Nginx常用配置

1、反向代理全局配置nginx.conf

http {
    include       mime.types;
    default_type  application/octet-stream;
    client_max_body_size 100m;
    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';
    

   
    access_log  /var/www/logs/nginx/access.log;
    error_log  /var/www/logs/nginx/error.log;

    sendfile        on;
    #tcp_nopush     on;
    server_tokens   off;
    #keepalive_timeout  0;
    keepalive_timeout  65;
    proxy_read_timeout 600s;
    gzip  on;
 
    map $http_connection $connection_upgrade {
    "~*Upgrade" $http_connection;
    default keep-alive;
  }

 

2、http to https

   server {
        listen       80;
        server_name  xx.cn www.xx.cn;
        rewrite ^(.*)$ https://$host$1 permanent;
    }

3、https - vue模板

server {
       listen      443 ssl 
       http2       on;
       server_name xx.cn www.xx.cn;
       root   /var/www/wwwroot/xx/vue;

       ssl_certificate      /var/www/wwwroot/SSL/www.xx.cn.pem;
       ssl_certificate_key  /var/www/wwwroot/SSL/www.xx.cn.key;
    
       ssl_session_cache    shared:SSL:1m;
       ssl_session_timeout  5m;
    
       ssl_ciphers  HIGH:!aNULL:!MD5;
       ssl_prefer_server_ciphers  on;
    
       location / {
            try_files $uri $uri/ @router;#需要指向下面的@router否则会出现vue的路由在nginx中刷新出现404
            index  index.html index.htm;
        }
    
       location @router {
            rewrite ^.*$ /index.html last;
        }

   }

4、https - webApi模板

server {
        listen       443 ssl 
        http2        on;
        server_name  api.xx.cn;
        ssl_certificate      /var/www/wwwroot/ssl/api.xx.cn.pem;
        ssl_certificate_key  /var/www/wwwroot/ssl/api.xx.cn.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;
    
        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;
     
        #add_header X-Frame-Options "SAMEORIGIN";     #保护Nginx 免受点击劫持的侵害
        #add_header X-Content-Type-Options "nosniff"; #可阻止大部分浏览器通过MIME方式探查来自已声明内容类型的响应

        location / {
          proxy_pass http://127.0.0.1:9000;
	        
          proxy_http_version 1.1;
          proxy_set_header   Upgrade $http_upgrade;
          proxy_set_header   Connection $connection_upgrade;
          proxy_set_header   Host $host;
          proxy_cache_bypass $http_upgrade;
          proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header   X-Forwarded-Proto $scheme;
         }
    }

5. https - signalR模板

server {
        listen       443 ssl 
        http2        on;
        server_name  ws.xxx.cn;
        ssl_certificate      /var/www/ssl/ws.xxx.cn/ws.xxx.cn.pem;
        ssl_certificate_key  /var/www/ssl/ws.xxx.cn/ws.xxx.cn.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

         location /hubs/chat {
          proxy_pass http://127.0.0.1:10000;
	        
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection $connection_upgrade;
          proxy_cache off;
          # WebSockets were implemented after http/1.0
          proxy_http_version 1.1;

          # Configuration for ServerSentEvents
          proxy_buffering off;

          # Configuration for LongPolling or if your KeepAliveInterval is longer than 60 seconds
          proxy_read_timeout 100s;

          proxy_set_header Host $host;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header X-Forwarded-Proto $scheme;
         }
    }

 

posted @ 2015-07-01 16:20  b̶i̶n̶g̶.̶  阅读(513)  评论(0)    收藏  举报