ngxin配置

Posted 2022-08-04 lanlingshao

以下是服务的nginx配置，nginx有一个配置文件叫nginx.conf，里面可以填写每个应用的nginx配置文件的文件夹，下面是某个应用的配置文件

nginx.conf配置

#user  nobody;
user root;
worker_processes  4;
worker_rlimit_nofile 655350;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events 
    use epoll;
    worker_connections  655350;  ## Default: 1024


http 
    resolver 8.8.8.8;

    geo $limited 
        default 1;
#        61.54.109.211 0;
    
    map $limited $limit_ip 
        1 $binary_remote_addr;
        0 "";
    
    map $limited $limit_uri 
        1 $request_uri;
        0 "";
    

    limit_req_zone $limit_ip zone=perip:100m rate=4r/s;
    limit_req_zone $limit_uri zone=perreq:100m rate=2r/m;
    limit_req_status 599;

    ##
    # Basic Settings
    ##
    sendfile        on;
    tcp_nopush      on;
    tcp_nodelay     on;
    keepalive_timeout  65;
    types_hash_max_size 2048;  #TODO: to figure out
    large_client_header_buffers 8 16k;
    client_max_body_size 4M;
    # server_tokens off;

    # server_names_hash_bucket_size 64;
    # server_name_in_redirect off;

    include       mime.types;
    default_type  application/octet-stream;

    ##
    # Logging Settings
    ##
    log_format  main  '$remote_addr" - "[$time_local]" - "$request" - "$status" - "$body_bytes_sent" - "$http_user_agent" - " $request_time " - " $http_x_forwarded_for';

    log_format  report escape=json '"realip":"$remote_addr", "localtime":"$time_local", "timestamp":"$msec","url":"$uri", "message":"$request_body"';

    ##
    # Gzip Settings
    ##
    proxy_set_header HOST $host;
    proxy_set_header X-Real-IP $remote_addr;
    gzip  on;
    gzip_disable "msie6";
    gzip_vary on;
    # gzip_proxied any;  #TODO: to figure out
    gzip_min_length 16k;
    gzip_buffers 16 64k;
    gzip_comp_level 5;
    gzip_http_version 1.1;
    gzip_types text/plain application/json application/x-javascript text/css application/xml application/lsec;

    proxy_set_header HOST $host;
    proxy_set_header X-Real-IP $remote_addr;

    add_header Access-Control-Allow-Origin http://admin.work.com;
    add_header Access-Control-Allow-Credentials true;

    ##
    # Virtual Host Configs
    ##
    
    # 应用配置文件存放目录
    include /opt/oh-my-ngxfile/conf.d/*.conf;
    include /opt/oh-my-ngxfile/sites-enabled/*;

    error_page   403 404 500 502 503 504  /error.gif;

应用配置文件api.work.com的配置，存放在 /opt/oh-my-ngxfile/sites-enabled/ 文件夹内

# ngxin跨域配置，设置http://h5.oss.alicdn.work.com和http://work-h5.oss-cn-beijing.aliyuncs.com的请求可以跨域访问
map $http_origin $corsHost 
    default 0;
    "~http://h5.oss.alicdn.work.com" http://h5.oss.alicdn.work.com;
    "~http://work-h5.oss-cn-beijing.aliyuncs.com" http://work-h5.oss-cn-beijing.aliyuncs.com;


server 
    listen 80;
#     ssl on;
#     ssl_certificate   /usr/local/nginx/ssl/21452220406.pem;
#     ssl_certificate_key  /usr/local/nginx/ssl/214529820406.key;
#     ssl_ciphers  ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
#     ssl_session_timeout 5m;
     client_max_body_size 20m;
#     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#     ssl_prefer_server_ciphers on;
    server_name work.com; # 域名
    access_log logs/work.com/access.log main;
    error_log  logs/work.com/error.log;

   location ~ ^/easy/api_log 
     access_log logs/work.com/access.log report;
      error_log  logs/work.com/error.log;
     #proxy_pass http://127.0.0.1:6699;
      add_header Access-Control-Allow-Origin *;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_headers_hash_max_size 51200;
        proxy_headers_hash_bucket_size 6400;
        set_real_ip_from 100.196.0.0/19;
        real_ip_header X-Forwarded-For;
        real_ip_recursive on;
        include  uwsgi_params;
        uwsgi_pass unix:///tmp/logship.sock;

    location / 
      # 跨域设置
      add_header Access-Control-Allow-Origin $corsHost;
      add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
      add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-For $remote_addr;
        proxy_headers_hash_max_size 51200;
    proxy_headers_hash_bucket_size 6400;
    proxy_pass http://127.0.0.1:8010;
        set_real_ip_from 0.0.0.0/0;
    real_ip_header  X-Forwarded-For;
    proxy_set_header HOST $host;
        proxy_set_header X-Real-IP $remote_addr;


    


server 

    listen      6699;
    location ~ ^/shopping/api_log 
        return 200;