nginx.conf nginx反向代理配置文件
nginx反向代理配置文件
- nginx.conf
- proxy_default.conf
- proxy.conf
- vhost/*.conf
- upstream/*.conf
- cache/*.conf
nginx.conf 配置
user www;
worker_processes auto;
pid /var/run/nginx.pid;
worker_cpu_affinity auto;
worker_rlimit_nofile ; events {
use epoll;
worker_connections ;
multi_accept on;
} http {
include /usr/local/nginx/conf/autoconfig/proxy_default.conf;
include /usr/local/nginx/conf/autoconfig/vhost/*.conf;
include /usr/local/nginx/conf/autoconfig/upstream/*.conf;
include /usr/local/nginx/conf/autoconfig/cache/*.conf;
include /usr/local/nginx/conf/include/*.conf; map $host $node_ip {
default "192.168.1.87";
} server {
listen 80 default_server;
server_name _;
root html;
client_body_buffer_size 2m;
client_header_buffer_size 2m; location / {
return 403;
} location = /_.gif {
empty_gif;
}
} server {
listen 443 ssl default_server;
server_name _;
ssl_certificate /usr/local/nginx/nginx.crt;
ssl_certificate_key /usr/local/nginx/nginx.key;
return 403;
} }
proxy_default.conf 默认reverse proxy配置
charset utf-;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
types_hash_max_size ;
client_max_body_size 160M; # MIME
include mime.types;
default_type "text/html"; # logging
log_format main '$time_local{G;}$remote_addr{G;}$http_host{G;}$request_uri{G;}$upstream_cache_status{G;}$status{G;}$upstream_addr{G;}$upstream_status{G;}$upstream_response_time{G;}$request_time{G;}$body_bytes_sent{G;}$request_length{G;}$content_length{G;}$sent_http_cache_control{G;}$sent_http_content_type{G;}$http_referer{G;}$http_x_forwarded_for{G;}$http_user_agent{G;}$node_ip{G;}$geoip2_data_country_code{G;}$geoip2_data_city_name{G;}$geoip2_data_province_isocode{G;}$server_port{G;}$server_protocol{G;}$request_method{G;}$scheme{G;}$ssl_protocol{G;}$remote_port{G;}$mobile_request{G;}$http_cookie{G;}$args'; log_format json '{"@timestamp":"$time_local",'
'"remote_addr":"$remote_addr",'
'"http_host":"$http_host",'
'"request_uri":"$request_uri",'
'"upstream_cache_status":"$upstream_cache_status",'
'"status":"$status",'
'"upstream_addr":"$upstream_addr",'
'"upstream_status":"$upstream_status",'
'"upstream_response_time":"$upstream_response_time",'
'"request_time":"$request_time",'
'"body_bytes_sent":"$body_bytes_sent",'
'"request_length":"$request_length",'
'"content_length":"$content_length",'
'"sent_http_cache_control":"$sent_http_cache_control",'
'"sent_http_content_type":"$sent_http_content_type",'
'"http_referer":"$http_referer",'
'"http_x_forwarded_for":"$http_x_forwarded_for",'
'"http_user_agent":"$http_user_agent",'
'"node_ip":"$node_ip",'
'"geoip2_data_country_code":"$geoip2_data_country_code",'
'"geoip2_data_city_name":"geoip2_data_city_name",'
'"geoip2_data_province_isocode":"$geoip2_data_province_isocode",'
'"server_port":"$server_port",'
'"server_protocol":"$server_protocol",'
'"request_method":"$request_method",'
'"scheme":"$scheme",'
'"ssl_protocol":"$ssl_protocol",'
'"remote_port":"$remote_port",'
'"mobile_request":"$mobile_request",'
'"http_cookie":"$http_cookie",'
'"args":"$args"}'; access_log logs/access.json.log json;
access_log logs/access.log main buffer=4k flush=10s;
open_log_file_cache max= inactive=10s valid=10s min_uses=; server_tokens off;
resolver 8.8.8.8 8.8.4.4 1.1.1.1 valid=600s ipv6=off;
resolver_timeout 30s; etag on;
send_timeout 3600s;
keepalive_timeout ;
keepalive_requests ;
server_names_hash_bucket_size ;
server_names_hash_max_size ;
client_header_buffer_size 128k;
large_client_header_buffers 128k;
client_header_timeout ;
connection_pool_size ;
proxy_connect_timeout ;
proxy_send_timeout ;
proxy_read_timeout ;
proxy_headers_hash_max_size ;
proxy_headers_hash_bucket_size ;
underscores_in_headers on; ssl_protocols TLSv1 TLSv1. TLSv1. TLSv1.;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:RSA-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:DHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:AES256-GCM-SHA384:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:RSA-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-GCM-SHA256:AES128-GCM-SHA256:PSK-AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:ECDHE-PSK-AES256-CBC-SHA384:ECDHE-PSK-AES256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:RSA-PSK-AES256-CBC-SHA384:DHE-PSK-AES256-CBC-SHA384:RSA-PSK-AES256-CBC-SHA:DHE-PSK-AES256-CBC-SHA:AES256-SHA:PSK-AES256-CBC-SHA384:PSK-AES256-CBC-SHA:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:RSA-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA:DHE-PSK-AES128-CBC-SHA:AES128-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA';
ssl_prefer_server_ciphers on;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets on; # OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on; fastcgi_connect_timeout ;
fastcgi_send_timeout ;
fastcgi_read_timeout ;
fastcgi_buffer_size 128k;
fastcgi_buffers 128k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k; gzip on;
gzip_min_length ;
gzip_buffers 8k;
gzip_comp_level ;
gzip_types text/xml text/plain application/xml application/xhtml+xml image/svg+xml text/javascript application/x-javascript application/javascript application/json text/css application/font-woff;
gzip_vary on; fastcgi_param COUNTRY_CODE $geoip2_data_country_code;
fastcgi_param COUNTRY_NAME $geoip2_data_country_name;
fastcgi_param CITY_NAME $geoip2_data_city_name; geoip2 /usr/local/nginx/geoip/maxmind-city.mmdb {
$geoip2_data_country_code default=US source=$remote_addr country iso_code;
$geoip2_data_country_name country names en;
$geoip2_data_city_name default=London city names en;
$geoip2_data_province_name subdivisions names en;
$geoip2_data_province_isocode subdivisions iso_code;
} client_body_buffer_size 512k;
proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504 http_404;
proxy_next_upstream error timeout http_500 http_502 http_503 http_504;
proxy_ignore_headers X-Accel-Expires Expires Set-Cookie;
proxy_buffering on;
proxy_cache_lock on;
proxy_cache_revalidate on;
proxy_buffer_size 64k;
proxy_buffers 128k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
chunked_transfer_encoding on; map $http_upgrade $connection_upgrade
{
default upgrade;
'' close;
}
proxy.conf 的配置
proxy_http_version 1.1;
proxy_set_header Accept-Encoding "";
proxy_set_header Host $http_host;
proxy_cookie_domain $host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Geo-COUNTRY $geoip2_data_country_code;
add_header X-Proxy-Cache $upstream_cache_status;
vhost 实例 配置
server
{
listen 80;
# if ( $scheme = 'http' ){rewrite ^(.*)$ https://$host$1 permanent;}
# listen 443 ssl http2;
# ssl_certificate /usr/local/nginx/conf/autoconfig/ssl/img.baidu.com.crt;
# ssl_certificate_key /usr/local/nginx/conf/autoconfig/ssl/img.baidu.com.key;
# ssl_stapling on;
# ssl_stapling_verify on;
# ssl_trusted_certificate /usr/local/nginx/conf/autoconfig/ssl/img.baidu.com.crt;
server_name img.baidu.com; access_log logs/img-access.json.log json;
access_log logs/img-access.log main; client_body_temp_path /usr/local/nginx/temp/client_body_temp/img 1 2 3;
set $mobile_request '0';
if ($http_user_agent ~* '(Android|webOS|iPhone|iPod|BlackBerry)') { set $mobile_request '1';} location /
{
include /usr/local/nginx/conf/autoconfig/proxy.conf;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_ignore_headers Cache-Control;proxy_no_cache 1;expires -1;
proxy_pass http://img;
break;
} location ^~ /.well-known/acme-challenge/ {
alias /usr/local/nginx/challenges/;
} location ~* ^.*\.(ggg)$
{
include /usr/local/nginx/conf/autoconfig/proxy.conf;
proxy_set_header Connection '';
proxy_hide_header Set-Cookie;
add_header X-Proxy-Cache 'HIT';
root /usr/local/nginx/temp/proxy_store/img;
proxy_store on;
proxy_store_access user:rw group:rw all:rw;
proxy_temp_path /usr/local/nginx/temp/proxy_store/img;
if ( !-e $request_filename) {
proxy_pass http://img;
}
} location ~* ^.*\.(gif|jpg|jpeg|png|bmp|swf|woff2|css|js|rar|zip|docx|tiff|csv|pptx|svg|midi|ppt|mid|fnt|svgz|ps|doc|eps|eot|tif|xlsx|woff|ejs|pdf|ico|class|webp|jar|pls|otf|xls|pict|ttf|opus|webm|mp3|ogg|zip|mp4|ipa|apk|wav|m4a)$
{
include /usr/local/nginx/conf/autoconfig/proxy.conf;
proxy_set_header Connection '';
proxy_hide_header Set-Cookie;
proxy_cache img;
proxy_cache_key $uri$is_args$args;
proxy_cache_valid 404 10s;
proxy_ignore_headers Cache-Control; proxy_cache_valid 200 206 301 304 14d;
proxy_cache_valid 405 2m;
expires 14d;
if ( !-e $request_filename) {
proxy_pass http://img;
}
} location = /_.gif {
empty_gif;
}
}
upsteam 实例配置
upstream img
{
check interval=20000 fall=5 rise=2 timeout=3000 default_down=false type=tcp;
dynamic_resolve fallback=stale fail_timeout=30s;
server www.cnblogs.com:80 max_fails=3 fail_timeout=0s;
server 192.168.1.30:80 max_fails=3 fail_timeout=0s backup;
server 192.168.1.31:80 max_fails=3 fail_timeout=0s backup;
server 192.168.1.30:80 max_fails=3 fail_timeout=0s backup;
server 192.168.1.31:80 max_fails=3 fail_timeout=0s backup;
server 192.168.1.30:80 max_fails=3 fail_timeout=0s backup;
server 192.168.1.31:80 max_fails=3 fail_timeout=0s backup; keepalive 360000;
}
cache path 相关配置
proxy_cache_path /usr/local/nginx/temp/proxy_cache/img levels=1:2 keys_zone=img:15m inactive=7d max_size=1024M use_temp_path=off;
常见mime type类型
nginx的mime.types 配置如下
types {
text/html html htm shtml;
text/css css;
text/xml xml plist;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/svg+xml svg svgz;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/webp webp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
application/font-woff woff;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.oasis.opendocument.graphics odg;
application/vnd.oasis.opendocument.presentation odp;
application/vnd.oasis.opendocument.spreadsheet ods;
application/vnd.oasis.opendocument.text odt;
application/vnd.openxmlformats-officedocument.presentationml.presentation
pptx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
xlsx;
application/vnd.openxmlformats-officedocument.wordprocessingml.document
docx;
application/vnd.wap.wmlc wmlc;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
application/octet-stream apk ipa;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}
nginx.conf nginx反向代理配置文件的更多相关文章
- Nginx之搭建反向代理实现tomcat分布式集群
参考博文: Nginx反向代理实现Tomcat分布式集群 1. jdk 安装 jdk 下载网址: http://www.oracle.com/technetwork/java/javase/downl ...
- Nginx+Tomcat实现反向代理及动静分离
Nginx+Tomcat实现反向代理及动静分离 时间 2014-07-07 15:18:35 51CTO推荐博文 原文 http://yijiu.blog.51cto.com/433846/143 ...
- 五、Nginx多Server反向代理配置
Nginx强大的正则表达式支持,可以使server_name的配置变得很灵活,如果你要做多用户博客,那么每个用户拥有自己的二级域名也就很容易实现了. server_name的匹配顺序 Nginx中的s ...
- Nginx设置Https反向代理,指向Docker Gitlab11.3.9 Https服务
目录 目录 1.GitLab11.3.9的安装 2.域名在阿里云托管,申请免费的1年证书 3.Gitlab 的 https 配置 4.Nginx 配置 https,反向代理指向 Gitlab 配置 目 ...
- Nginx 如何设置反向代理 多服务器,配置区分开来,单独文件保存单个服务器 server 主机名配置,通过 include 实现
samcao 关注 2015.06.15 10:08* 字数 0 阅读 408评论 0喜欢 0 网络结构如上图.可能你只有一个公网的Ip地址. 但是您的内网有个网站需要映射至外网.而又不想添加其它 ...
- Nginx 部署、反向代理配置、负载均衡
Nginx 部署.反向代理配置.负载均衡 最近我们的angular项目部署,我们采用的的是Nginx,下面对Nginx做一个简单的介绍. 为什么选择Nginx 轻:相比于Apache,同样的web服务 ...
- linux+apache+nginx实现,反向代理动静分离
在我们开发的过程中,一定会遇到,负载均衡方面的问题.下面我们,做一个小例子:使用nginx+apache实现反向代理,动静分离. 这里apache.php.nginx的安装就不做赘述了,不懂的朋友可以 ...
- Nginx 如何设置反向代理
网络结构如上图.可能你只有一个公网的Ip地址. 但是您的内网有个网站需要映射至外网.而又不想添加其它的非80端口.则你可以直接使用nginx来做反向代理即可.首先,配置nginx.conf文件. ht ...
- nginx安装,反向代理配置
1.centos 版本 下载最新稳定版 https://www.nginx.com/resources/wiki/start/topics/tutorials/install/# 2.执行语句: ./ ...
随机推荐
- 【Python】表白代码
# -*- coding:utf-8 -*- import turtle import time # 画爱心的顶部 def LittleHeart(): for i in range(200): tu ...
- C++ log4cpp使用(转)
参考文章: 1.常用C++库(1)日志库 https://blog.csdn.net/qilimi1053620912/article/details/87378707 2.一步步入门log4cpp ...
- 录入规则文件名到CSV文件
import os import sys import csv # 导出到csv文件 def export_to_csv(datas): with open('export.csv', 'w', ne ...
- 全文检索工具elasticsearch和kibana安装
一.安装elasticsearch 1.拷贝elasticsearch-5.6.4.rpm到/opt目录下「cenos7」 systemctl list-unit-files|grep elastic ...
- pandas包学习笔记
目录 zip Importing & exporting data Plotting with pandas Visual exploratory data analysis 折线图 散点图 ...
- Introduction to SQL
目录 SELECTING SELECTing single columns SELECTing multiple columns select all SELECT DISTINCT Learning ...
- 使用listView有感
et listView = new ccui.ListView();this.addChild(listView,9999);listView.setDirection(ccui.ScrollView ...
- QQ第三方登录(一)
要实现QQ第三方登陆 这就需要QQ方面的支持. 首先 我们需要在QQ开发者网站上注册,https://connect.qq.com/index.html 登陆之后点击应用管理,正常情况下我们是未提交 ...
- logistic回归损失函数(非常重要,深入理解)
2.2 logistic回归损失函数(非常重要,深入理解) 上一节当中,为了能够训练logistic回归模型的参数w和b,需要定义一个成本函数 使用logistic回归训练的成本函数 为了让模型通过学 ...
- WPF 解决无边框产生的相关问题
原文:WPF 解决无边框产生的相关问题 最大化: 在设置WindowStyle="None" AllowsTransparency="True"后,最大化会覆盖 ...