apache的alias规则转换成nginx配置的示例
apache的alias规则转换成nginx配置的示例
# apache主配置文件
<VirtualHost *:80>
ServerAdmin webmaster@example.com
DocumentRoot "/data/www/vhosts/chinasoft.com/httpdocs/"
ServerName chinasoft.com
ServerAlias www.chinasoft.com chinasoft.com
errorDocument 404 /404.html
ErrorLog "/var/log/error_log"
CustomLog "/var/log/access_log" combined
#HTTP_TO_HTTPS_START
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule (.*) https://www.chinasoft.com$1 [L,R=301]
</IfModule>
#HTTP_TO_HTTPS_END
#DENY FILES
<Files ~ (\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)$>
Order allow,deny
Deny from all
</Files>
#PHP
#<FilesMatch \.php$>
# SetHandler "proxy:unix:/tmp/php-cgi-73.sock|fcgi://localhost"
#</FilesMatch>
#PATH
<Directory "/data/www/vhosts/chinasoft.com/httpdocs/">
SetOutputFilter DEFLATE
Options FollowSymLinks
AllowOverride All
Require all granted
DirectoryIndex index.php index.html index.htm default.php default.html default.htm
</Directory>
<IfModule alias_module>
Alias /server/ /data/www/vhosts/chinasoft.com/httpdocs/maxserver/
</IfModule>
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmasterexample.com
DocumentRoot "/data/www/vhosts/chinasoft.com/httpdocs/"
ServerName chinasoft.com
ServerAlias www.chinasoft.com chinasoft.com
errorDocument 404 /404.html
ErrorLog "/var/log/error_log"
CustomLog "/var/log/access_log" combined
#SSL
SSLEngine On
SSLCertificateFile /etc/0924pem/chinasoft.com/full.crt
SSLCertificateKeyFile /etc/0924pem/chinasoft.com/key.crt
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
#PHP
#<FilesMatch \.php$>
# SetHandler "proxy:unix:/tmp/php-cgi-73.sock|fcgi://localhost"
#</FilesMatch>
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^chinasoft.com$ [NC]
RewriteRule (.*) https://www.%{SERVER_NAME}$1 [L,R=301]
</IfModule>
#DENY FILES
<Files ~ (\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)$>
Order allow,deny
Deny from all
</Files>
#PATH
<Directory "/data/www/vhosts/chinasoft.com/httpdocs/">
SetOutputFilter DEFLATE
Options FollowSymLinks Indexes
AllowOverride All
Require all granted
DirectoryIndex index.php index.html index.htm default.php default.html default.htm
</Directory>
<IfModule alias_module>
Alias /server/ /data/www/vhosts/chinasoft.com/httpdocs/maxserver/
</IfModule>
</VirtualHost>
# 目录下的apache配置
~ # more /data/www/vhosts/www.chinasoft.com/httpdocs/maxserver/public/.htaccess
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
RewriteBase /server/public
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>
转换成nginx的配置
# nginx 配置
~# cat /usr/local//nginx/conf/vhost.d/www.chinasoft.com.conf
upstream node_servers{
ip_hash;
server 172.31.18.105:2233 max_fails=2 fail_timeout=30s weight=1;
server 172.31.17.40:2233 max_fails=2 fail_timeout=30s weight=1;
check interval=3000 rise=2 fall=5 timeout=1000 type=tcp port=2233;
check_keepalive_requests 100;
}
server {
listen 80;
server_name chinasoft.com www.chinasoft.com ori-www.chinasoft.com;
access_log on;
access_log /data/www/logs/nginx_log/access/www.chinasoft.com_access.log main ;
error_log /data/www/logs/nginx_log/error/www.chinasoft.com_error.log ;
root /data/www/vhosts/www.chinasoft.com/httpdocs;
index index.html index.shtml index.php ;
include rewrite.d/www.chinasoft.com.conf ;
if ($http_user_agent ~ Ezooms) {
return 403;
}
location ~ ^.*\.(htaccess|htpasswd|ini|sh)$ {
deny all;
}
rewrite ^/(.*)$ https://www.chinasoft.com/$1 permanent;
}
server {
listen 443 ssl;
ssl_certificate cert2016/chinasoft_com.crt;
ssl_certificate_key cert2016/chinasoft_com.key;
ssl_dhparam cert2016/dh_2048.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA25
6:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!AES128-GCM-SHA256:!AES256-GCM-SHA384:!AES128-SHA256:!AES256-SHA256:!AES128-SHA:!AES256-SHA:AES:!C
AMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:EDH-RSA-DES-CBC3
-SHA:!KRB5-DES-CBC3-SHA";
ssl_prefer_server_ciphers on;
server_name chinasoft.com www.chinasoft.com ori-www.chinasoft.com;
access_log on;
access_log /data/www/logs/nginx_log/access/www.chinasoft.com_access.log main ;
error_log /data/www/logs/nginx_log/error/www.chinasoft.com_error.log ;
root /data/www/vhosts/www.chinasoft.com/httpdocs;
index index.html index.shtml index.php ;
include rewrite.d/www.chinasoft.com.conf ;
error_page 404 403 /404.html;
if ($http_user_agent ~ Ezooms) {
return 403;
}
location ~ ^.*\.(htaccess|htpasswd|ini|sh)$ {
deny all;
}
location /templates/ {
# proxy_pass http://127.0.0.1:2233;
proxy_pass http://node_servers;
}
location ^~ /online/ {
try_files $uri $uri/ /online/home.html;
index home.html index.html;
}
location ~* ^/server/(.+)$ {
alias /data/www/vhosts/www.chinasoft.com/httpdocs/maxserver/;
index index.php index.html;
try_files $1 $1/ /server/public/index.php?$query_string;
#try_files $uri $uri/ /server/public/index.php?$query_string;
location ~* ^/server/(.+)\.php$ {
add_header Cache-Control no-store;
fastcgi_pass unix:/tmp/php5.6-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$1.php;
include fastcgi_params;
}
}
location ~ \.php$ {
fastcgi_pass unix:/tmp/php5.6-fpm.sock;
#fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
反向代理配置规则
# cat api.chinasoft.com.conf upstream apiapi_servers { ip_hash; server 172.30.0.111:8888 max_fails=2 fail_timeout=30s weight=1; server 172.30.0.112:8888 max_fails=2 fail_timeout=30s weight=1; check interval=3000 rise=2 fall=5 timeout=1000 type=tcp port=8888; check_keepalive_requests 100; } server { listen 80; server_name api.chinasoft.com 1.1.1.1; access_log /data/www/logs/nginx_log/access/api.chinasoft.com_access.log main ; error_log /data/www/logs/nginx_log/error/api.chinasoft.com_error.log ; root /data/www/html; index index.html index.shtml index.php ; error_page 404 403 /404.html; if ($http_user_agent ~ Ezooms) { return 403; } location ~ ^.*\.(htaccess|htpasswd|ini|sh)$ { deny all; } rewrite ^/(.*)$ https://api.chinasoft.com/$1 permanent; } server { listen 443 ssl; server_name api.chinasoft.com 1.1.1.1; access_log /data/www/logs/nginx_log/access/api.chinasoft.com_access.log main ; error_log /data/www/logs/nginx_log/error/api.chinasoft.com_error.log ; root /data/www/html; index index.html index.shtml index.php ; error_page 404 403 /404.html; ssl_certificate cert2016/chinasoft_com.crt; ssl_certificate_key cert2016/chinasoft_com.key; ssl_dhparam cert2016/dh_2048.pem; ssl_session_timeout 15m; ssl_protocols TLSv1.1 TLSv1.2; ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!AES128-GCM-SHA256:!AES256-GCM-SHA384:!AES128-SHA256:!AES256-SHA256:!AES128-SHA:!AES256-SHA:AES:!CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"; if ($http_user_agent ~ Ezooms) { return 403; } location ~ ^.*\.(htaccess|htpasswd|ini|sh)$ { deny all; } location /logout { proxy_pass http://apiapi_servers; proxy_set_header X-Real-IP $remote_addr; proxy_redirect off; expires -1; client_max_body_size 32M; } location /api/sso { rewrite ^/api/(.*)$ /$1 break; proxy_pass http://apiapi_servers; proxy_set_header X-Real-IP $remote_addr; proxy_redirect off; expires -1; client_max_body_size 32M; } location /oss/ { rewrite ^/oss/(.*)$ /$1 break; proxy_pass http://apiapi_servers; proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; expires -1; client_max_body_size 32M; } location /api/ { proxy_pass http://apiapi_servers; proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; expires -1; client_max_body_size 32M; } location /pay/ { #rewrite ^/pay/(.*)$ /$1 break; proxy_pass http://apiapi_servers; proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; expires -1; client_max_body_size 32M; } location /export/ { proxy_pass http://127.0.0.1:7012/; proxy_redirect off; expires -1; client_max_body_size 32M; } location ~ ^/($|index\.htm$) { root /data/www/vhosts/api.chinasoft.com/httpdocs; try_files /index.html =404; ssi on; } location ~ ^/(favicon.ico|library|sitemap.xml|Sitemap.xml|pricing.html|faq.html|guide|author|feedback.html) { root /data/www/vhosts/api.chinasoft.com/httpdocs; } location / { proxy_pass http://127.0.0.1:8080/; proxy_redirect off; expires -1; client_max_body_size 32M; } location /oss-data/ { #rewrite ^/oss-data/(.*)$ /eus-images-design/$1 break; rewrite ^/oss-data/(.*)$ /$1 break; proxy_hide_header 'Access-Control-Allow-Origin'; add_header 'Access-Control-Allow-Origin' 'https://api.chinasoft.com'; add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range'; add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE,PATCH'; proxy_set_header Origin http://api.chinasoft.com; proxy_set_header Referer https://api.chinasoft.com/design; proxy_pass http://api.oss-us-west-1-internal.aliyuncs.com/; proxy_redirect off; expires 1d; client_max_body_size 32M; } } # cat filmapi.chinasoft.com.conf server { listen 8888; server_name filmapi.chinasoft.com 172.30.0.111; access_log /data/www/logs/nginx_log/access/filmapi.chinasoft.com_access.log main ; error_log /data/www/logs/nginx_log/error/filmapi.chinasoft.com_error.log ; root /data/www/vhosts/filmapi.chinasoft.com/httpdocs/public; index index.html index.shtml index.php ; add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS, DELETE'; add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization'; if ($request_method = 'OPTIONS') { return 204; } location / { index index.php index.html index.htm; try_files $uri $uri/ /index.php?$query_string; } location ~ \.(eot|otf|ttf|woff|woff2|svg)$ { add_header Access-Control-Allow-Origin *; } location ~ \.php$ { fastcgi_pass unix:/tmp/php-cgi.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } }
配置示例
[root@alisz-chinasoft-web01:~]# cat /usr/local/nginx/conf/vhost.d/chinasoft.cn.conf server { listen 80; server_name chinasoft.cn www.chinasoft.cn ori-www.chinasoft.cn; access_log on; access_log /data/www/logs/nginx_log/access/www.chinasoft.cn_access.log main ; error_log /data/www/logs/nginx_log/error/www.chinasoft.cn_error.log ; root /data/www/vhosts/chinasoft.cn/httpdocs; index index.html index.shtml index.php ; include rewrite.d/chinasoft.cn.conf ; add_header Referrer-Policy "no-referrer-when-downgrade" always; if ($http_user_agent ~ Ezooms) { return 403; } location ~ ^.*\.(htaccess|htpasswd|ini|sh)$ { deny all; } rewrite ^/(.*)$ https://www.chinasoft.cn/$1 permanent; } server { listen 443 ssl; ssl_certificate cert2016/www_chinasoft_cn.crt; ssl_certificate_key cert2016/www_chinasoft_cn.key; ssl_dhparam cert2016/dh_2048.pem; ssl_session_timeout 5m; ssl_protocols TLSv1.1 TLSv1.2; ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!AES128-GCM-SHA256:!AES256-GCM-SHA384:!AES128-SHA256:!AES256-SHA256:!AES128-SHA:!AES256-SHA:AES:!CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"; ssl_prefer_server_ciphers on; server_name chinasoft.cn www.chinasoft.cn ori-www.chinasoft.cn; access_log on; access_log /data/www/logs/nginx_log/access/www.chinasoft.cn_access.log main ; error_log /data/www/logs/nginx_log/error/www.chinasoft.cn_error.log ; root /data/www/vhosts/chinasoft.cn/httpdocs; index index.html index.shtml index.php ; include rewrite.d/chinasoft.cn.conf ; #error_page 404 403 /404.html; add_header Referrer-Policy "no-referrer-when-downgrade" always; if ($http_user_agent ~ Ezooms) { return 403; } location ~ ^.*\.(htaccess|htpasswd|ini|sh)$ { deny all; } #location ~* ^/public{ # #alias /data/www/vhosts/chinasoft.cn/httpdocs/server/public; # root /data/www/vhosts/chinasoft.cn/httpdocs/server; # index index.php index.html; # try_files $1 $1/ /index.php?$query_string; # location ~* ^/public/(.+)\.php$ { # add_header Cache-Control no-store; # fastcgi_pass unix:/tmp/php-cgi.sock; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME $document_root$1.php; # include fastcgi_params; # } #} location ~* ^/public/(.+)$ { alias /data/www/vhosts/chinasoft.cn/httpdocs/server/; index index.php index.html; try_files $1 $1/ /server/public/index.php?$query_string; location ~* ^/public/(.+)\.php$ { add_header Cache-Control no-store; fastcgi_pass unix:/tmp/php-cgi.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$1.php; include fastcgi_params; } } location /design/ { try_files $uri $uri/ /design/index.php?$args; index index.php; } location ~ \.php$ { fastcgi_pass unix:/tmp/php-cgi.sock; #fastcgi_pass unix:/tmp/php-cgi.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } location / { try_files $uri $uri/ /index.html?$args; index index.html; } }