Nginx常用配置

Nginx常用配置

以下举例都是个人日常会用到的一些的nginx配置,
写在这里一来当做学习笔记方便自己后续查阅,
二来算是收集分享,供以参考。

Certbot webroot验证

需要先创建.well-known路径,父路径自选,这边先定义为/opt/.well-known

server{
    listen 80;
    server_name ${domain};
    location /.well-known {
        root /opt;
    }
    location / {
        rewrite ^(.*)$ https://${domain}$1 permanent;
    }
}

定义json格式的nginx日志

json格式的日志后续取到其他地方做日志分析时会更方便些。

# http块
http{
......
    log_format json_log escape=json '{"realip": "$remote_addr","@itimestamp": "$time_iso8601",
"host": "$http_host","request": "$request","reg_body": "$request_body",
"status": "$status","size": "$body_bytes_sent","ua": "$http_user_agent",
"cookie": "$http_cookie","reg_time": "$request_time","uri": "$uri",
"referenr": "$http_neferer","xff": "$http_x_forwanded_for",
"ups_status": "$upstream_status","ups_addr": "$upstream_addr",
"ups_time": "$upstream_response_time"}';
......
}

# server块
server {
    listen 443 ssl;
    server_name ${domain} ;
    access_log /var/log/nginx/${domain}.log json_log;
......
}

SSL配置

日常用certbot生成ssl正式,主要的证书生成路径是“/etc/letsencrypt/live/${domain}”,
nginx主要是配置“ssl_certificate” 和 “ssl_certificate_key”这两个字段,
还有不想写“ssl on”可以直接在listen后面加上“ssl”。

server {
    listen 443 ssl;
    server_name ${domain} ;
    ssl_certificate /etc/letsencrypt/live/${domain}/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/${domain}/privkey.pem;
......
}

gzip配置

server{
......
    listen 443 ssl;
    server_name ${domain} ;
    gzip on;
    gzip_buffers 32 4K;
    gzip_comp_level 6;
    gzip_min_length 50K;
    gzip_types *;
    gzip_vary on;
......
}

获取客户端真实IP

如果有多层代理,“$remote_addr” 取到的则未必是真实客户端ip,
server块的举例主要是日常生产经常需要抛header给后端。

# http块
http {
    map $http_x_forwarded_for  $clientRealIp {
        "" $remote_addr;
        ~^(?P<firstAddr>[0-9\.]+),?.*$ $firstAddr;
    }
......
}
# sever块
server {
......
      proxy_set_header X-Real-IP $clientRealIp;
......
}

websocket

后端服务使用websocket必须配置,
否则服务器将继续使用http协议来通信,导致报错。

server {
......
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
......
}

跨域

这是个麻烦的事情,这边举个简单的例子,或许简单的服务可以直接套用
复杂的服务则需要针对实际情况去调整了

server {
......
    add_header 'Access-Control-Allow-Origin' '*';
    add_header 'Access-Control-Allow-Methods' 'POST,GET,PUT,DELETE,OPTIONS';
    add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Content-Length,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since';
    add_header 'Access-Control-Allow-Credentials' 'true';
......
}

web页面认证

htpasswd 生成账号密码文件

server {
    listen ;
    server_name ${doamin};
    auth_basic "请输入用户和密码"; # 验证时的提示信息
    auth_basic_user_file /etc/nginx/conf.d/htpasssword/passwd; # 路径自定义
    ......
}

php应用

server {
......
    location ~ /??????/.*\.php$ {
        root /??????;
        try_files $uri $uri/ /index.php?$args;
        include fastcgi.conf;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }
......
}
posted @   ヾ(o◕∀◕)ノヾ  阅读(15)  评论(0编辑  收藏  举报
(评论功能已被禁用)
相关博文:
·  Nginx----GeoIP2模块使用
·  docker-compose部署Nginx
·  Nginx 常用配置,避坑指南!
·  Nginx 常用配置
·  Nginx常用配置
阅读排行:
· TypeScript + Deepseek 打造卜卦网站:技术与玄学的结合
· Manus的开源复刻OpenManus初探
· AI 智能体引爆开源社区「GitHub 热点速览」
· 三行代码完成国际化适配,妙~啊~
· .NET Core 中如何实现缓存的预热?
点击右上角即可分享
微信分享提示
SQL AI 助手