nginx.conf nginx反向代理配置文件
Posted faberbeta
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了nginx.conf nginx反向代理配置文件相关的知识,希望对你有一定的参考价值。
nginx反向代理配置文件
- nginx.conf
- proxy_default.conf
- vhost/*.conf
- upstream/*.conf
- cache/*.conf
nginx.conf 配置
user www; worker_processes 2; pid /var/run/nginx.pid; worker_cpu_affinity auto; worker_rlimit_nofile 65535; events use epoll; worker_connections 65535; http include /usr/local/nginx/conf/autoconfig/proxy_default.conf; include /usr/local/nginx/conf/autoconfig/vhost/*.conf; include /usr/local/nginx/conf/autoconfig/upstream/*.conf; include /usr/local/nginx/conf/autoconfig/cache/*.conf; include /usr/local/nginx/conf/include/*.conf; map $host $node_ip default "192.168.1.87"; server listen 80 default_server; server_name _; root html; client_body_buffer_size 2m; client_header_buffer_size 2m; location / return 403; location = /_.gif empty_gif; server listen 443 ssl default_server; server_name _; ssl_certificate /usr/local/nginx/nginx.crt; ssl_certificate_key /usr/local/nginx/nginx.key; return 403;
proxy_default.conf 默认reverse proxy配置
include mime.types; default_type "text/html"; charset utf-8; log_format main ‘$time_localG;$remote_addrG;$http_hostG;$request_uriG;$upstream_cache_statusG;$statusG;$upstream_addrG;$upstream_statusG;$upstream_response_timeG;$request_timeG;$body_bytes_sentG;$request_lengthG;$content_lengthG;$sent_http_cache_controlG;$sent_http_content_typeG;$http_refererG;$http_x_forwarded_forG;$http_user_agentG;$node_ipG;$geoip2_data_country_codeG;$geoip2_data_city_nameG;$geoip2_data_province_isocodeG;$server_portG;$server_protocolG;$request_methodG;$schemeG;$ssl_protocolG;$remote_portG;$mobile_requestG;$http_cookieG;$args‘; log_format json ‘"@timestamp":"$time_local",‘ ‘"remote_addr":"$remote_addr",‘ ‘"http_host":"$http_host",‘ ‘"request_uri":"$request_uri",‘ ‘"upstream_cache_status":"$upstream_cache_status",‘ ‘"status":"$status",‘ ‘"upstream_addr":"$upstream_addr",‘ ‘"upstream_status":"$upstream_status",‘ ‘"upstream_response_time":"$upstream_response_time",‘ ‘"request_time":"$request_time",‘ ‘"body_bytes_sent":"$body_bytes_sent",‘ ‘"request_length":"$request_length",‘ ‘"content_length":"$content_length",‘ ‘"sent_http_cache_control":"$sent_http_cache_control",‘ ‘"sent_http_content_type":"$sent_http_content_type",‘ ‘"http_referer":"$http_referer",‘ ‘"http_x_forwarded_for":"$http_x_forwarded_for",‘ ‘"http_user_agent":"$http_user_agent",‘ ‘"node_ip":"$node_ip",‘ ‘"geoip2_data_country_code":"$geoip2_data_country_code",‘ ‘"geoip2_data_city_name":"geoip2_data_city_name",‘ ‘"geoip2_data_province_isocode":"$geoip2_data_province_isocode",‘ ‘"server_port":"$server_port",‘ ‘"server_protocol":"$server_protocol",‘ ‘"request_method":"$request_method",‘ ‘"scheme":"$scheme",‘ ‘"ssl_protocol":"$ssl_protocol",‘ ‘"remote_port":"$remote_port",‘ ‘"mobile_request":"$mobile_request",‘ ‘"http_cookie":"$http_cookie",‘ ‘"args":"$args"‘; access_log logs/access.json.log json; access_log logs/access.log main buffer=4k flush=10s; open_log_file_cache max=1024 inactive=10s valid=10s min_uses=1; server_tokens off; ssl_session_cache shared:SSL:50m; resolver 8.8.8.8 8.8.4.4 1.1.1.1 valid=600s ipv6=off; resolver_timeout 30s; etag on; sendfile on; send_timeout 3600s; tcp_nopush on; keepalive_timeout 3600; keepalive_requests 360000; server_names_hash_bucket_size 4096; server_names_hash_max_size 4096; client_header_buffer_size 128k; large_client_header_buffers 32 128k; client_max_body_size 300M; client_header_timeout 36000; connection_pool_size 4096; proxy_connect_timeout 360000; proxy_send_timeout 360000; proxy_read_timeout 360000; proxy_headers_hash_max_size 51200; proxy_headers_hash_bucket_size 6400; underscores_in_headers on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers ‘ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:RSA-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:DHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:AES256-GCM-SHA384:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:RSA-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-GCM-SHA256:AES128-GCM-SHA256:PSK-AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:ECDHE-PSK-AES256-CBC-SHA384:ECDHE-PSK-AES256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:RSA-PSK-AES256-CBC-SHA384:DHE-PSK-AES256-CBC-SHA384:RSA-PSK-AES256-CBC-SHA:DHE-PSK-AES256-CBC-SHA:AES256-SHA:PSK-AES256-CBC-SHA384:PSK-AES256-CBC-SHA:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:RSA-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA:DHE-PSK-AES128-CBC-SHA:AES128-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA‘; ssl_prefer_server_ciphers on; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets on; fastcgi_connect_timeout 360000; fastcgi_send_timeout 360000; fastcgi_read_timeout 360000; fastcgi_buffer_size 128k; fastcgi_buffers 4 128k; fastcgi_busy_buffers_size 256k; fastcgi_temp_file_write_size 256k; gzip on; gzip_min_length 1024; gzip_buffers 16 8k; gzip_comp_level 5; gzip_types text/xml text/plain application/xml application/xhtml+xml image/svg+xml text/javascript application/x-javascript application/javascript application/json text/css application/font-woff; gzip_vary on; fastcgi_param COUNTRY_CODE $geoip2_data_country_code; fastcgi_param COUNTRY_NAME $geoip2_data_country_name; fastcgi_param CITY_NAME $geoip2_data_city_name; geoip2 /usr/local/nginx/geoip/maxmind-city.mmdb $geoip2_data_country_code default=US source=$remote_addr country iso_code; $geoip2_data_country_name country names en; $geoip2_data_city_name default=London city names en; $geoip2_data_province_name subdivisions 0 names en; $geoip2_data_province_isocode subdivisions 0 iso_code; client_body_buffer_size 512k; tcp_nodelay on; proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504 http_404; proxy_next_upstream error timeout http_500 http_502 http_503 http_504; proxy_ignore_headers X-Accel-Expires Expires Set-Cookie; proxy_buffering on; proxy_cache_lock on; proxy_cache_revalidate on; proxy_buffer_size 64k; proxy_buffers 64 128k; proxy_busy_buffers_size 128k; proxy_temp_file_write_size 128k; chunked_transfer_encoding on; map $http_upgrade $connection_upgrade default upgrade; ‘‘ close;
vhost 实例 配置
server listen 80; # if ( $scheme = ‘http‘ )rewrite ^(.*)$ https://$host$1 permanent; listen 443 ssl http2; ssl_certificate /usr/local/nginx/conf/autoconfig/ssl/img.baidu.com.crt; ssl_certificate_key /usr/local/nginx/conf/autoconfig/ssl/img.baidu.com.key; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /usr/local/nginx/conf/autoconfig/ssl/img.baidu.com.crt; server_name img.baidu.com; access_log logs/img-access.json.log json; access_log logs/img-access.log main; client_body_temp_path /usr/local/nginx/temp/client_body_temp/img 1 2 3; set $mobile_request ‘0‘; if ($http_user_agent ~* ‘(android|webOS|iPhone|iPod|BlackBerry)‘) set $mobile_request ‘1‘; location / include /usr/local/nginx/conf/autoconfig/proxy_default.conf; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_ignore_headers Cache-Control;proxy_no_cache 1;expires -1; proxy_pass http://img; break; location ^~ /.well-known/acme-challenge/ alias /usr/local/nginx/challenges/; location ~* ^.*\.(ggg)$ include /usr/local/nginx/conf/autoconfig/proxy_default.conf; proxy_set_header Connection ‘‘; proxy_hide_header Set-Cookie; add_header X-Proxy-Cache ‘HIT‘; root /usr/local/nginx/temp/proxy_store/img; proxy_store on; proxy_store_access user:rw group:rw all:rw; proxy_temp_path /usr/local/nginx/temp/proxy_store/img; if ( !-e $request_filename) proxy_pass http://img; location ~* ^.*\.(gif|jpg|jpeg|png|bmp|swf|woff2|css|js|rar|zip|docx|tiff|csv|pptx|svg|midi|ppt|mid|fnt|svgz|ps|doc|eps|eot|tif|xlsx|woff|ejs|pdf|ico|class|webp|jar|pls|otf|xls|pict|ttf|opus|webm|mp3|ogg|zip|mp4|ipa|apk|wav|m4a)$ include /usr/local/nginx/conf/autoconfig/proxy_default.conf; proxy_set_header Connection ‘‘; proxy_hide_header Set-Cookie; add_header X-Proxy-Cache ‘HIT‘; proxy_cache img; proxy_cache_key $uri$is_args$args; proxy_cache_valid 404 10s; proxy_ignore_headers Cache-Control; proxy_cache_valid 200 206 301 304 14d; proxy_cache_valid 405 2m; expires 14d; if ( !-e $request_filename) proxy_pass http://img; location = /_.gif empty_gif;
upsteam 实例配置
upstream img check interval=20000 fall=5 rise=2 timeout=3000 default_down=false type=tcp; dynamic_resolve fallback=stale fail_timeout=30s; server origin.abc.com:80 max_fails=3 fail_timeout=0s; server 192.168.1.30:80 max_fails=3 fail_timeout=0s backup; server 192.168.1.31:80 max_fails=3 fail_timeout=0s backup; server 192.168.1.30:80 max_fails=3 fail_timeout=0s backup; server 192.168.1.31:80 max_fails=3 fail_timeout=0s backup; server 192.168.1.30:80 max_fails=3 fail_timeout=0s backup; server 192.168.1.31:80 max_fails=3 fail_timeout=0s backup; keepalive 360000;
cache path 相关配置
proxy_cache_path /usr/local/nginx/temp/proxy_cache/img levels=1:2 keys_zone=img:15m inactive=7d max_size=1024M use_temp_path=off;
以上是关于nginx.conf nginx反向代理配置文件的主要内容,如果未能解决你的问题,请参考以下文章