.前端nginx主配置文件

# cat nginx.conf
worker_processes ; #pid logs/nginx.pid;
pid /data/www/logs/nginx.pid; worker_rlimit_nofile ; events {
use epoll;
worker_connections ;
accept_mutex off;
} http {
include mime.types;
default_type application/octet-stream;
#set_real_ip_from 0.0.0.0/;
#real_ip_header X-Forwarded-For; #proxy_set_header Host $host;
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $http_x_forwarded_for;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_headers_hash_max_size ;
proxy_headers_hash_bucket_size ; ssl_session_cache shared:SSL:200m;
ssl_session_timeout 15m; lua_package_path "/usr/local/nginx/conf/ngx_lua_waf/?.lua";
lua_shared_dict limit 10m;
init_by_lua_file /usr/local/nginx/conf/ngx_lua_waf/init.lua;
access_by_lua_file /usr/local/nginx/conf/ngx_lua_waf/waf.lua; log_format main '$remote_addr - - [$time_local] - - "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$http_cookie" "$request_body" "$http_user_agent" $request_time ';
log_format error '$remote_addr - - [$time_local] - - "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_time '; sendfile on;
tcp_nodelay on; keepalive_timeout ;
#----for upload file
client_max_body_size 8M;
client_body_buffer_size 2M;
#--- for resolve error
client_header_buffer_size 64k;
large_client_header_buffers 64k;
proxy_connect_timeout 90s;
proxy_read_timeout 90s;
proxy_send_timeout 90s;
proxy_buffer_size 16k;
proxy_buffers 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_ignore_client_abort on;
proxy_intercept_errors on;
gzip on;
gzip_vary off;
gzip_min_length 1k;
gzip_buffers 16k;
gzip_http_version 1.0;
gzip_comp_level ;
gzip_disable "MSIE [1-6]\.";
gzip_types text/plain text/css text/javascript application/javascript application/x-javascript text/xml application/xml application/wasm; ssi on;
ssi_silent_errors on;
#ssi_types text/shtml;
expires 60d;
server_names_hash_bucket_size ;
#if_modified_since before;
#limit_req_zone $binary_remote_addr zone=all_zone:10m rate=3r/s;
#limit_req zone=all_zone burst= nodelay; # apache和php部分
upstream php_pool{
ip_hash;
server 192.168.254.122: max_fails= fail_timeout=30s weight=;
server 192.168.254.123: max_fails= fail_timeout=30s weight=; check interval= rise= fall= timeout= type=tcp port=;
check_keepalive_requests ;
# check_http_send "HEAD / HTTP/1.1\r\nConnection: keep-alive\r\n\r\n";
check_http_expect_alive http_2xx http_3xx;
} # nginx和fastcgi部分
upstream www_servers{
ip_hash;
server 192.168.254.1: max_fails= fail_timeout=30s weight=;
server 192.168.254.2: max_fails= fail_timeout=30s weight=; check interval= rise= fall= timeout= type=tcp port=;
check_keepalive_requests ;
# check_http_send "HEAD / HTTP/1.1\r\nConnection: keep-alive\r\n\r\n";
check_http_expect_alive http_2xx http_3xx;
} include vhost.d/*.conf;
server {
listen 80 default_server;
server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; location / {
root /data/www/html;
index index.html index.htm;
} error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
} location /status {
stub_status on;
access_log off;
} }
} nginx前端的虚拟主机配置 [root@web01:/usr/local/nginx/conf/vhost.d]# more drfone.chinasoft.com.conf
server {
listen 80;
server_name drfone.chinasoft.com ori-drfone.chinasoft.com www.drfone.chinasoft.com;
access_log /data/www/logs/nginx_log/access/drfone.chinasoft.com_access.log main ;
error_log /data/www/logs/nginx_log/error/drfone.chinasoft.com_error.log ;
root /data/www/vhosts/drfone.chinasoft.com/httpdocs ;
index index.html index.shtml index.php ;
include rewrite.d/drfone.chinasoft.com.conf ;
error_page 404 403 /404.html; rewrite ^/(.*)$ https://drfone.chinasoft.com/$1 permanent; #跳转到Https location ~ \.php$ {
proxy_pass http://php_pool;
include proxy_params;
expires -1;
} location / {
include proxy_params;
if (!-d $request_filename){
set $flag 1$flag;
}
if (!-f $request_filename){
set $flag 2$flag;
}
if ($flag = "21"){
proxy_pass http://php_pool;
expires -1;
} } } server {
listen 443;
ssl on; ssl_certificate cert2016/chinasoft_com.crt;
ssl_certificate_key cert2016/chinasoft_com.key;
ssl_dhparam cert2016/dh_2048.pem; ssl_session_timeout 15m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AE
S256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!AES128-GCM-SHA256:!AES256-GCM-SHA384:!AES128-SHA256:!AES256-SHA256:!AES128-SHA:!AES256-SHA:AES:!CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:EDH-RSA-DES-CBC3
-SHA:!KRB5-DES-CBC3-SHA"; ssl_prefer_server_ciphers on; #ssl_stapling on;
#ssl_stapling_verify on; server_name drfone.chinasoft.com ori-drfone.chinasoft.com;
access_log /data/www/logs/nginx_log/access/drfone.chinasoft.com_access.log main ;
error_log /data/www/logs/nginx_log/error/drfone.chinasoft.com_error.log ; root /data/www/vhosts/drfone.chinasoft.com/httpdocs ;
index index.html index.shtml index.php ;
include rewrite.d/drfone.chinasoft.com.conf ;
error_page 404 403 /404.html; if ($http_user_agent ~ Ezooms) {
return 403;
} location ^~ /servers/ {
include proxy_params;
proxy_http_version 1.1;
proxy_pass http://www_servers;
expires -1;
} location ~ \.php$ {
proxy_pass http://php_pool;
expires -1;
include proxy_params;
} } 2.当后端是apache+php时的apache配置部分 [root@web01:/usr/local/nginx/conf/vhost.d]# more /usr/local/httpd-2.2.26/conf/vhost.d/drfone.chinasoft.com.conf
<VirtualHost *:8080>
ServerName drfone.chinasoft.com
    # apache配置别名,相当于多个域名都可以访问进来
  ServerAlias drfone.chinaosft.com
     ServerAlias drfone.chinaosft-mac.com UseCanonicalName Off
ServerAdmin "admin@chinasoft.com"
DocumentRoot /data/www/vhosts/drfone.chinasoft.com/httpdocs
DirectoryIndex index.html index.shtml index.php
CustomLog "|/usr/local/apache2/bin/rotatelogs -l /data/www/logs/apache_log/access/drfone.chinasoft.com_access.log.%Y-%m-%d 86400" combined
ErrorLog "|/usr/local/apache2/bin/rotatelogs -l /data/www/logs/apache_log/error/drfone.chinasoft.com_error.log.%Y-%m-%d 86400"
<IfModule mod_ssl.c>
SSLEngine off
</IfModule>
<Directory /data/www/vhosts/drfone.chinasoft.com/httpdocs/>
<IfModule sapi_apache2.c>
php_admin_flag engine on
php_admin_flag safe_mode on
php_admin_value open_basedir ".:/data/www/vhosts/drfone.chinasoft.com:/tmp"
</IfModule>
<IfModule mod_php5.c>
php_admin_flag engine on
php_admin_flag safe_mode on
php_admin_value open_basedir ".:/data/www/vhosts/drfone.chinasoft.com:/tmp"
</IfModule>
Options -ExecCGI FollowSymLinks +Includes
AllowOverride All
</Directory> Alias /servers "/data/www/vhosts/www_servers"
<Directory "/data/www/vhosts/www_servers/">
Options -ExecCGI FollowSymLinks +Includes
AllowOverride All
</Directory> ErrorDocument 404 /404.html </VirtualHost> 3.当后端为nginx+php+fastcgi时
[root@ws_cbs_frontend_web01:/usr/local/nginx/conf/vhost.d]# more ../other_domain.d/drfone.chinasoft.com.conf
server {
listen 80;
server_name drfone.chinasoft.com ori-drfone.chinasoft.com;
access_log /data/www/logs/nginx_log/access/drfone.chinasoft.com_access.log main ;
error_log /data/www/logs/nginx_log/error/drfone.chinasoft.com_error.log ;
root /data/www/vhosts/www_servers ;
index index.html index.shtml index.php ;
include rewrite.d/drfone.chinasoft.com.conf ;
error_page 404 403 /404.html;
set_real_ip_from 192.168.0.0/16;
set_real_ip_from 10.10.18.0/24;
#set_real_ip_from 0.0.0.0/0;
real_ip_header X-Real-IP;
location / {
try_files $uri $uri/ /index.php?$query_string;
} location ~ \.php$ {
fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
} }
server {
listen 443;
server_name drfone.chinasoft.com ori-drfone.chinasoft.com;
access_log /data/www/logs/nginx_log/access/drfone.chinasoft.com_access.log main ;
error_log /data/www/logs/nginx_log/error/drfone.chinasoft.com_error.log ;
root /data/www/vhosts/www_servers ;
index index.html index.shtml index.php ;
include rewrite.d/drfone.chinasoft.com.conf ;
error_page 404 403 /404.html;
ssl on; ssl_certificate cert2016/chinasoft_com.crt;
ssl_certificate_key cert2016/chinasoft_com.key;
ssl_dhparam cert2016/dh_2048.pem; ssl_session_timeout 15m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AE
S256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!AES128-GCM-SHA256:!AES256-GCM-SHA384:!AES128-SHA256:!AES256-SHA256:!AES128-SHA:!AES256-SHA:AES:!CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:EDH-RSA-DES-CBC3
-SHA:!KRB5-DES-CBC3-SHA"; set_real_ip_from 192.168.0.0/16;
set_real_ip_from 10.10.18.0/24;
#set_real_ip_from 0.0.0.0/0;
real_ip_header X-Real-IP;
location / {
try_files $uri $uri/ /index.php?$query_string;
} location ~ \.php$ {
fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
} }

apache启用ssi功能

# more .htaccess
RewriteOptions inherit

RewriteEngine on

<IfModule include_module>
   Options +IncludesNoExec
</IfModule>

AddType text/html .shtml  .html  .htm
AddOutputFilter INCLUDES .shtml  .html  .htm

nginx反向代理结合apache和php的配置示例的更多相关文章

  1. nginx 反向代理 与 Apache backend的配置联合配置

    nginx 反向代理 与 Apache backend的配置联合配置: 说明: nginx 将http映射到Apache上的特定子目录. 配置方法步骤: 1.  设置域名, 子域名映射到指定服务器ip ...

  2. nginx反向代理和负载均衡的基本配置

    一.反向代理的基本配置 在原本默认的nginx上修改server配置 server { listen 2222;#监听请求端口 server_name 192.168.100.3;#监听请求地址,ng ...

  3. linux系统下使用nginx反向代理asp.net core,并配置免费的https证书

    反向代理是为动态 Web 应用提供服务的常见设置. 反向代理终止 HTTP 请求,并将其转发到 ASP.NET Core 应用. 1.在asp.net core项目中的Startup的Configur ...

  4. nginx反向代理转发apache配置 之 cookie去哪儿了?

    在公司接手了个微信项目,由于微信环境下访问网站需要使用对外开放的域名,所以有相关问题,都是直接运维同事帮忙处理. 原理是这样: 方案一: 1. 将域名解析指向测试服务器的地址: 2. 开放相关端口访问 ...

  5. Nginx反向代理+负载均衡简单实现(http方式)

    1)nginx的反向代理:proxy_pass2)nginx的负载均衡:upstream 下面是nginx的反向代理和负载均衡的实例: 负载机:A机器:103.110.186.8/192.168.1. ...

  6. Nginx反向代理的简单实现

    1)nginx的反向代理:proxy_pass2)nginx的负载均衡:upstream 下面是nginx的反向代理和负载均衡的实例: 负载机:A机器:103.110.186.8/192.168.1. ...

  7. 【nginx网站性能优化篇(2)】反向代理实现Apache与Nginx的动静分离(LNMPA)

    为什么要使用反向代理 具体请参考这篇博文:[Linux常识篇(1)]所谓的正向代理与反向代理 在虚拟机上配置反向代理的步骤 首先假设你已经假设好了LNMP架构了,这时我们还要安装Apache和php, ...

  8. nginx 反向代理 apache 服务

    反向代理(Reverse Proxy)方式是指以代理服务器来接受internet上的连接请求,然后将请求转发给内部网络上的服务器,并将从服务器上得到的结果返回给internet上请求连接的客户端,此时 ...

  9. 15 nginx反向代理实现nginx+apache动静分离

    一:nginx反向代理实现nginx+apache动静分离-------------概念--------------------------- nginx反向代理服务器+负载均衡 用nginx做反向代 ...

随机推荐

  1. js 判断浏览器是pc端还是移动端

    if(/Android|webOS|iPhone|iPod|BlackBerry/i.test(navigator.userAgent)) { //说明是移动端 } else { //说明是pc端 }

  2. Linux IO 概念(1)

    基础概念 文件描述fd 文件描述符(file description),用于表述指向文件引用的抽象话题概念 文件描述符在形式上是一个非负整数,实际上它是一个索引值,指向内核为每一个进程所维护的该进程打 ...

  3. Gtest:死亡测试

    转自:玩转Google开源C++单元测试框架Google Test系列(gtest)之五 - 死亡测试 一.前言 “死亡测试”名字比较恐怖,这里的“死亡”指的的是程序的崩溃.通常在测试过程中,我们需要 ...

  4. ArcGIS操作技巧——怎样把地图放到PPT中,并且进行编辑?

    需求:把arcgis配好的矢量地图插入到ppt中,并且要求可以在PPT中进行修改和重新着色.编辑. 效果:如下图所示: 操作过程: 方法一: 在最上面工具栏找到edit——>copy map t ...

  5. c++输出中文乱码解决方案

    问题的原因应该在cmd的编码和c++程序编码(源文件编码)的不同.cmd默认的是gbk编码,而我用的vs code默认是utf-8编码,因而在输出中文文本时会出现乱码. 但我也遇到了一个比较怪异的情况 ...

  6. Centos7-新增硬盘挂载

    查看现有硬盘情况 df -h fdisk -l 查看新硬盘 ls /dev/sdb 具体操作 fdisk /dev/sdb m n #添加一个新的分区 p #创建主分区 w #保存并退出 partpr ...

  7. Centos7-重建官方yum源

    删除yum源,重建官方 cd /etc/yum.repos.d/ #删除所有 rpm -Uvh --force http://mirror.centos.org/centos-7/7.7.1908/o ...

  8. 接口测试-Java代码实现接口请求并封装

    前言:在接口测试和Java开发中对接口请求方法进行封装都非常有必要,无论是在我们接口测试的时候还是在开发自测,以及调用某些第三方接口时,都能为我们调用和调试接口提供便捷: Java实现对http请求的 ...

  9. ARDUNIO IMU processing姿态数据可视化

    https://www.arduino.cn/thread-42852-1-1.html 关键数据打包 float roll, pitch, heading; Serial.print("O ...

  10. LeetCode 1135. Connecting Cities With Minimum Cost

    原题链接在这里:https://leetcode.com/problems/connecting-cities-with-minimum-cost/ 题目: There are N cities nu ...