Alpine Linux主机搭建Nginx 反向代理镜像源
主要参考:
https://run.la/s/169.html
https://blog.csdn.net/qq_23830637/article/details/100577489
步骤一:
1 apk add nginx certbot certbot-nginx 2 3 4 rc-update add nginx default 5 6 7 vi /etc/ngin/conf.d/default.conf 8 9 servers { 10 server_name your_server_domain 11 } 12 13 certbot --nginx 14 15 16 rc-service nginx start
nginx配置内只填写serverbname,剩余端口等配置由cerbot自动生成,待证书配置完成后再填写其余配置。否则用户填写的443端口与cerbot填写端口冲突,会报错:
nginx: [emerg] a duplicate listen 0.0.0.0:443 in /etc/nginx/conf.d/default.conf
步骤二:
修改 /etc/ngin/nginx.conf ,http部分——增大代理缓存,否则报错
upstream sent too big header while reading response header from upstream,
proxy_buffer_size 128k; proxy_buffers 16 32k; proxy_busy_buffers_size 128k;
增加代理配置(基于https://run.la/s/169.html 有修改):
# managed by Certbot 需要保留
server { listen 443 ssl reuseport; # managed by Certbot ssl_certificate /etc/letsencrypt/live/your_server_domain/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/your_server_domain/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot location ~* .(conf|sql|bak)$ { deny all; } server_name your_server_domain; #绑定的域名 if ($request_method !~ ^(GET|HEAD|POST)$ ) { return 444; } if ($http_user_agent ~* "qihoobot|Baiduspider|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot") { return 403; } #屏蔽搜索引擎 resolver 8.8.8.8 8.8.4.4 valid=600s; #设置域名解析的dns服务器 resolver_timeout 10s; #设置dns解析超时时间。 location ~ ^/(repo\.mongodb\.com|www\.google\.com|google\.com|registry-1\.docker\.io|registry-2\.docker\.io|hub\.docker\.com|ghcr\.io|gcr\.io|k8s\.gcr\.io|repo\.mysql\.com|www\.debian\.org|deb\.debian\.org|security\.debian\.org|cdn-fastly\.deb.debian\.org|nginx\.org|github\.com|codeload\.github\.com|yum\.dockerproject\.org)(\/.*)$ { #需要代理的域名正则,避免有人用来代理某些被墙的网站。 proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #将用户ip放到请求协议头内,一般用来告诉后端服务器,是谁访问的网站。 proxy_set_header Accept-Encoding ""; #告诉被代理网站,不要压缩内容,否则sub_filter会失效。 proxy_set_header Connection ""; #启用http1.1协议 proxy_http_version 1.1; #同上 proxy_connect_timeout 10s; #设置连接超时 proxy_read_timeout 10s; #设置读取超时 proxy_set_header Host $1; #设置host,域名 proxy_redirect ~^(http:\/\/|https:\/\/)?(.*)$ $1$server_name/$2; #将原301跳转,重新跳转回本域名。 sub_filter 'src="/' 'src="/$1/'; sub_filter 'src="http://$1' 'src="http://$server_name/$1'; sub_filter 'src="https://$1' 'src="https://$server_name/$1'; sub_filter 'src="//$1' 'src="//$server_name/$1'; #替换网页内链接地址。 sub_filter 'href="/' 'href="/$1/'; sub_filter 'href="http://$1' 'href="http://$server_name/$1'; sub_filter 'href="https://$1' 'href="https://$server_name/$1'; sub_filter 'href="//$1' 'href="//$server_name/$1'; #同上 sub_filter 'action="/' 'action="/$1/'; sub_filter 'action="http://$1' 'action="http://$server_name/$1'; sub_filter 'action="https://$1' 'action="https://$server_name/$1'; sub_filter 'action="//$1' 'action="//$server_name/$1'; #同上 sub_filter_once off; #替换多次 proxy_hide_header Strict-Transport-Security; #隐藏被代理网站返回回来的协议头“Strict-Transport-Security”,避免启动hsts,具体搜索引擎hsts set $query_mark ""; if ($query_string != "") { set $query_mark "?${query_string}"; } #因为nginx并不匹配url后面的?参数,而是使用“$query_string”储存。 proxy_pass $scheme://$1$2${query_mark}; #$scheme是当前访问的协议,http、https } root /home/wwwroot/your_server_domain; #设置目录。 } server { if ($host = your_server_domain) { return 301 https://$host$request_uri; } # managed by Certbot server_name your_server_domain; listen 80 reuseport; return 404; # managed by Certbot }
步骤三:
配置防火墙、重启nginx
浙公网安备 33010602011771号