明天的明天 永远的永远 未知的一切 我与你一起承担 ??

是非成败转头空 青山依旧在 几度夕阳红 。。。
  博客园  :: 首页  :: 管理

Windows 下配置 Nginx 使用多个conf 文件的Include 路径与Linux 有所不同。

 

如上:

Windows : include ../conf.d/*.conf

Linux:  include  /etc/nginx/conf.d/*.conf;

 

分别来看单个配置文件的内容:

总配置文件

nginx.conf

 
#############################################################
#
#           fengsh998 
#           nginx 反向代理设置,统一集管处,机器不够的话开集群。
#         包括:
#             SSL,限流,跨域,集群,黑名单,白名单,负载均衡
#
#         $PWD = /opt/nginx
#         docker run -p 443:443 -p 80:80 -p 18883:1883 -p 33060:3306 -p 38066:8066 --name nginx
#         -v $PWD/www:/www
#         -v $PWD/conf/nginx.conf:/etc/nginx/nginx.conf
#         -v $PWD/conf/modules:/usr/share/nginx
#         -v $PWD/logs:/wwwlogs
#         -v $PWD/cert:/opt/nginx/cert
#         -d nginx
#############################################################
 
user nginx;
 
#指定进程数
worker_processes auto;
 
#错误日志
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
 
#动态加载外部配置文件【inclue 路径 + *.conf 】
include /usr/share/nginx/modules/*.conf;
 
#每个进程的最大连接数 
events {
    worker_connections 1024;
}
 
http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
 
    #access_log  /var/log/nginx/access.log  main;
    access_log  /wwwlogs/httpproxy.log  main;
 
    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;
 
    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;
 
    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    # 加载配置
    include /etc/nginx/conf.d/*.conf;
    #加载upstream模块
    include /usr/share/nginx/ups_modules_http.conf;
    #加载http server 模块
    include /usr/share/nginx/http_servers/*.conf;    
 
}
 
stream {
    log_format proxy '$remote_addr [$time_local] '
                 '$protocol $status $bytes_sent $bytes_received '
                 '$session_time "$upstream_addr" '
                 '"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';
 
    access_log /wwwlogs/tcp-access.log proxy;
    open_log_file_cache off;
 
    #挂载盘opt/nginx/conf/modules
    include /usr/share/nginx/stream_servers/*.conf;
}

 

ups_modules_http.conf

    ################################################ 
    #   可以设多个server进行负载均衡
    #   IP绑定 ip_hash每个请求按访问ip的hash结果分配,这样
    #   每个访客固定访问一个后端服务器,可以解决session的问题。
    #
    ################################################# 
    upstream jira_server {
       server 172.xx.206.109:8080;
    }
 
    upstream wiki_server {
       server 172.xx.206.109:8090;
    }
 
    upstream git_server {
       server 172.xx.206.109:8999;
    }
 
    upstream hostapi_arm2_server {
       server 172.xx.206.111:32000;
    }
 
    upstream kibana_server {
       #server 172.xx.188.21:5601;
       #server 172.xx.206.112:5601;
       server 172.xx.218.227:5601;
    }
 
    #测试用
    upstream eureka_server {
       #server 172.xx.188.23:8761;
       server 172.xx.188.28:8001;
    }
 
    upstream nexus_admin { server 47.xxx.xx.126:18888 ; }
    upstream nexus_registry { server 47.xxx.xx.126:18888 ; }

 

mysql.conf

 
    upstream mysql_server {
        server 172.xx.xxx.228:33060;
        server 172.xx.xxx.229:33060;
    }
 
    server {
        listen     3306;
        proxy_connect_timeout 10s;
        proxy_timeout 525600m;
        proxy_pass mysql_server;  
    }
 

 

match.conf 当一个顶级通配域名时,可以通过规则进行匹配处理。

 
    #将所有来自http的都自动跳转为https;
    server { 
       listen 80;
       server_name .company.com;       #使用通配的方式
       rewrite ^(.*)$ https://$http_host$request_uri? permanent;
    }
 
    server {
        listen       443 ssl;
        listen       [::]:443 ssl;
 
        #访问的域名
        server_name  .company.com;
   
        #ssl 证书配置
        ssl_certificate "/opt/nginx/cert/company.com.pem";
        ssl_certificate_key "/opt/nginx/cert/company.com.key";
 
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_ciphers HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 
        # 泛域名开始配置 subdomain.domain.com的格式
        if ( $host ~* (.*)\.(.*)\.(.*) ) {
            set $domain_pix $1; #获取当前的域名前缀 eg wiki.company.com则domain被设置为wiki
        }
 
        if ( $host ~* (.*)\.(.*)\.(.*)\.(.*) ) {
           set $subdomain_pix $1;
        }
 
        if ($subdomain_pix = eureka) {
          set $goserver eureka_server;
        }
 
        #jira
        if ($domain_pix = jira) {
            set $goserver jira_server;
           # set $goserver kibana_server; 
        }
 
        if ($domain_pix = wiki2) {
            set $goserver wiki_server;
        }
 
        if ($domain_pix = arm2api) {
            set $goserver hostapi_arm2_server;
        }
 
        #gitlab 映射
        if ($domain_pix = gitlab) {
            set $goserver git_server;
        }
 
        #kibana
        #if ($domain_pix = kibana) {
        #   set $goserver kibana_server;
        #}
 
        #代理配置
        location / {
 
                #开启代理错误拦截功能
                proxy_intercept_errors on;
  
                proxy_pass  http://$goserver;
                proxy_set_header Host $host;
                #缓存key规则,自动清除缓存
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-Server $host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forward-Proto https;
 
                proxy_buffering off;
                proxy_request_buffering off;
 
                client_max_body_size 1G;
                proxy_connect_timeout 3000;
                proxy_send_timeout 3000;
                proxy_read_timeout 3000;
 
                tcp_nodelay        on;  
                
        }
 
        location /localwebsite {
            root  /www/mobile;
        }
 
        location /kibana/ {
           auth_basic "请输入用户密码"; #这里是验证时的提示信息
           auth_basic_user_file /opt/nginx/cert/passwd/fkibana;
 
           proxy_pass http://kibana_server/;
           rewrite ^/kibabna/(.*)$ /$1 break;
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header Host $host:$server_port;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           proxy_http_version 1.1;
        }
 
        #屏蔽wiki直接输入访问,所以做了个重定向
        location /browsepeople.action {
            rewrite ^(.*)$ https://wiki.company.com permanent;
        }
        
        error_page 404 /404.html;
        location = /40x.html {
 
        }
 
        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }   ###end server ssl

 

dashbroad.conf

 
    server {
 
           listen 80;
          
           server_name  dashboard.company.com;
 
           location / {
                root      /www/dashboard;
                index   index.html  index.htm;
           }
 
           location ^~ /visitor/ {
                root /www/;
                try_files $uri $uri/ /index.html last;
                index   index.html  index.htm;
           }
 
#           location / {
 #                 proxy_set_header Host $host;
  #              proxy_set_header  X-Real-IP        $remote_addr;
   #             proxy_set_header  X-Forwarded-For  $proxy_add_x_forwarded_for;
    #            proxy_set_header X-NginX-Proxy true;
     #            proxy_pass http://172.xx.xxx.112:18900;
#       }
 
           error_page  404 403 500 502 503 504 /404.html;
           location = /404.html {
                root  /www;
           }
 
    }