配置虚拟主机:
server { listen 80; server_name www.test.com test.com; root /usr/local/nginx/html/test; location / { index index.php; } }
浏览文件:
location / { autoindex on; autoindex_localtime on; }
支持 php:
location ~ \.php(.*)$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param PATH_INFO $1; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; }
解决跨域:
location / { add_header 'Access-Control-Allow-Origin' '*'; }
设置 index.php 为入口文件:
location / { if (!-e $request_filename) { rewrite ^(.*)$ /index.php?s=/$1 last; break; } }
防盗链:
location ~ .*\.(gif|jpg|jpeg|bmp|png)$ { valid_referer *.test.com; if ($invalid_referer) { rewrite ^/ http://www.test.com/404.png; } }
动静分离:
location ~* ^.+.(js|css|htm|html|gif|jpg|jpeg|png|bmp|swf|ioc|rar|zip|txt|flv|mid|doc|ppt|pdf|xls|mp3|wma)$ { # 静态站点 } location ~* ^.+.(?![js|css|htm|html|gif|jpg|jpeg|png|bmp|swf|ioc|rar|zip|txt|flv|mid|doc|ppt|pdf|xls|mp3|wma])$ { # 动态站点 }
反向代理:
server { listen 80; server_name jira.job520.net; location / { proxy_pass http://127.0.0.1:8080; proxy_redirect off; proxy_set_header Host $host:$server_port; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_read_timeout 90; } }
代理 websocket(可配置
健康检查
):upstream test_websocket_proxy { server xx.xx.xx.xx:xx; server xx.xx.xx.xx:xx; } ... proxy_pass http://test_websocket_proxy; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host;
代理 grpc:
upstream test_grpc_proxy { server 192.168.50.160:50052; server 192.168.50.160:50053; } server { listen 8181 http2; server_name localhost; location / { grpc_pass grpc://test_grpc_proxy; } }
代理 tcp:
- 安装
stream
模块:yum -y install nginx-mod-stream
- 修改配置:
- /etc/nginx/nginx.conf:
stream { include /etc/nginx/conf.d/*.stream; }
- /etc/nginx/conf.d/xxx.stream
server { listen 1883; proxy_pass 172.21.16.17:1883; }
- /etc/nginx/nginx.conf:
- 安装
支持react-router:
try_files $uri /index.html;
使用gzip压缩:
gzip on; gzip_min_length 1k; gzip_comp_level 2; gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png font/ttf font/otf image/svg+xml; gzip_vary on; gzip_disable "MSIE [1-6]\."; location ~* ^.+\.(ico|gif|jpg|jpeg|png)$ { access_log off; expires 1h; } location ~* ^.+\.(css|js|txt|xml|swf|wav)$ { access_log off; expires 1h; } location ~* ^.+\.(html|htm)$ { expires 1h; } location ~* ^.+\.(eot|ttf|otf|woff|svg)$ { access_log off; expires max; }
白名单设置:
allow xx.xx.xx.xx/xx; deny all;
限制上传文件大小:
client_max_body_size 8M; client_body_buffer_size 128k;
防止跨目录(限制php只能在指定目录下运行):
fastcgi_param PHP_VALUE "open_basedir=$document_root";
限制同一用户请求频率:
http{ #定义一个名为 allips 的 limit_req_zone 用来存储 session,大小是 10M 内存,每秒的请求为 20 个 limit_req_zone $binary_remote_addr zone=allips:10m rate=20r/s; server{ location / { limit_req zone=allips burst=5 nodelay; } } }
ssl证书相关:
server { listen 80; server_name job520.net www.job520.net; return 301 https://www.job520.net$request_uri; } server { listen 443 ssl; server_name www.job520.net; ssl_certificate 2479286_www.job520.net.pem; ssl_certificate_key 2479286_www.job520.net.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ssl_prefer_server_ciphers on; }
检查配置文件语法:
nginx -t
文档更新时间: 2024-03-24 15:25 作者:lee