nginx.conf nginx反向代理配置文件

Posted faberbeta

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了nginx.conf nginx反向代理配置文件相关的知识,希望对你有一定的参考价值。

nginx反向代理配置文件

  • nginx.conf
  • proxy_default.conf
  • vhost/*.conf
  • upstream/*.conf
  • cache/*.conf

nginx.conf 配置

技术图片
user  www;
worker_processes  2;
pid /var/run/nginx.pid;
worker_cpu_affinity auto;
worker_rlimit_nofile 65535;

events 
    use epoll;
    worker_connections  65535;



http 
include /usr/local/nginx/conf/autoconfig/proxy_default.conf;
include /usr/local/nginx/conf/autoconfig/vhost/*.conf;
include /usr/local/nginx/conf/autoconfig/upstream/*.conf;
include /usr/local/nginx/conf/autoconfig/cache/*.conf;
include /usr/local/nginx/conf/include/*.conf;

map $host $node_ip 
    default "192.168.1.87";


    server 
        listen 80 default_server;
        server_name  _;
        root html;
        client_body_buffer_size 2m;
        client_header_buffer_size 2m;

        location / 
        return       403;
        

        location = /_.gif 
            empty_gif;
        
    

    server 
        listen 443 ssl default_server;
        server_name _;
        ssl_certificate /usr/local/nginx/nginx.crt;
        ssl_certificate_key /usr/local/nginx/nginx.key;
        return       403;
    


View Code

proxy_default.conf 默认reverse proxy配置

技术图片
include mime.types;
default_type "text/html";
charset utf-8;
log_format main ‘$time_localG;$remote_addrG;$http_hostG;$request_uriG;$upstream_cache_statusG;$statusG;$upstream_addrG;$upstream_statusG;$upstream_response_timeG;$request_timeG;$body_bytes_sentG;$request_lengthG;$content_lengthG;$sent_http_cache_controlG;$sent_http_content_typeG;$http_refererG;$http_x_forwarded_forG;$http_user_agentG;$node_ipG;$geoip2_data_country_codeG;$geoip2_data_city_nameG;$geoip2_data_province_isocodeG;$server_portG;$server_protocolG;$request_methodG;$schemeG;$ssl_protocolG;$remote_portG;$mobile_requestG;$http_cookieG;$args‘;

log_format json ‘"@timestamp":"$time_local",‘
                ‘"remote_addr":"$remote_addr",‘
                ‘"http_host":"$http_host",‘
                ‘"request_uri":"$request_uri",‘
                ‘"upstream_cache_status":"$upstream_cache_status",‘
                ‘"status":"$status",‘
                ‘"upstream_addr":"$upstream_addr",‘
                ‘"upstream_status":"$upstream_status",‘
                ‘"upstream_response_time":"$upstream_response_time",‘
                ‘"request_time":"$request_time",‘
                ‘"body_bytes_sent":"$body_bytes_sent",‘
                ‘"request_length":"$request_length",‘
                ‘"content_length":"$content_length",‘
                ‘"sent_http_cache_control":"$sent_http_cache_control",‘
                ‘"sent_http_content_type":"$sent_http_content_type",‘
                ‘"http_referer":"$http_referer",‘
                ‘"http_x_forwarded_for":"$http_x_forwarded_for",‘
                ‘"http_user_agent":"$http_user_agent",‘
                ‘"node_ip":"$node_ip",‘
                ‘"geoip2_data_country_code":"$geoip2_data_country_code",‘
                ‘"geoip2_data_city_name":"geoip2_data_city_name",‘
                ‘"geoip2_data_province_isocode":"$geoip2_data_province_isocode",‘
                ‘"server_port":"$server_port",‘
                ‘"server_protocol":"$server_protocol",‘
                ‘"request_method":"$request_method",‘
                ‘"scheme":"$scheme",‘
                ‘"ssl_protocol":"$ssl_protocol",‘
                ‘"remote_port":"$remote_port",‘
                ‘"mobile_request":"$mobile_request",‘
                ‘"http_cookie":"$http_cookie",‘
                ‘"args":"$args"‘;

access_log logs/access.json.log json;
access_log logs/access.log main buffer=4k flush=10s;
open_log_file_cache max=1024 inactive=10s valid=10s min_uses=1;

server_tokens  off;
ssl_session_cache shared:SSL:50m;

resolver 8.8.8.8 8.8.4.4 1.1.1.1 valid=600s ipv6=off;
resolver_timeout 30s;

etag on;
sendfile on;
send_timeout 3600s;
tcp_nopush on;
keepalive_timeout 3600;
keepalive_requests 360000;
server_names_hash_bucket_size 4096;
server_names_hash_max_size 4096;
client_header_buffer_size 128k;
large_client_header_buffers 32 128k;
client_max_body_size 300M;
client_header_timeout 36000;
connection_pool_size 4096;
proxy_connect_timeout 360000;
proxy_send_timeout 360000;
proxy_read_timeout 360000;
proxy_headers_hash_max_size 51200;
proxy_headers_hash_bucket_size 6400;
underscores_in_headers on;

ssl_protocols               TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers                 ‘ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:RSA-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:DHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:AES256-GCM-SHA384:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:RSA-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-GCM-SHA256:AES128-GCM-SHA256:PSK-AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:ECDHE-PSK-AES256-CBC-SHA384:ECDHE-PSK-AES256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:RSA-PSK-AES256-CBC-SHA384:DHE-PSK-AES256-CBC-SHA384:RSA-PSK-AES256-CBC-SHA:DHE-PSK-AES256-CBC-SHA:AES256-SHA:PSK-AES256-CBC-SHA384:PSK-AES256-CBC-SHA:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:RSA-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA:DHE-PSK-AES128-CBC-SHA:AES128-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA‘;
ssl_prefer_server_ciphers   on;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets on;

fastcgi_connect_timeout 360000;
fastcgi_send_timeout 360000;
fastcgi_read_timeout 360000;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 128k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;

gzip on;
gzip_min_length 1024;
gzip_buffers 16 8k;
gzip_comp_level 5;
gzip_types text/xml text/plain application/xml application/xhtml+xml image/svg+xml text/javascript application/x-javascript application/javascript application/json text/css application/font-woff;
gzip_vary on;

fastcgi_param COUNTRY_CODE $geoip2_data_country_code;
fastcgi_param COUNTRY_NAME $geoip2_data_country_name;
fastcgi_param CITY_NAME    $geoip2_data_city_name;

geoip2 /usr/local/nginx/geoip/maxmind-city.mmdb 
    $geoip2_data_country_code default=US source=$remote_addr country iso_code;
    $geoip2_data_country_name country names en;
    $geoip2_data_city_name default=London city names en;
    $geoip2_data_province_name subdivisions 0 names en;
    $geoip2_data_province_isocode subdivisions 0 iso_code;


client_body_buffer_size 512k;
tcp_nodelay on;
proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504 http_404;
proxy_next_upstream error timeout http_500 http_502 http_503 http_504;
proxy_ignore_headers X-Accel-Expires Expires Set-Cookie;
proxy_buffering on;
proxy_cache_lock on;
proxy_cache_revalidate on;
proxy_buffer_size 64k;
proxy_buffers 64 128k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
chunked_transfer_encoding on;

map $http_upgrade $connection_upgrade

    default upgrade;
    ‘‘ close;
View Code

vhost 实例 配置

技术图片
server

        listen 80;
#        if ( $scheme = ‘http‘ )rewrite ^(.*)$  https://$host$1 permanent;
        listen 443 ssl http2;
        ssl_certificate /usr/local/nginx/conf/autoconfig/ssl/img.baidu.com.crt;
        ssl_certificate_key /usr/local/nginx/conf/autoconfig/ssl/img.baidu.com.key;
        ssl_stapling on;
        ssl_stapling_verify on;
        ssl_trusted_certificate /usr/local/nginx/conf/autoconfig/ssl/img.baidu.com.crt;
        server_name img.baidu.com;

        access_log logs/img-access.json.log json;
        access_log logs/img-access.log main;

    client_body_temp_path /usr/local/nginx/temp/client_body_temp/img 1 2 3; 
        set $mobile_request ‘0‘;
        if ($http_user_agent ~* ‘(android|webOS|iPhone|iPod|BlackBerry)‘)  set $mobile_request ‘1‘;

    location /
    
            include /usr/local/nginx/conf/autoconfig/proxy_default.conf;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
            proxy_ignore_headers Cache-Control;proxy_no_cache 1;expires -1;
            proxy_pass http://img;
            break;  
    

       location ^~ /.well-known/acme-challenge/ 
            alias /usr/local/nginx/challenges/;
       

    location ~*  ^.*\.(ggg)$
           
            include /usr/local/nginx/conf/autoconfig/proxy_default.conf;
            proxy_set_header Connection ‘‘;
            proxy_hide_header Set-Cookie; 
            add_header X-Proxy-Cache ‘HIT‘;
            root /usr/local/nginx/temp/proxy_store/img; 
            proxy_store on; 
            proxy_store_access user:rw group:rw all:rw;
            proxy_temp_path /usr/local/nginx/temp/proxy_store/img; 
            if ( !-e $request_filename)  
                proxy_pass http://img;
            
          

        location ~*  ^.*\.(gif|jpg|jpeg|png|bmp|swf|woff2|css|js|rar|zip|docx|tiff|csv|pptx|svg|midi|ppt|mid|fnt|svgz|ps|doc|eps|eot|tif|xlsx|woff|ejs|pdf|ico|class|webp|jar|pls|otf|xls|pict|ttf|opus|webm|mp3|ogg|zip|mp4|ipa|apk|wav|m4a)$
       
                include /usr/local/nginx/conf/autoconfig/proxy_default.conf;
                proxy_set_header Connection ‘‘;
                proxy_hide_header Set-Cookie;
                add_header X-Proxy-Cache ‘HIT‘;
                proxy_cache img;
                proxy_cache_key $uri$is_args$args;
                proxy_cache_valid 404 10s;
                proxy_ignore_headers Cache-Control; proxy_cache_valid 200 206 301 304 14d;
                proxy_cache_valid 405 2m;
                expires 14d;
                if ( !-e $request_filename) 
                    proxy_pass http://img;
                
        

       location = /_.gif 
            empty_gif;
       
View Code

upsteam 实例配置

技术图片
upstream img

check interval=20000 fall=5 rise=2 timeout=3000 default_down=false type=tcp;
dynamic_resolve fallback=stale fail_timeout=30s;
server origin.abc.com:80 max_fails=3 fail_timeout=0s;
server 192.168.1.30:80 max_fails=3 fail_timeout=0s backup;
server 192.168.1.31:80 max_fails=3 fail_timeout=0s backup;
server 192.168.1.30:80 max_fails=3 fail_timeout=0s backup;
server 192.168.1.31:80 max_fails=3 fail_timeout=0s backup;
server 192.168.1.30:80 max_fails=3 fail_timeout=0s backup;
server 192.168.1.31:80 max_fails=3 fail_timeout=0s backup;


keepalive 360000;
View Code

cache path 相关配置

技术图片
proxy_cache_path /usr/local/nginx/temp/proxy_cache/img levels=1:2 keys_zone=img:15m inactive=7d max_size=1024M use_temp_path=off;
View Code

 

以上是关于nginx.conf nginx反向代理配置文件的主要内容,如果未能解决你的问题,请参考以下文章

#yyds干货盘点#nginx配置反向代理

nginx反向代理配置详解

Nginx 如何设置反向代理

nginx如何做反向代理服务器?

Nginx 配置反向代理 Tomcat

配置LANMP环境-- 配置nginx反向代理,与配置apache虚拟主机