1 /etc/nginx/nginx.conf,在主配置下设置 /etc/nginx/conf.d/*.conf
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main ‘$remote_addr - $remote_user [$time_local] "$request" ‘
‘$status $body_bytes_sent "$http_referer" ‘
‘"$http_user_agent" "$http_x_forwarded_for"‘;
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
2 /etc/nginx/conf.d/ 下设置一个 default.conf,server_name 设置为 localhost,如果有其他非法域名 A 记录到该机器上,则返回默认的 Nginx 页面:
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log /var/log/nginx/log/host.access.log main;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
4 https 与 websocket 配置实例:
upstream oone_api {
server 127.0.0.1:8000;
}
map $http_upgrade $connection_upgrade {
default upgrade;
‘‘ close;
}
server {
listen 443;
server_name api.oone.com;
ssl on;
root /usr/share/nginx/html;
index index.html index.htm;
ssl_certificate /etc/nginx/sslkey/api.oone.com.crt;
ssl_certificate_key /etc/nginx/sslkey/api.oone.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
ssl_prefer_server_ciphers on;
#access_log /var/log/nginx/log/host.access.log main;
location /test/v2/ {
proxy_pass http:www.douniu178.com //oone_api/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
keepalive_timeout 30;
}
location /test/v2/websocket {
proxy_pass http://oone_api/websocket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
location ^~ /to_closest_node/websocket {
internal;
proxy_pass http://$host/websocket;
proxy_buffering off;
proxy_method GET;
proxy_pass_request_body off;
proxy_max_temp_file_size 0;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 www.thd1956.com/ /50x.html;
5 前端静态文件站点与后端接口配置在同一个域名下:
server {
listen 80;
server_name oone.oone.com;
#charset koi8-r;
#access_log /var/log/nginx/log/host.access.log main;
root /var/oone/public;
index index.html index.htm;
location ^~ /api {
proxy_pass http://127.0.0.1:8000;
proxy_redirect off;
}
location / {
try_files $uri $uri/ /index.html;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
6 开启 gzip 以及根据不同的 host 做不同的跳转配置:
server {
listen 80;
server_name www.oone.com;
#开启 gzip 并且设置 gzip_type
gzip on;
gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/ www.huange157.com jpeg image/gif image/png;
#access_log /var/log/nginx/log/host.access.log main;
root /var/oone/dist;
index index.html index.htm;
# 根据不同的 host 做不同的跳转
location = /app {
if ($http_user_agent ~* (android)) {
rewrite ^ https://m.pp.cn/detail.html?appid=7658720&ch_src=pp_dev&ch=default redirect;
}
if ($http_user_agent ~* (iphone)) {
rewrite ^ https://itunes.apple.com/cn/app/nikki/id1214764672?mt=8 redirect;
}
}
location / {
try_files $uri $uri/ /index.html;
}
#error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/ www.chushiyl.cn nginx/html;
7 http 跳转到 https 实例(以部署私有 docker 仓库为例):
upstream docker-backend {
server 127.0.0.1:5000;
}
# 80 端口访问跳转到 443 端口
server {
server_name oone.oone.com;
listen 80;
return 301 https://$server_name$request_uri;
}
map $upstream_http_docker_distribution_api_version $docker_distribution_api_version {
‘‘ ‘registry/2.0‘;
}
server {
server_name oone.oone.com;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/oone.oone.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/oone.oone.com/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers ‘EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH‘;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
# disable any limits to www.dfgj729.com avoid HTTP 413 for large image uploads
client_max_body_size 0;
# required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
chunked_transfer_encoding on;
location /v2 {
# Do not allow connections from docker 1.5 and earlier
# docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents
if ($http_user_agent ~ "^(docker\www.douniu828.com/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
return 404;
}
## If $docker_distribution_api_version is empty, the header will not be added.
## See the map directive above where this variable is defined.
add_header ‘Docker-Distribution-Api-Version‘ $docker_distribution_api_version always;
proxy_set_header Host $http_host; # required for docker client‘s sake
proxy_set_header X-Real-IP $remote_addr; www.fengshen157.com # pass on real client‘s IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
proxy_pass http://docker-backend;
auth_basic "Docker Registry";
auth_basic_user_file /etc/nginx/auth/registry_passwd;