~ /admin/WEB-INF/web.xml {
return 404;
}
#location ^~ /swagger-ui {
# deny all;
#}
}
server {
listen 82;
charset UTF-8;
server_name club.test.com;
#limit_req zone=clubzone burst=5 nodelay;
error_page 403 /403.html;
location /403.html {
allow all;
root /home/deploy/nginx/static/;
}
location /chinaintercept {
allow all;
root /home/deploy/nginx/static/;
}
location / {
index index.html index.htm *.html;
# set $flag 0;
# if ($ip_whitelist != 1) {
# set $flag "1";
# }
# if ($geoip2_data_country_code ~ "(CN)") {
# set $flag "${flag}2";
# }
# if ($flag ~ "(12)") {
# return 403;
# }
#if ($geoip2_data_country_code = CN) {
# return 403;
#}
root static/;
}
location ^~ /manage/static/ueditor/index.html {
return 404;
}
location ^~ /admin/WEB-INF/web.xml {
return 404;
}
}
#https:
#server {
# listen 443;
# server_name www.xxx.com;
#
# ssl on;
# ssl_certificate _.xxx.com_bundle.crt;
# ssl_certificate_key _.xxx.com.key;
# ssl_session_timeout 5m;
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#
# ssl_ciphers HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM;
# ssl_prefer_server_ciphers on;
#}
#https:
#server {
# listen 443;
# server_name www.xxx.com;
#
# ssl on;
# ssl_certificate _.xxx.com_bundle.crt;
# ssl_certificate_key _.xxx.com.key;
# ssl_session_timeout 5m;
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#
# ssl_ciphers HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM;
# ssl_prefer_server_ciphers on;
#}
}
或
worker_processes auto;
events {
worker_connections 2048;
use epoll;
multi_accept on;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
server_tokens off;
keepalive_timeout 120;
client_max_body_size 20m;
client_header_timeout 10;
client_body_timeout 65;
reset_timedout_connection on;
send_timeout 10;
limit_req_zone $binary_remote_addr zone=allips:10m rate=100r/s;
include gzip.conf;
server {
listen 8077;
server_name 192.168.0.112;
charset utf-8;
root /home/deploy/nginx/mh;
index index.html index.htm;
location / {
try_files $uri $uri/ /index.html;
}
location /api/ {
proxy_pass http://localhost:8098/;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
}
}
server {
listen 8087;
server_name 192.168.0.112;
charset utf-8;
root /home/deploy/nginx/cpct_front;
index index.html index.htm;
#access_log logs/host.access.log main;
location / {
try_files $uri $uri/ /index.html;
}
location /api {
proxy_pass http://localhost:8090/;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
}
location /ws {
proxy_pass http://localhost:8090/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /download/ {
root /;
rewrite ^/download/(.*)$ /usr/local/nginx/cpct_files/$1 break;
# root /usr/local/nginx/cpct_files;
default_type 'application/octet-stream';
if ($request_filename ~* ^.*?.(txt|doc|pdf|rar|gz|zip|docx|exe|xlsx|ppt|pptx|jpg|png)$){
add_header Content-Disposition attachment;
}
client_max_body_size 10m;
}
}
#后台server
server{
listen 80;
charset UTF-8;
server_name 192.168.0.112;
location ~ ^/(oauth) {
proxy_pass http://127.0.0.1:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
}
location ~ ^/(manage) {
proxy_pass http://127.0.0.1:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
}
location ~ ^/(hryfile) {
proxy_pass http://127.0.0.1:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
}
location ~ ^/(admin) {
root html/admin;
index index.html;
}
location ^~ /manage/static/ueditor/index.html {
return 404;
}
}
#https:
#server {
# listen 443;
# server_name www.xxx.com;
#
# ssl on;
# ssl_certificate _.xxx.com_bundle.crt;
# ssl_certificate_key _.xxx.com.key;
# ssl_session_timeout 5m;
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#
# ssl_ciphers HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM;
# ssl_prefer_server_ciphers on;
#}
##洋洋金服
#server {
# listen 80;
# charset UTF-8;
# server_name cloud.test.com www.test.com;
# rewrite ^(.*)$ https://$host$1 permanent;
#}
#https:
server {
listen 80;
server_name cloud.test.com www.test.com;
# ssl on;
# ssl_certificate zdzssl/www.test.com.pem;
# ssl_certificate_key zdzssl/www.test.com.key;
# ssl_session_timeout 5m;
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# ssl_ciphers HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM;
# ssl_prefer_server_ciphers on;
location / {
root zdz;
index index.html index.htm *.html;
}
location ^~ /manage/static/ueditor/index.html {
return 404;
}
location ^~ /admin/WEB-INF/web.xml {
return 404;
}
}
}