nginx 跳转系列

1、nginx强制跳转https配置，通过http状态吗实现，http状态吗地址：

https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/307

301  It is therefore recommended to use the 301 code only as a response for GET or HEAD methods and to use the 308 Permanent Redirect for POSTmethods instead, as the method change is explicitly prohibited with this status.

 

#cat  conf.d/test.conf

server {

listen 80;
server_name cul.xget.com;

location / {
auth_basic "it's protected";
auth_basic_user_file /data/.htpasswd;
proxy_pass http://10.10.17.31:8500;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header Access-Control-Allow-Origin *;
proxy_next_upstream http_502 http_504 error timeout invalid_header;
}
listen 443 ssl;
ssl_certificate /root/USSL_TBDmkIc7/Nginx/public.pem;
ssl_certificate_key /root/USSL_TBDmkIc7/Nginx/private.key;
ssl_session_cache shared:le_nginx_SSL:1m; # managed by Certbot
ssl_session_timeout 1440m; # managed by Certbot

ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # managed by Certbot
ssl_prefer_server_ciphers on; # managed by Certbot

ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES256-SHA256 EDH-RSA-DES-CBC3-SHA"; # managed by Certbot

if ($scheme != "https"){

return 301 https://$host$request_uri;
}
}

 

2、根据remote_addr转发流量及if的或匹配

        location / {
                if ( $remote_addr = "183.18.16.69" ){
                rewrite ^/(.*)  /saturn-api-canary/$1 break;
                proxy_pass  http://10.42.7.12:32080;
                break;
                }
                if ( $remote_addr = "115.25.5.107" ){
                rewrite ^/(.*)  /saturn-admin-canary/$1 break;
                proxy_pass  http://10.42.7.12:32080;
                break;
                }
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $http_host;
                proxy_set_header X-NginX-Proxy true;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_max_temp_file_size 0;
                proxy_pass http://api;
                client_max_body_size 100m;
                proxy_read_timeout  150;
                access_log  /var/log/nginx/share.log  hehe;
                error_log   /var/log/nginx/api_error.log warn;
                add_header  X-Upstream  $upstream_addr always;
                proxy_redirect off;
        }

或匹配：

   location / {
                if ( $remote_addr ~ "183.18.16.69|115.25.5.107" ){
                rewrite ^/(.*)  /saturn-api-canary/$1 break;
                proxy_pass  http://10.42.7.12:32080;
                break;
                }
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $http_host;
                proxy_set_header X-NginX-Proxy true;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_max_temp_file_size 0;
                proxy_pass http://api;
                client_max_body_size 100m;
                proxy_read_timeout  150;
                access_log  /var/log/nginx/share.log  hehe;
                error_log   /var/log/nginx/api_error.log warn;
                add_header  X-Upstream  $upstream_addr always;
                proxy_redirect off;
        }

 

 

3、根据header转发流量

        location / {
                if ( $http_yfflag = 2 ){
                rewrite ^/(.*)  /saturn-api-canary/$1 break;
                proxy_pass  http://10.42.7.12:32080;
                break;
                }
               
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $http_host;
                proxy_set_header X-NginX-Proxy true;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_max_temp_file_size 0;
                proxy_pass http://api;
                client_max_body_size 100m;
                proxy_read_timeout  150;
                access_log  /var/log/nginx/share.log  hehe;
                error_log   /var/log/nginx/api_error.log warn;
                add_header  X-Upstream  $upstream_addr always;
                proxy_redirect off;
        }

 

4、if实现“与”操作

nginx不支持shell的and、&&实现，也不支持if嵌套，所以采用设置变量的方式实现。首先设置一个变量置为空 set $flag 0;然后根据条件追加值，在最终的if块中根据$flag的值进行判断，实现与和或。切记要在最终的if块中添加break，

否则proxy_pass也会被执行。

AND：

 location / {
    if ( $remote_addr !~ "183.128.16.69|115.205.5.107" ){
      proxy_pass http://10.4.8.77;
      break;
    }
    set $foo "";
    if ( $http_fflag = 2 ){
      set $foo  "${foo}1";
    }
    if ( $http_dflag = 1 ){
      set $foo  "${foo}1";
    }
    if ( $foo ~* "11" ){
       rewrite ^  http://zipkin.xet.com/zipkin/ break;
       break;
    }
    proxy_pass http://api;
  }

 

5、nginx访问静态资源

这里使用两种方式都可以实现：

两者都是在server段的location下使用

1）使用alias

server{
   listen *80;
   server_name test.eee.com;
   location /getQQCode/ {
             alias /etc/nginx/qq/;
        }
}

提前将静态文件放到alias的目录下面，这样访问http://test.eee.com/getQQCode/index.html，实际服务器的访问路径是/etc/nginx/qq/index.heml。

2）使用root

server{
   listen *80;
   server_name test.eee.com;
   location /getQQCode/ {
             root /etc/nginx/qq/;
        }
}

这样访问http://test.eee.com/getQQCode/index.html，实际服务器的访问路径是/etc/nginx/qq/getQQCode/index.heml。root会将路径进行拼接。例如使用root的时候会将uri  /getQQCode/拼接到root的路径后面

即/etc/nginx/qq/getQQCode/index.heml。