Nginx常用配置

1、反向代理全局配置

include mime.types;
default_type application/octet-stream;
client_max_body_size 100m;

keepalive_timeout  65;
proxy_read_timeout 600s;

 

2、http to https

   server {
        listen       80;
        server_name  xx.cn www.xx.cn;
        rewrite ^(.*)$ https://$host$1 permanent;
    }

3、https - vue模板

server {
       listen      443 ssl http2;
       server_name xx.cn www.xx.cn;
       root   /var/www/wwwroot/xx/vue;

       ssl_certificate      /var/www/wwwroot/SSL/www.xx.cn.pem;
       ssl_certificate_key  /var/www/wwwroot/SSL/www.xx.cn.key;
    
       ssl_session_cache    shared:SSL:1m;
       ssl_session_timeout  5m;
    
       ssl_ciphers  HIGH:!aNULL:!MD5;
       ssl_prefer_server_ciphers  on;
    
       location / {
            try_files $uri $uri/ @router;#需要指向下面的@router否则会出现vue的路由在nginx中刷新出现404
            index  index.html index.htm;
        }
    
       location @router {
            rewrite ^.*$ /index.html last;
        }

   }

4、https - webApi模板

server {
        listen       443 ssl http2;
        server_name  api.xx.cn;
        ssl_certificate      /var/www/wwwroot/ssl/api.xx.cn.pem;
        ssl_certificate_key  /var/www/wwwroot/ssl/api.xx.cn.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;
    
        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;
     
        #add_header X-Frame-Options "SAMEORIGIN";     #保护Nginx 免受点击劫持的侵害
        #add_header X-Content-Type-Options "nosniff"; #可阻止大部分浏览器通过MIME方式探查来自已声明内容类型的响应

        location / {
           proxy_pass http://127.0.0.1:9000;
	        
           proxy_http_version 1.1;
           proxy_set_header Upgrade $http_upgrade;
           proxy_set_header Connection keep-alive;
           proxy_set_header Host $host;
           proxy_cache_bypass $http_upgrade;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           proxy_set_header X-Forwarded-Proto $scheme;
         }
    }

5. https - signalR模板

server {
        listen       443 ssl http2;
        server_name  ws.xxx.cn;
        ssl_certificate      /var/www/ssl/ws.xxx.cn/ws.xxx.cn.pem;
        ssl_certificate_key  /var/www/ssl/ws.xxx.cn/ws.xxx.cn.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

         location /hubs/chat {
          proxy_pass http://127.0.0.1:10000;
	        
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection $connection_upgrade;
          proxy_cache off;
          # WebSockets were implemented after http/1.0
          proxy_http_version 1.1;

          # Configuration for ServerSentEvents
          proxy_buffering off;

          # Configuration for LongPolling or if your KeepAliveInterval is longer than 60 seconds
          proxy_read_timeout 100s;

          proxy_set_header Host $host;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header X-Forwarded-Proto $scheme;
         }
    }

 

posted @ 2015-07-01 16:20  b̶i̶n̶g̶.̶  阅读(502)  评论(0编辑  收藏  举报