nginx 最佳实践
nginx.conf
error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; load_module modules/ngx_http_image_filter_module.so; events { worker_connections 10240; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; #tcp_nopush on; keepalive_timeout 30; #gzip on; #置灰配置 #sub_filter '</head>' '<style type="text/css">html { filter:grayscale(100%); -webkit-filter: grayscale(100%); -moz-filter: grayscale(100%); -ms-filter: grayscale(100%); -o-filter: grayscale(100%); filter: progid:DXImageTransform.Microsoft.BasicImage(grayscale=1); filter: gray;}</style></head>'; #sub_filter_types *; #sub_filter_once off; include /etc/nginx/conf.d/*.conf; }
front-proxy.conf
server { listen 80; proxy_intercept_errors on; charset utf-8; server_name chain-front-tst.xxxtech.cn chain-tst-img.xxxtech.cn; client_max_body_size 200m; set $accessip false; if ( $http_x_forwarded_for ~ 124.127.104.130,.* ) {set $accessip true;} #rmkj-youxian if ( $http_x_forwarded_for ~ 124.127.104.130 ) {set $accessip true;} #rmkj-youxian if ( $http_x_forwarded_for ~ 180.212.253.41,.* ) {set $accessip true;} if ( $http_x_forwarded_for ~ 180.212.253.41 ) {set $accessip true;} if ( $http_x_forwarded_for ~ 10.50.8.32,.* ) {set $accessip true;} #vpn if ( $http_x_forwarded_for ~ 10.50.8.32 ) {set $accessip true;} #vpn if ( $accessip = 'false') {return 403;} if ($http_referer ~ "baidu.com") { rewrite ^/(.*)$ https://chain.xxxtech.cn/ permanent; } location ~ .*\.(css|js|swf)$ { add_header Cache-Control max-age=200; if_modified_since off; expires off; etag off; root /h5; } location / { add_header Cache-Control private; add_header Cache-Control "no-store"; add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS'; add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization'; if_modified_since off; expires off; etag off; root /h5; index index.html; try_files $uri $uri/ /index.html; } location /api/v2/ { proxy_pass http://nft-api; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /media/uploads/ { add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Methods *; add_header Access-Control-Allow-Headers *; root /; #image_filter_buffer 200M; #image_filter_interlace on; #image_filter_jpeg_quality 80; #image_filter resize 100 80; } location /api/v3/ { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #注意添加theone3 白名单 proxy_pass https://theone3-appapi.xxxtech.cn; #proxy_pass http://qa-theone3appapi.xxxtech.cn; } location /api/v3/certificate/c750X1805 { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://nft-compose-api; } location /MP_verify_pvvGnSyTQDwEiXuP.txt { root /etc/nginx/; } location /MP_verify_zaOvZJ2n3WL4t8Dd.txt { root /etc/nginx/; } location /MP_verify_5QHNYaCMHnTn7UNv.txt { root /etc/nginx/; } }
default.conf
#当请求的url不匹配其他的conf文件中servier_name 配置的域名时候,就会作用于default.conf 中的配置,如果想要对非本站的域名进行过滤并提示配置有问题,可以在此文件中做一些特殊提示
server { listen 80; listen [::]:80; server_name localhost; location / { default_type text/html; return 404 'request not found, please check your server name config'; } }
