基础配置
1 user root; 2 worker_processes 1; 3 4 events { 5 worker_connections 10240; 6 } 7 8 http { 9 log_format '$remote_addr - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent"'; 10 include mime.types; 11 default_type application/octet-stream; 12 sendfile on; 13 #autoindex on; 14 #autoindex_exact_size off; 15 autoindex_localtime on; 16 keepalive_timeout 65; 17 gzip on; 18 gzip_disable "msie6"; 19 gzip_min_length 100; 20 gzip_buffers 4 16k; 21 gzip_comp_level 1; 22 gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png; 23 gzip_types "*"; 24 gzip_vary off; 25 server_tokens off; 26 client_max_body_size 200m; 27 28 server { 29 listen 80 default_server; 30 server_name _; 31 return 403 /www/403/index.html; 32 } 33 34 include ../serve/*.conf; 35 }
隐藏 Nginx 版本信息
1 http { 2 server_tokens off; 3 }
禁止ip直接访问80端口
1 server { 2 listen 80 default; 3 server_name _; 4 return 500; 5 }
VUE 部署(单项目)
server { # 项目启动端口 listen 80; # 域名(localhost) server_name _; # 禁止 iframe 嵌套 add_header X-Frame-Options SAMEORIGIN; # 访问地址 根路径配置 location / { # 项目目录 root html; # 默认读取文件 index index.html; # 配置 history 模式的刷新空白 try_files $uri $uri/ /index.html; } # 后缀匹配,解决静态资源找不到问题 location ~* \.(gif|jpg|jpeg|png|css|js|ico)$ { root html/static/; } # 图片防盗链 location ~/static/.*\.(jpg|jpeg|png|gif|webp)$ { root html; valid_referers *.deeruby.com; if ($invalid_referer) { return 403; } } # 访问限制 location /static { root html; # allow 允许 allow 39.xxx.xxx.xxx; # deny 拒绝 deny all; } }
多项目路由访问配置
server { listen 80; server_name _; # 主应用 location / { root html/main; index index.html; try_files $uri $uri/ /index.html; } # 子应用一 location ^~ /route01/ { proxy_pass http://localhost:8011; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } # 子应用二 location ^~ /route02/ { proxy_pass http://localhost:8012; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } # 静态资源读取不到问题处理 rewrite ^/api/profile/(.*)$ /(替换成正确路径的文件的上一层目录)/$1 last; } # 子应用一服务 server { listen 8011; server_name _; location / { root html/route01; index index.html; try_files $uri $uri/ /index.html; } location ^~ /route02/ { alias html/route02/; index index.html index.htm; try_files $uri /store/index.html; } # 接口代理 location /api { proxy_pass http://localhost:9001; } } # 子应用二服务 server { listen 8012; server_name _; location / { root html/school; index index.html; try_files $uri $uri/ /index.html; } location ^~ /school/ { alias html/school/; index index.html index.htm; try_files $uri /school/index.html; } # 接口代理 location /api { proxy_pass http://localhost:9002 } }
PC端和移动端使用不同的项目文件映射
server { ...... location / { root /home/pc; if ($http_user_agent ~* '(mobile|android|iphone|ipad|phone)') { root /home/mobile; } index index.html; } }
配置负载均衡
upstream cut_loadbalance { server http://localhost:8011; server http://localhost:8012; server http://localhost:8013; } server { listen 9000; server_name xxx.com; location / { proxy_pass cut_loadbalance; proxy_set_header Host $proxy_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }
配置Https证书SSL
1 server { 2 listen 80; 3 server_name www.xxx.com; 4 # 将 http 重定向转移到 https 5 return 301 https://$server_name$request_uri; 6 } 7 8 server { 9 listen 443 ssl; 10 server_name www.xxx.com; 11 ssl_certificate /etc/nginx/ssl/www.xxx.com.pem; 12 ssl_certificate_key /etc/nginx/ssl/www.xxx.com.key; 13 ssl_session_timeout 10m; 14 ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; 15 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 16 ssl_prefer_server_ciphers on; 17 18 location / { 19 root /project/xxx; 20 index index.html index.htm index.md; 21 try_files $uri $uri/ /index.html; 22 } 23 }
努力不给自己一点懒惰的理由,否则你会一蹶不振