• 真是学到了!——《Nginx的几个常用配置和技巧》

    一个站点配置多个域名

    1. <pre style="box-sizing: border-box; font-family: monospace; font-size: 18px; margin: 20px 0px; padding: 15px; border: 0px; background-color: rgb(244, 245, 246); white-space: pre-wrap; word-break: break-all; color: rgb(34, 34, 34); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: justify; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial;">server {
    2.  listen 80;
    3.  server_name ops-coffee.cn b.ops-coffee.cn;
    4. }

    server_name 后跟多个域名即可,多个域名之间用空格分隔

    一个服务配置多个站点

    1. "box-sizing: border-box; font-family: monospace; font-size: 18px; margin: 20px 0px; padding: 15px; border: 0px; background-color: rgb(244, 245, 246); white-space: pre-wrap; word-break: break-all; color: rgb(34, 34, 34); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: justify; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial;">server {
    2.  listen 80;
    3.  server_name a.ops-coffee.cn;
    4.  location / {
    5.  root /home/project/pa;
    6.  index index.html;
    7.  }
    8. }
    9. server {
    10.  listen 80;
    11.  server_name ops-coffee.cn b.ops-coffee.cn;
    12.  location / {
    13.  root /home/project/pb;
    14.  index index.html;
    15.  }
    16. }
    17. server {
    18.  listen 80;
    19.  server_name c.ops-coffee.cn;
    20.  location / {
    21.  root /home/project/pc;
    22.  index index.html;
    23.  }
    24. }

    基于Nginx虚拟主机配置实现,Nginx有三种类型的虚拟主机

    基于IP的虚拟主机: 需要你的服务器上有多个地址,每个站点对应不同的地址,这种方式使用的比较少

    基于端口的虚拟主机: 每个站点对应不同的端口,访问的时候使用ip:port的方式访问,可以修改listen的端口来使用

    基于域名的虚拟主机: 使用最广的方式,上边例子中就是用了基于域名的虚拟主机,前提条件是你有多个域名分别对应每个站点,server_name填写不同的域名即可

    nginx添加账号密码验证

    1. "box-sizing: border-box; font-family: monospace; font-size: 18px; margin: 20px 0px; padding: 15px; border: 0px; background-color: rgb(244, 245, 246); white-space: pre-wrap; word-break: break-all; color: rgb(34, 34, 34); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: justify; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial;">server {
    2.  location / {
    3.  auth_basic "please input user&passwd";
    4.  auth_basic_user_file key/auth.key;
    5.  }
    6. }

    有很多服务通过nginx访问,但本身没有提供账号认证的功能,就可以通过nginx提供的authbase账号密码认证来实现,可以用以下脚本来生成账号的密码

    1. "box-sizing: border-box; font-family: monospace; font-size: 18px; margin: 20px 0px; padding: 15px; border: 0px; background-color: rgb(244, 245, 246); white-space: pre-wrap; word-break: break-all; color: rgb(34, 34, 34); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: justify; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial;"># cat pwd.pl 
    2. #!/usr/bin/perl
    3. use strict;
    4. my $pw=$ARGV[0] ;
    5. print crypt($pw,$pw)."\n";

    使用方法:

    1. "box-sizing: border-box; font-family: monospace; font-size: 18px; margin: 20px 0px; padding: 15px; border: 0px; background-color: rgb(244, 245, 246); white-space: pre-wrap; word-break: break-all; color: rgb(34, 34, 34); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: justify; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial;"># perl pwd.pl ops-coffee.cn
    2. opf8BImqCAXww
    3. # echo "admin:opf8BImqCAXww" > key/auth.key

    nginx开启列目录

    当你想让nginx作为文件下载服务器存在时,需要开启nginx列目录

    1. "box-sizing: border-box; font-family: monospace; font-size: 18px; margin: 20px 0px; padding: 15px; border: 0px; background-color: rgb(244, 245, 246); white-space: pre-wrap; word-break: break-all; color: rgb(34, 34, 34); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: justify; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial;">server {
    2.  location download {
    3.  autoindex on;
    4.  autoindex_exact_size off;
    5.  autoindex_localtime on;
    6.  }
    7. }

    autoindex_exact_size: 为on(默认)时显示文件的确切大小,单位是byte;改为off显示文件大概大小,单位KB或MB或GB

    autoindex_localtime: 为off(默认)时显示的文件时间为GMT时间;改为on后,显示的文件时间为服务器时间

    默认当访问列出的txt等文件时会在浏览器上显示文件的内容,如果你先让浏览器直接下载,加上下边的配置

    1. "box-sizing: border-box; font-family: monospace; font-size: 18px; margin: 20px 0px; padding: 15px; border: 0px; background-color: rgb(244, 245, 246); white-space: pre-wrap; word-break: break-all; color: rgb(34, 34, 34); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: justify; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial;">if ($request_filename ~* ^.*?\.(txt|pdf|jpg|png)$) {
    2.  add_header Content-Disposition 'attachment';
    3. }

    配置默认站点

    1. "box-sizing: border-box; font-family: monospace; font-size: 18px; margin: 20px 0px; padding: 15px; border: 0px; background-color: rgb(244, 245, 246); white-space: pre-wrap; word-break: break-all; color: rgb(34, 34, 34); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: justify; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial;">server {
    2.  listen 80 default;
    3. }

    当一个nginx服务上创建了多个虚拟主机时默认会从上到下查找,如果匹配不到虚拟主机则会返回第一个虚拟主机的内容,如果你想指定一个默认站点时,可以将这个站点的虚拟主机放在配置文件中第一个虚拟主机的位置,或者在这个站点的虚拟主机上配置listen default

    不允许通过IP访问

    1. "box-sizing: border-box; font-family: monospace; font-size: 18px; margin: 20px 0px; padding: 15px; border: 0px; background-color: rgb(244, 245, 246); white-space: pre-wrap; word-break: break-all; color: rgb(34, 34, 34); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: justify; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial;">server {
    2.  listen 80 default;
    3.  server_name _;
    4.  return 404;
    5. }

    可能有一些未备案的域名或者你不希望的域名将服务器地址指向了你的服务器,这时候就会对你的站点造成一定的影响,需要禁止IP或未配置的域名访问,我们利用上边所说的default规则,将默认流量都转到404去

    上边这个方法比较粗暴,当然你也可以配置下所有未配置的地址访问时直接301重定向到你的网站去,也能为你的网站带来一定的流量

    1. "box-sizing: border-box; font-family: monospace; font-size: 18px; margin: 20px 0px; padding: 15px; border: 0px; background-color: rgb(244, 245, 246); white-space: pre-wrap; word-break: break-all; color: rgb(34, 34, 34); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: justify; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial;">server {
    2.  rewrite ^/(.*)$ https://ops-coffee.cn/$1 permanent;
    3. }

    直接返回验证文件

    1. "box-sizing: border-box; font-family: monospace; font-size: 18px; margin: 20px 0px; padding: 15px; border: 0px; background-color: rgb(244, 245, 246); white-space: pre-wrap; word-break: break-all; color: rgb(34, 34, 34); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: justify; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial;">location = /XDFyle6tNA.txt {
    2.  default_type text/plain;
    3.  return 200 'd6296a84657eb275c05c31b10924f6ea';
    4. }

    很多时候微信等程序都需要我们放一个txt的文件到项目里以验证项目归属,我们可以直接通过上边这种方式修改nginx即可,无需真正的把文件给放到服务器上

    nginx配置upstream反向代理

    1. "box-sizing: border-box; font-family: monospace; font-size: 18px; margin: 20px 0px; padding: 15px; border: 0px; background-color: rgb(244, 245, 246); white-space: pre-wrap; word-break: break-all; color: rgb(34, 34, 34); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: justify; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial;">http {
    2.  ...
    3.  upstream tomcats {
    4.  server 192.168.106.176 weight=1;
    5.  server 192.168.106.177 weight=1;
    6.  }
    7.  
    8.  server {
    9.  location /ops-coffee/ { 
    10.  proxy_pass http://tomcats; 
    11.  proxy_set_header Host $host;
    12.  proxy_set_header X-Real-IP $remote_addr;
    13.  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    14.  proxy_set_header X-Forwarded-Proto $scheme;
    15.  }
    16.  }
    17.  
    18. }

    稍不注意可能会落入一个proxy_pass加杠不加杠的陷阱,这里详细说下proxy_pass http://tomcats与proxy_pass http://tomcats/的区别:

    虽然只是一个/的区别但结果确千差万别。分为以下两种情况:

    1. 目标地址中不带uri(proxy_pass http://tomcats)。此时新的目标url中,匹配的uri部分不做修改,原来是什么就是什么。
    1. "box-sizing: border-box; font-family: monospace; font-size: 18px; margin: 20px 0px; padding: 15px; border: 0px; background-color: rgb(244, 245, 246); white-space: pre-wrap; word-break: break-all; color: rgb(34, 34, 34); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: justify; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial;">location /ops-coffee/ {
    2.  proxy_pass http://192.168.106.135:8181;
    3. }
    4. http://domain/ops-coffee/ --> http://192.168.106.135:8181/ops-coffee/
    5. http://domain/ops-coffee/action/abc --> http://192.168.106.135:8181/ops-coffee/action/abc
    1. 目标地址中带uri(proxy_pass http://tomcats/,/也是uri),此时新的目标url中,匹配的uri部分将会被修改为该参数中的uri。
    1. "box-sizing: border-box; font-family: monospace; font-size: 18px; margin: 20px 0px; padding: 15px; border: 0px; background-color: rgb(244, 245, 246); white-space: pre-wrap; word-break: break-all; color: rgb(34, 34, 34); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: justify; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial;">location /ops-coffee/ {
    2.  proxy_pass http://192.168.106.135:8181/;
    3. }
    4. http://domain/ops-coffee/ --> http://192.168.106.135:8181
    5. http://domain/ops-coffee/action/abc --> http://192.168.106.135:8181/action/abc

    nginx upstream开启keepalive

    1. "box-sizing: border-box; font-family: monospace; font-size: 18px; margin: 20px 0px; padding: 15px; border: 0px; background-color: rgb(244, 245, 246); white-space: pre-wrap; word-break: break-all; color: rgb(34, 34, 34); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: justify; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial;">upstream tomcat {
    2.  server ops-coffee.cn:8080;
    3.  keepalive 1024;
    4. }
    5. server {
    6.  location / {
    7.  proxy_http_version 1.1;
    8.  proxy_set_header Connection "";
    9.  
    10.  proxy_pass http://tomcat;
    11.  }
    12. }

    nginx在项目中大多数情况下会作为反向代理使用,例如nginx后接tomcat,nginx后接php等,这时我们开启nginx和后端服务之间的keepalive能够减少频繁创建TCP连接造成的资源消耗,配置如上

    keepalive: 指定每个nginxworker可以保持的最大连接数量为1024,默认不设置,即nginx作为client时keepalive未生效

    proxy_http_version 1.1: 开启keepalive要求HTTP协议版本为HTTP 1.1

    proxy_set_header Connection "": 为了兼容老的协议以及防止http头中有Connection close导致的keepalive失效,这里需要及时清掉HTTP头部的Connection

    404自动跳转到首页

    1. "box-sizing: border-box; font-family: monospace; font-size: 18px; margin: 20px 0px; padding: 15px; border: 0px; background-color: rgb(244, 245, 246); white-space: pre-wrap; word-break: break-all; color: rgb(34, 34, 34); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: justify; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial;">server {
    2.  location / {
    3.  error_page 404 = @ops-coffee;
    4.  }
    5.  
    6.  location @ops-coffee {
    7.  rewrite .* / permanent;
    8.  }
    9. }

    网站出现404页面不是特别友好,我们可以通过上边的配置在出现404之后给自动跳转到首页去。

  • 相关阅读:
    element-radio回显问题
    Apache HTTP Server、IIS反向代理设置
    Android R给自家UA工具挖坑
    ORA-09925 Unable to create audit trail file
    vsto转换为windows服务 并部署服务
    归并排序 和 逆序对 联动
    前端练习--3D盒子背景图运动效果
    JavaScript 62 JavaScript 版本 62.6 ECMAScript 2018
    python+playwright 学习-84 Response 接口返回对象
    Vue3 echarts v-show无法重新渲染的问题
  • 原文地址:https://blog.csdn.net/Java_ttcd/article/details/126362834