nginx.conf配置
- 反向代理
proxy_pass 通过反向代理把请求转发到百度
proxy_pass 既可以是ip地址,也可以是域名,同时还可以指定端口
proxy_pass 指定的地址携带了URI,如果前面配置【/s】,那么这里的URI将会替换请求URI中匹配location参数部分;
- 端口转发:启动的tomcat是8080端口,nginx通过80端口转发到8080的tomcat中
server { listen 80; server_name localhost; location / { root html; index index.html index.htm; } location /aone_in{ proxy_pass http://localhost:8080/aone_in; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; client_max_body_size 100m; root html; index index.html index.htm; }
- 负载均衡:8080与8081两端口起了两个tomcat,启动nginx新配置后,通过访问ip可以跳转不同tomcat。单服务器部署,可以将localhost换成不同服务器的ip。
upstream tomcatServer{ server localhost:8081 weight=30; server localhost:8080 weight=30; } server { listen 80; server_name localhost; location / { proxy_pass http://tomcatServer/aone_in/admin/login.jsp; root html; index index.html index.htm; } }
- 样式乱了:配置如下
proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade";
- 域名转发:根据不同域名转发到服务器内部不同端口
#user nobody; worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; server { listen 80; server_name api.karat.com; location / { proxy_pass http://127.0.0.1:8901; } } server { listen 80; server_name admin.karat.com; location / { proxy_pass http://127.0.0.1:8902; } } server { listen 80; server_name h5.karat.com; location / { proxy_pass http://127.0.0.1:8903; } } }
- 域名转发证书配置:通过https访问443端口,根据域名不同转发到服务器内部不同端口。如果不想http也能访问,限定https访问,去掉80端口配置
server { listen 80; server_name api.karat.com; rewrite ^(.*)$ https://${server_name}$1 permanent; } server { listen 443 ssl; server_name api.karat.com; ssl_certificate /etc/nginx/cert/server.pem; ssl_certificate_key /etc/nginx/cert/server.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { proxy_pass http://10.66.66.66:8901; } } server { listen 80; server_name admin.karat.com; rewrite ^(.*)$ https://${server_name}$1 permanent; } server { listen 443 ssl; server_name admin.karat.com; ssl_certificate /etc/nginx/cert/server.pem; ssl_certificate_key /etc/nginx/cert/server.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { proxy_pass http://10.66.66.66:8902; } } server { listen 80; server_name h5.karat.com; rewrite ^(.*)$ https://${server_name}$1 permanent; } server { listen 443 ssl; server_name h5.karat.com; ssl_certificate /etc/nginx/cert/server.pem; ssl_certificate_key /etc/nginx/cert/server.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { proxy_pass http://10.66.66.66:8903; } }
浙公网安备 33010602011771号