NGINX常用配置

配置二级目录+

反向代理至不同IP+端口

server {
listen 80;
server_name demo.domain.com;
#通过访问service二级目录来访问后台
location /service {
#DemoBackend1后面的斜杠是一个关键，没有斜杠的话就会传递service到后端节点导致404
proxy_pass http://DemoBackend1/service;#DemoBackend1网站中要配置一个名称为service的虚拟目录，并且和location的二级目录名称一致

proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
#其他路径默认访问前台网站
location / {
proxy_pass http://DemoBackend2;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

#简单的负载均衡节点配置
upstream DemoBackend1 {
server 192.168.1.1;
server 192.168.1.2;
ip_hash;
}
upstream DemoBackend2 {
server 192.168.2.1;
server 192.168.2.2;
ip_hash;
}

https://www.cnblogs.com/bayu/p/8041453.html

简单认证+反向代理

...

upstream hexo_server {

server localhost:4000;
}

server {
listen 8080; #可改需要的端口
server_name localhost;

#charset koi8-r;

#access_log logs/host.access.log main;

location / {
#tangrui comment beloew two rows(default pages)
# root html;
# index index.html index.htm;
#tangrui add page indirecting
auth_basic "Login";
auth_basic_user_file C:/nginx-1.16.1/conf/passwd;
proxy_pass http://hexo_server;
#proxy_redirect off;
#proxy_set_header Host $host;
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

#error_page 404 /404.html;

# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}

# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}

...

备注：password文件为文本文件，格式

<user_name1>:<password1>

<user_name2>:<password2>

...

IP地址过滤

nginx/conf.d 下面新建ip.conf，该目录下的.conf都会被包含进nginx.conf中

假设只允许192.168.1.2 192.168.1.3 访问，那内容就是

allow 192.168.1.2;
allow 192.168.1.3;
deny all;

当然nginx还可以分目录进行控制, ip.conf相当于第一层全局白名单，
在对应的反向代理的conf文件中，同样可以加上白名单
比如对于开放在4567端口的论坛，只想让192.168.1.2访问，那就将原来的配置文件

server {
listen 80;

server_name www.forum.zqb.local forum.zqb.local;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:4567/;
proxy_redirect off;

# Socket.IO Support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
改成

server {
listen 80;

server_name www.forum.zqb.local forum.zqb.local;
location / {
allow 192.168.1.2; #允许访问
deny all;

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:4567/;
proxy_redirect off;

# Socket.IO Support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}

NGINX静态资源

server {

listen 80; #nginx监听的端口
server_name localhost; #拦截的用户访问路径

#charset koi8-r;

#access_log logs/host.access.log main;

# 访问本地绝对路径下的静态html，通常将该下面改为动态网站，固定一个二级目录作为静态目录
location / {
#root html;
root D:/tools/nginx/2/html1;
index index.html index.htm;
}

#访问路径拼接 upload 访问本地绝对路径下的某图片
location /upload/ {
alias D:/tools/nginx/2/image1/;
autoindex on;
}

#访问路径拼接 /pages 访问本地绝绝对路径下的静态html
location /pages/ {
alias D:/tools/nginx/2/html1/;
autoindex on;
}

# 精细化配置相关静态资源参数，优化访问静态资源文件
location ~ .*\.(gif|jpg|jpeg|png)$ {
expires 24h;
root D:/tools/nginx/2/image1/;#指定图片存放路径
proxy_store on;
proxy_temp_path D:/tools/nginx/2/image1/;#图片访问路径
proxy_redirect off;
proxy_set_header Host 127.0.0.1;
client_max_body_size 10m;
client_body_buffer_size 1280k;
proxy_connect_timeout 900;
proxy_send_timeout 900;
proxy_read_timeout 900;
proxy_buffer_size 40k;
proxy_buffers 40 320k;
proxy_busy_buffers_size 640k;
proxy_temp_file_write_size 640k;
if ( !-e $request_filename)
{
proxy_pass http://127.0.0.1;#默认80端口
}

}

error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}

}

网站定义到域名二级目录

http://www.ptbird.cn/nginx-static-change-root.html

静态资源的目录结构是：

---public
---static
---images
---js
---css
---uploads
存在问题无法加载任何 public 下的静态资源，包括 static 和 uploads 中的

2、修改反向代理配置
单独修改 nginx 配置中对 /static/ 和 /uploads/ 的访问路径
location ^~ /static/ {
root /data/www/public/;
include proxy.conf;
}
location ^~ /uploads/ {
root /data/www/public/;
include proxy.conf;
}

二级目录代理独立网站与端口

server {
listen 80;
server_name dev-we-show.fonzie.com;
location / {
#index index.html index.htm;
#root html/;
#proxy_next_upstream http_502 http_504 error timeout invalid_header;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://dev_b;
expires -1;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;

rewrite (.*)/wapindex(.*) /vperson$1/wapindex$2;
rewrite (.*)/image(.*) /vperson$1/image$2;
rewrite (.*)/js(.*) /vperson$1/js$2;
}

location /vperson/ {
proxy_pass https://www.vperson.com/;
}

}

这样一来在反向代理的时候，用户首先通过dev-we-show.fonzie.com/vperson/访问这台nginx，再通过这台nginx反向代理到https://www.vperson.com/，但这个跳转是隐式的，所以在浏览器的地址栏还是dev-we-show.fonzie.com，问题在于dev-we-show.fonzie.com下面并没有/wapindex的路径，所以我们需要在根/下面添加rewrite通过正则匹配修改，并添加以后路径，然他回去的时候依然是走dev-we-show.fonzie.com/vperson/的路径，而不是dev-we-show.fonzie.com的路径。

另一种方法：

访问 upall.cn/12380 时从 luolong.12380.honzh.com 获取内容

server {

listen 80;

server_name upall.cn

#

# 其它代码……

#

location /12380/ {

rewrite ^/12380(.*)$ $1 break;

proxy_pass http://luolong.12380.honzh.com;

client_max_body_size 0;

proxy_connect_timeout 36000s;

proxy_read_timeout 36000s;

proxy_request_buffering off;

}

server {
listen 80;
server_name example.com;

location / {
index index.html;
root /var/www/public;

}

location ~* /server1 {
rewrite /server1/(.*) /$1 break;
proxy_pass http://server1;

}
}

posted @ 2021-03-02 13:08 crocuta 阅读(188) 评论(0) 收藏举报

刷新页面返回顶部

crocuta

积极进取，学无止境

NGINX常用配置

公告