.前端nginx主配置文件

# cat nginx.conf

worker_processes  ;

#pid        logs/nginx.pid;

pid        /data/www/logs/nginx.pid;

worker_rlimit_nofile  ;

events {

        use epoll;

        worker_connections  ;

        accept_mutex    off;

}

http {

    include       mime.types;

    default_type  application/octet-stream;

    #set_real_ip_from   0.0.0.0/;

    #real_ip_header     X-Forwarded-For;

    #proxy_set_header   Host    $host;

    #proxy_set_header   X-Real-IP       $remote_addr;

    #proxy_set_header   X-Forwarded-For $http_x_forwarded_for;

    #proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for; 

    proxy_headers_hash_max_size ;

    proxy_headers_hash_bucket_size      ;

    ssl_session_cache    shared:SSL:200m;

    ssl_session_timeout  15m;

    lua_package_path "/usr/local/nginx/conf/ngx_lua_waf/?.lua";

    lua_shared_dict limit 10m;

    init_by_lua_file  /usr/local/nginx/conf/ngx_lua_waf/init.lua;

    access_by_lua_file /usr/local/nginx/conf/ngx_lua_waf/waf.lua; 

    log_format main  '$remote_addr - - [$time_local] - - "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$http_cookie" "$request_body" "$http_user_agent" $request_time ';

    log_format error  '$remote_addr - - [$time_local] - - "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_time '; 

    sendfile        on;

    tcp_nodelay    on;

    keepalive_timeout  ;

    #----for upload file

    client_max_body_size    8M;

    client_body_buffer_size 2M;

    #--- for resolve  error

    client_header_buffer_size 64k;

    large_client_header_buffers  64k;

    proxy_connect_timeout 90s;

    proxy_read_timeout 90s;

    proxy_send_timeout 90s;

    proxy_buffer_size 16k;

    proxy_buffers  32k;

    proxy_busy_buffers_size 64k;

    proxy_temp_file_write_size 64k;

    proxy_ignore_client_abort on;

    proxy_intercept_errors on;

    gzip  on;

    gzip_vary off;

    gzip_min_length  1k;

    gzip_buffers      16k;

    gzip_http_version 1.0;

    gzip_comp_level  ;

    gzip_disable     "MSIE [1-6]\.";

    gzip_types text/plain text/css text/javascript application/javascript application/x-javascript text/xml application/xml application/wasm;

    ssi on;

    ssi_silent_errors on;

    #ssi_types text/shtml;

    expires 60d;

    server_names_hash_bucket_size ;

    #if_modified_since before;

    #limit_req_zone $binary_remote_addr zone=all_zone:10m rate=3r/s;

    #limit_req zone=all_zone burst= nodelay;

    # apache和php部分

    upstream php_pool{

        ip_hash;

        server 192.168.254.122: max_fails= fail_timeout=30s weight=;

        server 192.168.254.123: max_fails= fail_timeout=30s weight=;

    check interval= rise= fall= timeout= type=tcp port=;

        check_keepalive_requests ;

       # check_http_send "HEAD / HTTP/1.1\r\nConnection: keep-alive\r\n\r\n";

        check_http_expect_alive http_2xx http_3xx;

    }

   # nginx和fastcgi部分

   upstream www_servers{

        ip_hash;

        server 192.168.254.1: max_fails= fail_timeout=30s weight=;

        server 192.168.254.2: max_fails= fail_timeout=30s weight=;

    check interval= rise= fall= timeout= type=tcp port=;

        check_keepalive_requests ;

       # check_http_send "HEAD / HTTP/1.1\r\nConnection: keep-alive\r\n\r\n";

        check_http_expect_alive http_2xx http_3xx;

    } 

        include vhost.d/*.conf;

        server {

        listen       80  default_server;

        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {

            root   /data/www/html;

            index  index.html index.htm;

        }

        error_page   500 502 503 504  /50x.html;

        location = /50x.html {

            root   html;

        }

        location /status {

                stub_status on;

                access_log off;

        }

    }

}

nginx前端的虚拟主机配置

[root@web01:/usr/local/nginx/conf/vhost.d]# more drfone.chinasoft.com.conf

server {

        listen 80;

        server_name     drfone.chinasoft.com  ori-drfone.chinasoft.com www.drfone.chinasoft.com;

        access_log      /data/www/logs/nginx_log/access/drfone.chinasoft.com_access.log main ;

        error_log       /data/www/logs/nginx_log/error/drfone.chinasoft.com_error.log ;

        root            /data/www/vhosts/drfone.chinasoft.com/httpdocs ;

        index           index.html index.shtml index.php ;

    include        rewrite.d/drfone.chinasoft.com.conf ;

    error_page  404 403             /404.html;    

        rewrite ^/(.*)$ https://drfone.chinasoft.com/$1 permanent;    #跳转到Https

        location ~ \.php$ {

                        proxy_pass http://php_pool;

                        include proxy_params;

            expires -1;

        }

        location / {

            include proxy_params;

        if (!-d $request_filename){

            set $flag 1$flag;

        }

        if (!-f $request_filename){

            set $flag 2$flag;

        }

        if ($flag = "21"){

                    proxy_pass http://php_pool;

            expires -1;

        }

        }

}

server {

        listen 443;

        ssl on;

        ssl_certificate         cert2016/chinasoft_com.crt;

        ssl_certificate_key     cert2016/chinasoft_com.key;

        ssl_dhparam     cert2016/dh_2048.pem;

        ssl_session_timeout     15m;

        ssl_protocols   TLSv1 TLSv1.1 TLSv1.2;

        ssl_ciphers     "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AE

S256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!AES128-GCM-SHA256:!AES256-GCM-SHA384:!AES128-SHA256:!AES256-SHA256:!AES128-SHA:!AES256-SHA:AES:!CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:EDH-RSA-DES-CBC3

-SHA:!KRB5-DES-CBC3-SHA";

        ssl_prefer_server_ciphers       on;

        #ssl_stapling        on;

        #ssl_stapling_verify        on;

        server_name     drfone.chinasoft.com ori-drfone.chinasoft.com;

        access_log      /data/www/logs/nginx_log/access/drfone.chinasoft.com_access.log main ;

        error_log       /data/www/logs/nginx_log/error/drfone.chinasoft.com_error.log ;

        root            /data/www/vhosts/drfone.chinasoft.com/httpdocs ;

        index           index.html index.shtml index.php ;

        include         rewrite.d/drfone.chinasoft.com.conf ;

        error_page  404 403              /404.html;

        if ($http_user_agent ~ Ezooms) {

        return 403;

        }

    location ^~ /servers/ {

                include proxy_params;

        proxy_http_version 1.1;

                proxy_pass http://www_servers;

        expires -1;

        }

        location ~ \.php$ {

                        proxy_pass http://php_pool;

                        expires -1;

                        include proxy_params;

        }

}

2.当后端是apache+php时的apache配置部分

[root@web01:/usr/local/nginx/conf/vhost.d]# more /usr/local/httpd-2.2.26/conf/vhost.d/drfone.chinasoft.com.conf

<VirtualHost *:8080>

        ServerName   drfone.chinasoft.com
    # apache配置别名,相当于多个域名都可以访问进来

      ServerAlias drfone.chinaosft.com
     ServerAlias drfone.chinaosft-mac.com

        UseCanonicalName Off

        ServerAdmin  "admin@chinasoft.com"

    DocumentRoot /data/www/vhosts/drfone.chinasoft.com/httpdocs

        DirectoryIndex index.html index.shtml index.php

    CustomLog "|/usr/local/apache2/bin/rotatelogs -l /data/www/logs/apache_log/access/drfone.chinasoft.com_access.log.%Y-%m-%d 86400" combined

        ErrorLog "|/usr/local/apache2/bin/rotatelogs -l /data/www/logs/apache_log/error/drfone.chinasoft.com_error.log.%Y-%m-%d 86400"

        <IfModule mod_ssl.c>

                SSLEngine off

        </IfModule>

        <Directory /data/www/vhosts/drfone.chinasoft.com/httpdocs/>

        <IfModule sapi_apache2.c>

                php_admin_flag engine on

                php_admin_flag safe_mode on

                php_admin_value open_basedir ".:/data/www/vhosts/drfone.chinasoft.com:/tmp"

        </IfModule>

        <IfModule mod_php5.c>

                php_admin_flag engine on

                php_admin_flag safe_mode on

                php_admin_value open_basedir ".:/data/www/vhosts/drfone.chinasoft.com:/tmp"

        </IfModule>

         Options -ExecCGI FollowSymLinks +Includes

         AllowOverride All

        </Directory>

        Alias /servers "/data/www/vhosts/www_servers"

        <Directory "/data/www/vhosts/www_servers/">

        Options -ExecCGI FollowSymLinks +Includes

        AllowOverride All

        </Directory>

ErrorDocument 404 /404.html

</VirtualHost>

3.当后端为nginx+php+fastcgi时

[root@ws_cbs_frontend_web01:/usr/local/nginx/conf/vhost.d]# more ../other_domain.d/drfone.chinasoft.com.conf

server {

        listen 80;

        server_name     drfone.chinasoft.com  ori-drfone.chinasoft.com;

        access_log      /data/www/logs/nginx_log/access/drfone.chinasoft.com_access.log main ;

        error_log       /data/www/logs/nginx_log/error/drfone.chinasoft.com_error.log ;

        root            /data/www/vhosts/www_servers ;

        index           index.html index.shtml index.php ;

    include        rewrite.d/drfone.chinasoft.com.conf ;

    error_page  404 403             /404.html;

    set_real_ip_from   192.168.0.0/16;

    set_real_ip_from   10.10.18.0/24;

    #set_real_ip_from   0.0.0.0/0;

    real_ip_header     X-Real-IP;

        location / {

                        try_files $uri $uri/ /index.php?$query_string;

        }

        location ~ \.php$ {

                        fastcgi_pass   unix:/tmp/php-cgi.sock;

                        fastcgi_index  index.php;

                        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;

                        include        fastcgi_params;

        }

}

server {

        listen 443;

        server_name     drfone.chinasoft.com  ori-drfone.chinasoft.com;

        access_log      /data/www/logs/nginx_log/access/drfone.chinasoft.com_access.log main ;

        error_log       /data/www/logs/nginx_log/error/drfone.chinasoft.com_error.log ;

        root            /data/www/vhosts/www_servers ;

        index           index.html index.shtml index.php ;

        include         rewrite.d/drfone.chinasoft.com.conf ;

        error_page  404 403             /404.html;

        ssl on;

        ssl_certificate         cert2016/chinasoft_com.crt;

        ssl_certificate_key     cert2016/chinasoft_com.key;

        ssl_dhparam             cert2016/dh_2048.pem;

        ssl_session_timeout     15m;

        ssl_protocols   TLSv1 TLSv1.1 TLSv1.2;

    ssl_ciphers     "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AE

S256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!AES128-GCM-SHA256:!AES256-GCM-SHA384:!AES128-SHA256:!AES256-SHA256:!AES128-SHA:!AES256-SHA:AES:!CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:EDH-RSA-DES-CBC3

-SHA:!KRB5-DES-CBC3-SHA";

    set_real_ip_from   192.168.0.0/16;

    set_real_ip_from   10.10.18.0/24;

    #set_real_ip_from   0.0.0.0/0;

    real_ip_header     X-Real-IP;

        location / {

                        try_files $uri $uri/ /index.php?$query_string;

        }

        location ~ \.php$ {

                        fastcgi_pass   unix:/tmp/php-cgi.sock;

                        fastcgi_index  index.php;

                        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;

                        include        fastcgi_params;

        }

}

apache启用ssi功能

# more .htaccess
RewriteOptions inherit

RewriteEngine on

<IfModule include_module>
   Options +IncludesNoExec
</IfModule>

AddType text/html .shtml  .html  .htm
AddOutputFilter INCLUDES .shtml  .html  .htm

nginx反向代理结合apache和php的配置示例的更多相关文章

  1. nginx 反向代理 与 Apache backend的配置联合配置

    nginx 反向代理 与 Apache backend的配置联合配置: 说明: nginx 将http映射到Apache上的特定子目录. 配置方法步骤: 1.  设置域名, 子域名映射到指定服务器ip ...

  2. nginx反向代理和负载均衡的基本配置

    一.反向代理的基本配置 在原本默认的nginx上修改server配置 server { listen 2222;#监听请求端口 server_name 192.168.100.3;#监听请求地址,ng ...

  3. linux系统下使用nginx反向代理asp.net core,并配置免费的https证书

    反向代理是为动态 Web 应用提供服务的常见设置. 反向代理终止 HTTP 请求,并将其转发到 ASP.NET Core 应用. 1.在asp.net core项目中的Startup的Configur ...

  4. nginx反向代理转发apache配置 之 cookie去哪儿了?

    在公司接手了个微信项目,由于微信环境下访问网站需要使用对外开放的域名,所以有相关问题,都是直接运维同事帮忙处理. 原理是这样: 方案一: 1. 将域名解析指向测试服务器的地址: 2. 开放相关端口访问 ...

  5. Nginx反向代理+负载均衡简单实现(http方式)

    1)nginx的反向代理:proxy_pass2)nginx的负载均衡:upstream 下面是nginx的反向代理和负载均衡的实例: 负载机:A机器:103.110.186.8/192.168.1. ...

  6. Nginx反向代理的简单实现

    1)nginx的反向代理:proxy_pass2)nginx的负载均衡:upstream 下面是nginx的反向代理和负载均衡的实例: 负载机:A机器:103.110.186.8/192.168.1. ...

  7. 【nginx网站性能优化篇(2)】反向代理实现Apache与Nginx的动静分离(LNMPA)

    为什么要使用反向代理 具体请参考这篇博文:[Linux常识篇(1)]所谓的正向代理与反向代理 在虚拟机上配置反向代理的步骤 首先假设你已经假设好了LNMP架构了,这时我们还要安装Apache和php, ...

  8. nginx 反向代理 apache 服务

    反向代理(Reverse Proxy)方式是指以代理服务器来接受internet上的连接请求,然后将请求转发给内部网络上的服务器,并将从服务器上得到的结果返回给internet上请求连接的客户端,此时 ...

  9. 15 nginx反向代理实现nginx+apache动静分离

    一:nginx反向代理实现nginx+apache动静分离-------------概念--------------------------- nginx反向代理服务器+负载均衡 用nginx做反向代 ...

随机推荐

  1. SQL与NoSQL区别--商业SQL数据库衰落--oracle面临困境

    转自:商用数据库之死:Oracle 面临困境 这二十年来,商业数据库市场仍然是 IT 行业最稳定.最具黏性的领域之一,Oracle.IBM 和微软三家厂商瓜分了 80% 的份额.然而,我们认为这个领域 ...

  2. Python的正则表达式re模块

    Python的正则表达式(re模块) 作者:尹正杰 版权声明:原创作品,谢绝转载!否则将追究法律责任. Python使用re模块提供了正则表达式处理的能力.如果对正则表达式忘记的一干二净的话,可以花费 ...

  3. 哈希长度拓展攻击之De1CTF - SSRF Me

    题目考查:python代码审计.hash长度拓展攻击 0x01 题目源码: #! /usr/bin/env python #encoding=utf-8 from flask import Flask ...

  4. PAT甲级1004题解——并查集思想改

    题目分析:本题开始一直在考虑如何将每一个节点通过一种合适的数据结构存储起来(一对多的关系),最后发现借助并查集的思想可以用一个数组p,p[i]存放i节点的父节点,每次查询编号为i的节点属于第几层且判断 ...

  5. 【(图) 旅游规划 (25 分)】【Dijkstra算法】

    #include<iostream> #include<cstdio> #include<algorithm> #include<cstring> us ...

  6. 删除线性表中所有值为x的元素

    时间复杂度O(n),空间复杂度O(1). 简单的问题两种不同的思路. 代码: #include <stdio.h> #define MAX 100 struct sqlist{ int d ...

  7. HRBUST 2040 二叉树的遍历

    给出一棵二叉树的中序和前序遍历,输出它的后序遍历. Input 本题有多组数据,输入处理到文件结束. 每组数据的第一行包括一个整数n,表示这棵二叉树一共有n个节点. 接下来的一行每行包括n个整数,表示 ...

  8. Redis.Memcache和MongoDB区别?

    Memcached的优势: Memcached可以利用多核优势,单吞吐量极高,可以达到几十万QPS(取决于Key.value的字节大小以及服务器硬件性能,日常环境中QPS高峰大约在4-6w左右.)适用 ...

  9. MySQL中去重字段完全相同的数据

    思路:创建一个临时表,在原有的表结构基础上增加一列编号,再进行去除重复的记录 本例子是在对表 main_body_sz 进行去重 创建一个临时表 create table main_body_sz_a ...

  10. BZOJ 3309: DZY Loves Math 莫比乌斯反演+打表

    有一个神奇的技巧——打表 code: #include <bits/stdc++.h> #define N 10000007 #define ll long long #define se ...