nginx-conf常用示例
//
# 最简单的配置
# cat >/etc/nginx/sites-enabled/test.conf
server {
listen 80;
server_name test.yfklife.cn;
root /opt/wwwroot/test;
location / {
index index.html index.htm;
}
location ^~ /upload {
autoindex on;
autoindex_localtime on;
alias /opt/wwwroot/upload;
}
}
#比nginx 更方便的python,
cd /opt/wwwroot/upload
python2 -m SimpleHTTPServer 80
python3 -m http.server 80
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
# openssl生成ssl证书
openssl genpkey -algorithm RSA -out mykey.pem -pkeyopt rsa_keygen_bits:2048
openssl req -new -key mykey.pem -out mycert.csr
openssl x509 -req -days 3650 -in mycert.csr -signkey mykey.pem -out mycert.crt
1
2
3
2
3
[root@dimine-dns-204 tmp]# openssl req -new -key mykey.pem -out mycert.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:AS
Locality Name (eg, city) [Default City]:BJ
Organization Name (eg, company) [Default Company Ltd]:AS
Organizational Unit Name (eg, section) []:AS
Common Name (eg, your name or your server's hostname) []:28.3.1.43
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
# nginx-alias别名与root
alias是一个目录别名的定义,root则是最上层目录的定义。
当访问路径为:http://test.yfklife.cn/test
以下访问 /opt/yfkroot 目录下的文件
server {
listen 80;
server_name test.yfklife.cn;
location /test/ {
alias /opt/yfkroot/;
index index.html index.htm;
}
}
1
2
3
4
5
6
7
8
2
3
4
5
6
7
8
以下访问 /opt/yfkroot/test 目录下的文件
server {
listen 80;
server_name 192.168.5.26;
location /test/ {
root /opt/yfkroot/;
index index.html index.htm;
}
}
1
2
3
4
5
6
7
8
2
3
4
5
6
7
8
还有一个重要的区别是当location 后面路径带 / 时,alias后面要用“/”结束,否则会找不到文件的。。。而root则可有可无
# nginx之location proxy_pass后面的url加 / 与不加 / 的区别
nginx配置文件
server{
port 80,
server name 192.168.5.26
location /static{
proxy_pass 192.168.5.26:81
}
location /static{
proxy_pass 192.168.5.26:81/
}
location /static/{
proxy_pass 192.168.5.26:81
}
location /static/{
proxy_pass 192.168.5.26:81/
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
访问情况说明
第一种
location /static{
proxy_pass 192.168.5.26:81
location后没有/ 转发网站没有/
最后网址经过nginx转向到的网址是 192.168.5.26:81/static/a.html
1
2
3
4
5
2
3
4
5
第二种
location /static {
proxy_pass 192.168.5.26:81/
location后没有/ 转发网站有/
最后网址经过nginx转向到的网址是 192.168.5.26:81/a.html
1
2
3
4
5
2
3
4
5
第三种
location /static/{
proxy_pass 192.168.5.26:81
location后有/ 转发网站没有/
最后网址经过nginx转向到的网址是 192.168.5.26:81/static/a.html
1
2
3
4
5
2
3
4
5
第四种
location /static/{
proxy_pass 192.168.5.26:81/
location后有/ 转发网站有/
最后网址经过nginx转向到的网址是 192.168.5.26:81/a.html
1
2
3
4
5
2
3
4
5
# 前端VUE try_files
访问匹配路径:test.yfklife.cn/coder
server {
listen 80;
server_name test.yfklife.cn;
root /usr/share/nginx/html;
index index.html index.htm;
location /coder {
alias /usr/share/nginx/html/dist;
index index.html index.htm;
try_files $uri $uri/ /coder/index.html;
#以下可以按情况添加
if ($request_filename ~* .*.(html|htm)$)
{
add_header Cache-Control no-cache;
}
if ($request_filename ~* .*.(gif|jpg|jpeg|png|bmp|swf)$)
{
expires 7d;
}
if ($request_filename ~ .*.(js|css)$)
{
expires 1d;
}
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
需要修改对应的前端配置,路由配置
# 主页前端
# cat >/etc/nginx/sites-enabled/main.conf
server {
listen 80;
server_name www.yfklife.cn;
root /opt/wwwroot/html;
index index.html index.htm;
if (!-e $request_filename) {
rewrite ^(.*)$ /index.html?s=$1 last;
break;
}
}
1
2
3
4
5
6
7
8
9
10
11
12
2
3
4
5
6
7
8
9
10
11
12
# PHP重写配置
# cat >/etc/nginx/sites-enabled/testapi.conf
server
{
listen 80;
listen 443 ssl;
server_name testapi.yfklife.cn; #配置域名
root /opt/newweb/www;
index index.html index.php index.html;
#ssl on;
ssl_certificate ssl/2020_yfklife.cn;
ssl_certificate_key ssl/2020_yfklife.cn;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5:!EXPORT56:!EXP;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
location /
{
if ( !-f $request_filename ) {
rewrite ^(.*)$ /index.php?$1 last;
break;
}
}
location ~ .*\.php?$
{
fastcgi_ignore_client_abort on;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fcgi.conf;
index index.php;
if ($remote_addr = "11.19.212.101") {
access_log off; #负载IP日志关闭
}
}
location ~ "\.(js|ico|gif|jpg|png|css)$" {
expires 1w;
}
location ~ ^/status/ {
stub_status on;
access_log off;
}
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-Port $remote_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
error_page 404 = /404.html;
location ~ .*.(svn|git|cvs) {deny all;}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
# 路径A跳转匹配路径B
server {
location /old-path {
rewrite ^/old-path(.*)$ /new-path$1 permanent;
}
}
1
2
3
4
5
2
3
4
5
# 代理jenkins与gitlab端口
nginx 配置文件
# cat /etc/nginx/sites-enabled/ci.conf
upstream jenkins{
server 127.0.0.1:8089;
}
upstream gitlab{
server 127.0.0.1:8090;
}
server
{
listen 80;
server_name ci.yfklife.cn;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL http://$server_name/;
proxy_pass http://jenkins;
}
}
server
{
listen 80;
server_name gitlab.yfklife.cn;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL http://$server_name/;
proxy_pass http://git;
}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# 修改jenkins监听端口
vim /etc/sysconfig/jenkins
JENKINS_PORT="8089"
1
2
3
4
2
3
4
重启Jenkins
systemctl restart jenkins
jenkins前端界面之 系统管理--->系统设置
系统管理--->系统设置--->管理监控配置--->JenKins Location
# 修改gitlab默认监听端口
vim /etc/gitlab/gitlab.rb
nginx['listen_addresses'] = ['*']
nginx['listen_port'] = 8090
1
2
3
4
5
2
3
4
5
重新加载配置 gitlab-ctl reconfigure
重启gitlab gitlab-ctl restart
# 代理容器portainer
- 启动portniner容器,监听端口9005
docker run -d --network dell_default -p 9005:9000 -v /var/run/docker.sock:/var/run/docker.sock --restart=always --name portainer portainer/portainer
- nginx 配置
最后三行
server {
listen 192.168.5.147:8009;
server_name 192.168.5.147;
location ~ "^/portainer(/?.*)" {
proxy_pass http://127.0.0.1:9005$1$is_args$args;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
2
3
4
5
6
7
8
9
10
11
12
13
14
15
- 访问:192.168.5.147:8009/portainer/
# 代理websock
- nginx 配置
upstream system_back {
server 127.0.0.1:9900;
}
upstream mqttws {
server 127.0.0.1:8083;
}
#underscores_in_headers on; #表示当客户端请求头中带有下划线的字段默认将会被标识为无效字段。
server {
listen 80;
server_name 192.168.5.147;
client_max_body_size 0;
proxy_max_temp_file_size 0;
location /mqtt {
proxy_pass http://mqttws;
proxy_set_header Sec-WebSocket-Protocol mqtt;
proxy_http_version 1.1;
proxy_read_timeout 86400;
proxy_send_timeout 86400;
proxy_redirect off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
#反向代理真实IP
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
#proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /api/ {
proxy_pass http://system_back/;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL http://$server_name/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
//
如果此文章对您有帮助,点击 -->> 请博主喝咖啡 (opens new window)
上次更新: 2024/08/01, 11:00:01