nginx配置示例

user  nginx;
worker_processes  4;

error_log  /var/log/nginx/error_dq.log warn;
pid        /var/run/nginx_dq.pid;


events {
    worker_connections  4096;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    client_max_body_size 12m;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access_dq.log  main;
    sendfile        on;
    server_tokens off; # 不对外显示nginx的版本号
    #tcp_nopush     on;
    keepalive_timeout  65;
    #gzip  on;
    
    server {
        listen 80 ssl;
        server_name  localhost;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Real-Port $remote_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        #add_header X-Frame-Options SAMEORIGIN; # 同源策略
        add_header X-Frame-Options 'ALLOW-FROM https://xxx.xxxxxx.com https://xxx2.xxxxxxx.com'; # 允许指定的网站嵌入，多个网站空格分隔
    
        ssl_certificate /etc/nginx/dq_certificate/dq_certificate.crt; #将nginx.crt替换成您证书的文件名。
        ssl_certificate_key /etc/nginx/dq_certificate/dq_certificate_key.key; #将nginx.key替换成您证书的密钥文件名。
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;#使用此加密套件。
        ssl_protocols TLSV1 TLSv1.1 TLSv1.2; #使用该协议进行配置。

        location ^~ /cloudGIS/ {
            proxy_pass http://192.168.xx.xx1:8080;
        }
        location ^~ /ecology/ {
            proxy_set_header Host $host;
            proxy_pass http://192.168.xx.xx2:8082;
        }
        location = /zhst-db {
            rewrite ^/zhst-db$ /ecology-frontend/webapp/index.html last;
        }
        location = /zhst-db/ {
            rewrite ^/zhst-db/$ /ecology-frontend/webapp/index.html last;
        }
        location ^~ /pics/ {
            proxy_pass https://obs.theorydance.com;
        }
        location ^~ /illegal/ {
            proxy_pass https://obs.theorydance.com/dqst/illegal/;
        }
        location ^~ /product/ {
            proxy_pass https://obs.theorydance.com/;
        }
        location ^~ /static/{
            proxy_pass http://192.168.xx.xx3:8080/check/static/;
        }
        # 针对ws协议进行升级处理
        location ~* /sms/.*\.(flv|hls)$ {
            proxy_pass http://192.168.xx.xx4:10000;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }    
        location /h5/ {
            # h5里面涉及的后端调用
            #if ($http_accept ~* .*json.*) {
            #    proxy_pass http://192.168.xx.xx5:8081;
            #    break;
            #}
            # 其它所有，代理到tomcat
            proxy_pass http://192.168.xx.xx5:8080;
        }
        # 识别移动端示例
        location /appv2/ {
            root /data/web;
            if ($http_user_agent ~* 'Android|webOS|iPod|BlackBerry') {
                root /data/mob;
            }
            index index.html index.htm;
            # 当使用post请求静态文件时会报405错误，下面这么修改为允许POST请求，这样做虽然可以让请求“成功”，但实际上绕过了 HTTP 方法的正确性检查，应谨慎使用。
            error_page 405 =200 $uri;
        }
        location / {
            proxy_pass http://192.168.xx.xx6:10000;
            # try_files $uri $uri/ /index.html;
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
}