與我們合作

我們專注：網(wǎng)站策劃設(shè)計、網(wǎng)絡(luò)輿論監(jiān)控、網(wǎng)站優(yōu)化及網(wǎng)站營銷、品牌策略與設(shè)計
主營業(yè)務(wù)：網(wǎng)站建設(shè)、移動端微信小程序開發(fā)、APP開發(fā)、網(wǎng)絡(luò)運營、云產(chǎn)品·運維解決方案

有一個品牌項目想和我們談?wù)剢?

您可以填寫右邊的表格，讓我們了解您的項目需求，這是一個良好的開始，我們將會盡快與您取得聯(lián)系。當(dāng)然也歡迎您給我們寫信或是打電話，讓我們聽到您的聲音

您也可通過下列途徑與我們?nèi)〉寐?lián)系：

地址: 上海市長寧區(qū)華寧國際7L

電話: 400-825-2717(咨詢專線)

電話: 13054973230(售后客戶服務(wù))

網(wǎng) 址: http://www.586918.cn

傳真: 021-61488448

郵箱: admin@wumujituan.com

快速提交您的需求 ↓

Nginx常用配置

發(fā)布日期：2024-02-26 瀏覽次數(shù)：41065

一、基礎(chǔ)配置

user root;
worker_processes 1;
events {
worker_connections 10240;
}
http {
log_format '$remote_addr - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent"';
include mime.types;
default_type application/octet-stream;
sendfile on;
#autoindex on;
#autoindex_exact_size off;
autoindex_localtime on;
keepalive_timeout 65;
gzip on;
gzip_disable "msie6";
gzip_min_length 100;
gzip_buffers 4 16k;
gzip_comp_level 1;
gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
gzip_types "*";
gzip_vary off;
server_tokens off;
client_max_body_size 200m;
server {
listen 80 default_server;
server_name _;
return 403 /www/403/index.html;
}
include ../serve/*.conf;
}

復(fù)制代碼

二、隱藏 Nginx 版本信息

http {
server_tokens off;
}

復(fù)制代碼

三、禁止ip直接訪問80端口

server {
listen 80 default;
server_name _;
return 500;
}

復(fù)制代碼

四、啟動 web 服務(wù) (vue 項目為例)

server {
# 項目啟動端口
listen 80;
# 域名（localhost）
server_name _;
# 禁止 iframe 嵌套
add_header X-Frame-Options SAMEORIGIN;
# 訪問地址根路徑配置
location / {
# 項目目錄
root html;
# 默認讀取文件
index index.html;
# 配置 history 模式的刷新空白
try_files $uri $uri/ /index.html;
}
# 后綴匹配，解決靜態(tài)資源找不到問題
location ~* \.(gif|jpg|jpeg|png|css|js|ico)$ {
root html/static/;
}
# 圖片防盜鏈
location ~/static/.*\.(jpg|jpeg|png|gif|webp)$ {
root html;
valid_referers *.deeruby.com;
if ($invalid_referer) {
return 403;
}
}
# 訪問限制
location /static {
root html;
# allow 允許
allow 39.xxx.xxx.xxx;
# deny 拒絕
deny all;
}
}

復(fù)制代碼

五、PC端和移動端使用不同的項目文件映射

server {
......
location / {
root /home/static/pc;
if ($http_user_agent ~* '(mobile|android|iphone|ipad|phone)') {
root /home/static/mobile;
}
index index.html;
}
}

復(fù)制代碼

六、一個web服務(wù)，配置多個項目 (location 匹配路由區(qū)別)

server {
listen 80;
server_name _;
# 主應(yīng)用
location / {
root html/main;
index index.html;
try_files $uri $uri/ /index.html;
}
# 子應(yīng)用一
location ^~ /store/ {
proxy_pass http://localhost:8001;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# 子應(yīng)用二
location ^~ /school/ {
proxy_pass http://localhost:8002;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# 靜態(tài)資源讀取不到問題處理
rewrite ^/api/profile/(.*)$ /(替換成正確路徑的文件的上一層目錄)/$1 last;
}
# 子應(yīng)用一服務(wù)
server {
listen 8001;
server_name _;
location / {
root html/store;
index index.html;
try_files $uri $uri/ /index.html;
}
location ^~ /store/ {
alias html/store/;
index index.html index.htm;
try_files $uri /store/index.html;
}
# 接口代理
location /api {
proxy_pass http://localhost:8089;
}
}
# 子應(yīng)用二服務(wù)
server {
listen 8002;
server_name _;
location / {
root html/school;
index index.html;
try_files $uri $uri/ /index.html;
}
location ^~ /school/ {
alias html/school/;
index index.html index.htm;
try_files $uri /school/index.html;
}
# 接口代理
location /api {
proxy_pass http://localhost:10010;
}
}

復(fù)制代碼

七、配置負載均衡

upstream my_upstream {
server http://localhost:9001;
server http://localhost:9002;
server http://localhost:9003;
}
server {
listen 9000;
server_name test.com;
location / {
proxy_pass my_upstream;
proxy_set_header Host $proxy_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

復(fù)制代碼

八、SSL 配置 HTTPS

server {
listen 80;
server_name <a target="_blank">www.xxx.com</a>;
# 將 http 重定向轉(zhuǎn)移到 https
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name <a target="_blank">www.xxx.com</a>;
ssl_certificate /etc/nginx/ssl/www.xxx.com.pem;
ssl_certificate_key /etc/nginx/ssl/www.xxx.com.key;
ssl_session_timeout 10m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
root /project/xxx;
index index.html index.htm index.md;
try_files $uri $uri/ /index.html;
}
}