心安
代码的世界,简单而又直接

基础配置

 1 user                            root;
 2 worker_processes                1;
 3 
 4 events {
 5   worker_connections            10240;
 6 }
 7 
 8 http {
 9   log_format                    '$remote_addr - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent"';
10   include                       mime.types;
11   default_type                  application/octet-stream;
12   sendfile                      on;
13   #autoindex                    on;
14   #autoindex_exact_size         off;
15   autoindex_localtime           on;
16   keepalive_timeout             65;
17   gzip                          on;
18   gzip_disable                  "msie6";
19   gzip_min_length               100;
20   gzip_buffers                  4 16k;
21   gzip_comp_level               1;
22   gzip_types                  text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
23   gzip_types                    "*";
24   gzip_vary                     off;
25   server_tokens                 off;
26   client_max_body_size          200m;
27 
28   server {
29     listen                      80 default_server;
30     server_name                 _;
31     return                      403 /www/403/index.html;
32   }
33 
34   include                       ../serve/*.conf;
35 }

隐藏 Nginx 版本信息

1 http {
2   server_tokens         off;
3 }

禁止ip直接访问80端口

1 server {
2   listen                80 default;
3   server_name           _;
4   return                500;
5 }

VUE 部署(单项目)

server {
  # 项目启动端口
  listen            80;
  # 域名(localhost)
  server_name       _;
  # 禁止 iframe 嵌套
  add_header        X-Frame-Options SAMEORIGIN;
  
  # 访问地址 根路径配置
  location / {
    # 项目目录
    root         html;
    # 默认读取文件
    index           index.html;
    # 配置 history 模式的刷新空白
    try_files       $uri $uri/ /index.html;
  }
  
  # 后缀匹配,解决静态资源找不到问题
  location ~* \.(gif|jpg|jpeg|png|css|js|ico)$ { 
    root           html/static/;
  }
  
  # 图片防盗链
  location ~/static/.*\.(jpg|jpeg|png|gif|webp)$ {
    root              html;
    valid_referers    *.deeruby.com;
    if ($invalid_referer) {
      return          403;
    }
  }
  
  # 访问限制
  location /static {
    root               html;
    # allow 允许
    allow              39.xxx.xxx.xxx;
    # deny  拒绝
    deny               all;
  }
}

多项目路由访问配置

server {
  listen                80;
  server_name           _;
  
  # 主应用
  location / {
    root          html/main;
    index               index.html;
    try_files           $uri $uri/ /index.html;
  }
  
  # 子应用一
  location ^~ /route01/ {
    proxy_pass          http://localhost:8011;
    proxy_redirect      off;
    proxy_set_header    Host $host;
    proxy_set_header    X-Real-IP $remote_addr;
    proxy_set_header    X-Forwarded-For
    proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
  }
  
  # 子应用二
  location ^~ /route02/ {
    proxy_pass          http://localhost:8012;
    proxy_redirect      off;
    proxy_set_header    Host $host;
    proxy_set_header    X-Real-IP $remote_addr;
    proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
  }
  
  # 静态资源读取不到问题处理
  rewrite ^/api/profile/(.*)$ /(替换成正确路径的文件的上一层目录)/$1 last;
}

# 子应用一服务
server {
  listen                8011;
  server_name           _;
  location / {
    root          html/route01;
    index               index.html;
    try_files           $uri $uri/ /index.html;
  }
  
  location ^~ /route02/ {
    alias               html/route02/;
    index               index.html index.htm;
    try_files           $uri /store/index.html;
  }
  
  # 接口代理
  location  /api {
    proxy_pass          http://localhost:9001;
  }
}

# 子应用二服务
server {
  listen                8012;
  server_name           _;
  location / {
    root          html/school;
    index               index.html;
    try_files           $uri $uri/ /index.html;
  }
  
  location ^~ /school/ {
    alias               html/school/;
    index               index.html index.htm;
    try_files           $uri /school/index.html;
  }
  
  # 接口代理
  location  /api {
    proxy_pass          http://localhost:9002
  }
}

PC端和移动端使用不同的项目文件映射

server {
  ......
  location / {
    root /home/pc;
    if ($http_user_agent ~* '(mobile|android|iphone|ipad|phone)') {
      root /home/mobile;
    }
    index index.html;
  }
}

配置负载均衡

upstream cut_loadbalance {
  server                http://localhost:8011;
  server                http://localhost:8012;
  server                http://localhost:8013;
}

server {
  listen                9000;
  server_name           xxx.com;

  location / {
    proxy_pass          cut_loadbalance;
    proxy_set_header    Host $proxy_host;
    proxy_set_header    X-Real-IP $remote_addr;
    proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
  }
}

 配置Https证书SSL

 1 server {
 2   listen                      80;
 3   server_name                 www.xxx.com;
 4   # 将 http 重定向转移到 https
 5   return 301 https://$server_name$request_uri;
 6 }
 7 
 8 server {
 9   listen                      443 ssl;
10   server_name                 www.xxx.com;
11   ssl_certificate             /etc/nginx/ssl/www.xxx.com.pem;
12   ssl_certificate_key         /etc/nginx/ssl/www.xxx.com.key;
13   ssl_session_timeout         10m;
14   ssl_ciphers                 ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
15   ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;
16   ssl_prefer_server_ciphers   on;
17   
18   location / {
19     root                    /project/xxx;
20     index                   index.html index.htm index.md;
21     try_files               $uri $uri/ /index.html;
22   }
23 }

 

posted on 2023-07-12 14:47  逐梦の心安  阅读(52)  评论(0编辑  收藏  举报