Reprinted: nginx practical configuration tips
Nginx article lists some common, practical, interesting configuration, hoping to be able to say after reading: learned!
A site configuration multiple domain names
server {
listen 80;
server_name ops-coffee.cn b.ops-coffee.cn;
}
server_name followed by multiple domain names to, among multiple domain names separated by spaces.
A service configuration multiple sites
server {
listen 80;
server_name a.ops-coffee.cn;
location / {
root /home/project/pa;
index index.html;
}
}
server {
listen 80;
server_name ops-coffee.cn b.ops-coffee.cn;
location / {
root /home/project/pb;
index index.html;
}
}
server {
listen 80;
server_name c.ops-coffee.cn;
location / {
root /home/project/pc;
index index.html;
}
}
Based Nginx virtual host configuration, Nginx There are three types of web hosting
IP-based virtual hosts: the need for multiple addresses on your server, each site corresponds to a different address, used in this way is relatively small
Host-based virtual ports: a different site each corresponding port, when accessed using the ip: port of access can be modified to use a port listen
Name-based virtual hosting: the most widely used way, above example is to use the domain name-based virtual hosting, provided that you have multiple domain names corresponding to each site, server_name can fill in a different domain
nginx add account password verification
server {
location / {
auth_basic "please input user&passwd";
auth_basic_user_file key/auth.key;
}
}
A number of services accessed via nginx, but the account itself does not provide authentication feature, you can authbase account password authentication provided by nginx to achieve, you can use the following script to generate account passwords
# cat pwd.pl
#!/usr/bin/perl
use strict;
my $pw=$ARGV[0] ;
print crypt($pw,$pw)."
";
Instructions:
# perl pwd.pl ops-coffee.cn
opf8BImqCAXww
# echo "admin:opf8BImqCAXww" > key/auth.key
nginx open directory listing
When you want to download nginx exists as a file server, nginx need to open the directory listing
server {
location download {
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
}
}
autoindex_exact_size: show the exact size of the file when on (the default) as the unit is byte; instead show off about file size, in KB or MB or GB
autoindex_localtime: file when the time display is turned off (the default) is the GMT time; later changed to on, the time display for the file server time
Txt, etc. is displayed by default when accessing files listed on the contents of the file browser, if you want to download the browser directly, plus the following configuration
if ($request_filename ~* ^.*?.(txt|pdf|jpg|png)$) {
add_header Content-Disposition 'attachment';
}Configuring the default site
server {
listen 80 default;
}
When the default service on a nginx create multiple virtual hosts from top to bottom to find, if not match the virtual host will return to the first content virtual host, if you want to specify a default site, this site can be the virtual host configuration file on the location of the first virtual host or configure virtual hosts listen default on this site.
Do not allow access by IP
server {
listen 80 default;
server_name _;
return 404;
}
There may not record or you do not want the domain name server address points to your server, this time will cause some impact on your site, you need prohibit domain name or IP configuration access, we use said top the default rule, traffic will default to 404 go.
This method is rude on top, of course, you can also configure the direct address 301 redirect all non-configured access to your site to also be able to bring some traffic to your website.
server {
rewrite ^/(.*)$ https://ops-coffee.cn/$1 permanent;
}
Direct verification file returns
location = /XDFyle6tNA.txt {
default_type text/plain;
return 200 'd6296a84657eb275c05c31b10924f6ea';
}
Many times micro letters and other procedures we need to put a txt file into the project in order to verify ownership of the project, we can modify nginx can be directly on top this way, no real place to put files on the server.
nginx reverse proxy configuration upstream
http {
...
upstream tomcats {
server 192.168.106.176 weight=1;
server 192.168.106.177 weight=1;
}
server {
location /ops-coffee/ {
proxy_pass http://tomcats;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
}
Little carelessness may fall into a proxy_passplus bars without bars of the trap, where detail at proxy_pass http://tomcatsthe proxy_pass http://tomcats/differences:
Although only a / distinction vary but the results determined. The following two cases:
1. The destination address without URI ( proxy_pass http://tomcats). At this point a new target url, the match uri part will not be modified, it turned out to be what it is.
location /ops-coffee/ {
proxy_pass http://192.168.106.135:8181;
}
http://domain/ops-coffee/ --> http://192.168.106.135:8181/ops-coffee/
http://domain/ops-coffee/action/abc --> http://192.168.106.135:8181/ops-coffee/action/abc
2. The target address with URI ( proxy_pass http://tomcats/, / is uri), in this case a new target url, uri partial match will be modified to the parameters uri.
location /ops-coffee/ {
proxy_pass http://192.168.106.135:8181/;
}
http://domain/ops-coffee/ --> http://192.168.106.135:8181
http://domain/ops-coffee/action/abc --> http://192.168.106.135:8181/action/abc
nginx upstream open keepalive
upstream tomcat {
server ops-coffee.cn:8080;
keepalive 1024;
}
server {
location / {
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_pass http://tomcat;
}
}
nginx proxy will be used in most cases as a reverse projects, such as access tomcat after nginx, php then after nginx, etc., then we open keepalive between nginx and back-end services can reduce the frequency of consumption of resources to create a TCP connection caused configured as above
keepalive: specify each nginxworker maximum number of connections that can be held is 1024, the default is not set, i.e. nginx not in effect as a client keepalive
proxy_http_version 1.1: open keepalive requires HTTP protocol version is HTTP 1.1
proxy_set_header Connection "": For compatibility with the old agreement and prevent http headers have Connection closecaused keepalive failure, where the need for timely cleared away the HTTP header Connection
404 automatically jump to the home page
server {
location / {
error_page 404 = @ops-coffee;
}
location @ops-coffee {
rewrite .* / permanent;
}
}
404 pages site appears not particularly friendly, we can appear at the top of the configuration after 404 to automatically jump to go home.
Source: This switched public number "operation and maintenance coffee bar."