nginx vhost配置文件+ssl+cache
# vhost配置文件
[root@LB01 ~]# cat /usr/local/nginx/conf/extra/memadmin.conf
upstream memadmin_server {
#ip_hash;
#server 127.0.0.1:8080;
server 172.16.1.30:8002;
#server 172.16.1.11:80 weight=1;
}
#访问80端口重定向到443端口--ok
server {
listen 80;
server_name memadmin.xxxx.com;
#rewrite ^/.*$ $scheme://$host$request_uri? permanent;
rewrite ^/.*$ https://memadmin.xxxx.com permanent;
}
#配置ssl证书
server {
listen 443;
#charset utf-8;
server_name memadmin.xxxx.com;
#如果用户访问https://www.pinhui001.com跳转到http://www.xxxx.com
#因www.pinhui001.com没配置ssl证书
if ($host = 'www.pinhui001.com') {
rewrite ^/.*$ http://www.xxxx.com permanent;
}
#同上
if ($host = 'zabbix.xxxx.com') {
rewrite ^/.*$ http://zabbix.xxxx.com permanent;
}
#ssl证书配置--ok
ssl on;
ssl_certificate sslkey/xxxx.com.crt;
ssl_certificate_key sslkey/xxxx.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:-LOW:!aNULL:!eNULL;
ssl_prefer_server_ciphers on;
###指定格式缓存
location ~ .*\.(gif|jpg|png|css|js|ico)$ {
#代理--ok
proxy_redirect off;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://memadmin_server;
#缓存--ok
proxy_cache pinhui_cache;
proxy_cache_key $host$request_uri;
#请求3次以上才缓存
#proxy_cache_min_uses 3;
proxy_cache_valid 200 304 301 302 30d;
proxy_cache_valid 404 1m;
proxy_cache_valid any 2d;
expires 30d;
#忽略cache-control,expires,set-cookie信息
##增加命中状态2标识MIME类型3请求协议
#proxy_ignore_headers "Cache-Control" "Expires" "Set-Cookie";
add_header X-Cache "$upstream_cache_status";
add_header Content-Type "$content_type";
add_header x-source-scheme "$scheme";
access_log off;
}
###指定admin,system目录不缓存
#location / ^/(admin/system)(.*) {
# proxy_redirect off;
# proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
# proxy_set_header Host $host;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_pass http://memadmin_server;
#
# client_max_body_size 300m;
# client_body_buffer_size 512;
# proxy_connect_timeout 60;
# proxy_read_timeout 60;
# proxy_send_timeout 60;
# proxy_buffer_size 64k;
# proxy_buffers 8 64k;
# proxy_busy_buffers_size 128k;
# proxy_temp_file_write_size 128k;
# }
###
###默认抛向后端
location / {
proxy_redirect off;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://memadmin_server;
client_max_body_size 300m;
client_body_buffer_size 512;
proxy_connect_timeout 60;
proxy_read_timeout 60;
proxy_send_timeout 60;
proxy_buffer_size 64k;
proxy_buffers 8 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
#fastcgi_param HTTPS $https if_not_empty;
}
###################log format################################################
access_log logs/memadmin_access.log access;
}
浙公网安备 33010602011771号