nginx作为用烂了的反向代理服务器,这两年经手的项目也是各种配置,各种学习,再次记录下还能想的起来或者有据可查的nginx配置,以防哪天掉坑里时还有一根救命稻草。
前置
个人爱好的原因,我的nginx一般安装在/usr/local/nginx这个目录,主配置文件/usr/local/nginx/conf/nginx.conf,其他配置文件则是在/usr/local/nginx/conf/conf.d/*.conf这些单独的文件上。
这些conf.d目录下的配置文件要在nginx.conf中被引入,因此nginx.conf文件最后一行有这么一句
include conf.d/*.conf;
1、一个域名,多个端口,多个项目
这种情况是最理想,最好配置的,但是也是最没有啥可说的一种,不过我还的是copy一个记录一下吧。
比如conf.d下有几个配置文件,大概这样:
[haieradmin@1169CKT2 conf.d]$ ll
total 20
-rw-r--r-- 1 haieradmin haieradmin 828 Mar 7 2018 hrsj.15386.conf
-rw-r--r-- 1 haieradmin haieradmin 827 Mar 7 2018 hryh.10386.conf
-rw-r--r-- 1 haieradmin haieradmin 1166 Nov 22 13:49 html.8880.conf
-rw-r--r-- 1 haieradmin haieradmin 1022 Jul 16 13:50 portal.8886.conf
-rw-r--r-- 1 haieradmin haieradmin 846 Jul 13 2018 questionnaire.8081.conf
[haieradmin@1169CKT2 conf.d]$ pwd
/usr/local/nginx/conf/conf.d
[haieradmin@1169CKT2 conf.d]$
查看其中一个文件的内容:
[haieradmin@1169CKT2 conf.d]$ cat hrsj.15386.conf
server
{
listen 15386;
#server_name tech.haier.net;
#ssl on;
#ssl_certificate /usr/local/nginx/key/server.crt;
#ssl_certificate_key /usr/local/nginx/key/server.key;
index index.html;
root /opt/chuangke/website/hrsj;
location / {
client_max_body_size 100M;
try_files $uri $uri/ /index.html;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /\.
{
deny all;
}
error_page 404 /404.html;
access_log /usr/local/nginx/logs/hrsj.host.access.log;
}
[haieradmin@1169CKT2 conf.d]$
其他几个配置文件知识里面listen的端口和root目录不一样。
2、一个域名,一个端口,多个项目,访问时用二级目录名称区分
[haieradmin@1169CKT conf.d]$ ll
total 8
-rw-r--r-- 1 root root 1594 Jun 26 2018 nginx_8086_to_5601.conf
-rw-r--r-- 1 root root 1592 Jun 28 2018 nginx_8888_gitstats.conf
[haieradmin@1169CKT conf.d]$
查看配置文件
[haieradmin@1169CKT conf.d]$ cat nginx_8888_gitstats.conf
server {
listen 8888;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
#location / {
# root html;
# index index.html index.htm;
#}
index index.html index.htm;
client_max_body_size 100m;
location /questionnaire {
alias /opt/chuangke/gitstats/result/questionnaire;
}
location /portal {
alias /opt/chuangke/gitstats/result/Portal;
}
location /portalmanage {
alias /opt/chuangke/gitstats/result/portalmanage;
}
error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
[haieradmin@1169CKT conf.d]$
访问的时候如:http://localhost:8888/portalmanage和http://localhost:8888/portal等。
3、多个域名,一个端口,多个项目
[root@im-test-cpr-1 nginx]# cat nginx.conf
# * Official Russian Documentation: http://nginx.org/ru/docs/
user root;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
upstream server1 {
server 127.0.0.1:8890;
}
upstream server2 {
server 127.0.0.1:5151;
}
server {
listen 5050 default_server ssl;
listen [::]:5050 default_server;
server_name _;
root /usr/share/nginx/html;
ssl_certificate "/etc/pki/nginx/server.crt";
ssl_certificate_key "/etc/pki/nginx/private/server.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 90;
add_header Access-Control-Allow-Origin $http_origin;
add_header Access-Control-Allow-Methods 'GET, POST, PUT, DELETE, OPTIONS';
add_header Access-Control-Allow-Credentials 'true';
add_header Access-Control-Allow-Headers 'Accept, Authorization,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
add_header Access-Control-Allow-Origin $http_origin;
add_header Access-Control-Allow-Methods 'GET, POST, PUT, DELETE, OPTIONS';
add_header Access-Control-Allow-Credentials 'true';
add_header Access-Control-Allow-Headers 'Accept, Authorization,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
return 204;
}
proxy_pass http://server2;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
server {
listen 8443 ssl;
server_name sysadmint.rrs.com;
root /usr/share/nginx/html/sysadmin/;
ssl_certificate "/etc/pki/nginx/server.crt";
ssl_certificate_key "/etc/pki/nginx/private/server.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|js|css)$ {
add_header Cache-Control no-store;
}
location / {
try_files $uri /index.html;
}
}
server {
listen 8443 ssl;
server_name opadmint.rrs.com;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|js|css)$ {
add_header Cache-Control no-store;
}
root /usr/share/nginx/html/opadmin/;
location / {
try_files $uri /index.html;
}
ssl_certificate "/etc/pki/nginx/server.crt";
ssl_certificate_key "/etc/pki/nginx/private/server.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
}
server {
listen 8443 ssl;
server_name shopadmint.rrs.com;
root /usr/share/nginx/html/shopadmin/;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|js|css)$ {
add_header Cache-Control no-store;
}
location / {
try_files $uri /index.html;
}
ssl_certificate "/etc/pki/nginx/server.crt";
ssl_certificate_key "/etc/pki/nginx/private/server.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
}
}
[root@im-test-cpr-1 nginx]#
访问:host name+8443端口号
4、将收到的服务转发给别的服务
比如接受端口接受的端口是8086,但是映射后访问5601的资源。
[haieradmin@1169CKT conf.d]$ cat nginx_8086_to_5601.conf
server {
listen 8086;
server_name office.haier.net;
access_log logs/5601.host.access.log main;
location / {
proxy_pass http://127.0.0.1:5601/;
}
location ~.*\.(gif|jpg|jpeg|png|bmp|swf)$ {
proxy_pass http://127.0.0.1:5601;
}
location ~.*\.(js|css)?$ {
proxy_pass http://127.0.0.1:5601;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
[haieradmin@1169CKT conf.d]$