nginx配置
基础配置:
#全局配置-------------------------------------------------------------
#指定nginx运行的用户及用户组,默认为nobody
#user nobody;
#开启线程数,最大值可设逻辑CPU核数
#worker_processes 1;
#定位全局错误日志文件,级别以notice显示,还有debug,info,warn,error,crit模式,debug输出最多,crir输出最少,根据实际环境而定
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#指定进程id的存储文件位置
#pid logs/nginx.pid;
#指定一个nginx进程打开的最多文件描述符数目,受系统进程的最大打开文件数量限制
#worker_rlimit_nofile 65535
events{
accept_mutex on;#on(开启状态),将会对多个Nginx进程接收连接进行序列号,一个个来唤醒接收,就防止了多个进程对连接的争抢。
multi_accept on;#用来设置是否允许同时接收多个网络连接
worker_commections 1024;#配置单个worker进程最大的连接数,nginx 默认连接数是1024
use epoll;
}
#详解:07《Nginx 入门教程》Nginx 的 Http 模块介绍(上) - 知乎 (zhihu.com)
http { send_timeout 3m; sendfile on; tcp_nopush on; keepalive_timeout 120; tcp_nodelay on; include /etc/nginx/mime.types; default_type application/octet-stream; client_header_buffer_size 256k; large_client_header_buffers 4 256k; client_max_body_size 50m; client_body_buffer_size 256k; client_header_timeout 3m; client_body_timeout 3m; open_file_cache max=655350 inactive=20s; open_file_cache_valid 30s; open_file_cache_min_uses 1; server_tokens off; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; gzip on; include /etc/nginx/conf.d/*.conf; }
地址重写:浏览器将域名更改为新域名
if ($host = 'abc.com' ) { rewrite ^/(.*)$ http://xyz.com/$1 permanent; } if ($host = 'zk.cn' ) { rewrite ^/(.*)$ http://10.135.7.122/$1 permanent; }
proxy_temp_path /data/server/proxy_temp_dir;
proxy_cache_path /data/server/proxy_cache_dir levels=1:2 keys_zone=answerv2_cache:256m inactive=2d
代理k8s ingress:
upstream nodes3.srv { server 192.168.10.46:10080; server 192.168.10.47:10080; server 192.168.10.48:10080; } location /dataweb/ { proxy_pass http://nodes3.srv/; proxy_http_version 1.1; proxy_redirect off; proxy_set_header Host data.web; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Port 9003; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; limit_conn one 10000; limit_rate 40960k; }
location /service {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://10.120.0.120:9000;
index index.html index.htm;
}
location /wuku-web {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://10.120.0.235:9000/wuku-web;
index index.html index.htm;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://10.133.0.235:9000/wuku-web/;
index index.html index.htm;
}
proxy_ssl_protocols TLSv1.2;
proxy_read_timeout 3600;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header 'Access-Control-Allow-Methods' 'GET,OPTIONS,PUT,DELETE' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Origin' '$http_origin' always;
add_header 'Access-Control-Allow-Headers' 'Authorization,DNT,User-Agent,Keep-Alive,Content-Type,accept,origin,X-Requested-With' always;
同一个端口发布两个vue前端项目:
#方案1 server { listen 1111; server_name _; location / { root /usr/local; index index.html index.htm; } location /wuk-space-web { alias /usr/local/wuk-space-web; try_files $uri $uri/ @router; } location @router { try_files $uri $uri/ /wuk-space-web/index.html; #基于/ 配置的root目录,也可单独配置root } location /wuku-web { alias /usr/local/wuku-web; try_files $uri $uri/ @router2; } location @router2 { try_files $uri $uri/ /wuku-web/index.html; } }
#方案2 server { listen 888; server_name _; root /usr/local/; location / { index index.html index.htm; } location /wuk-space-web { index index.html index.htm; if (!-e $request_filename) { rewrite ^/(.*) /wuk-space-web/index.html last; break; } } location /wuku-web { index index.html index.htm; if (!-e $request_filename) { rewrite ^/(.*) /wuku-web/index.html last; break; } } }
server {
listen 999;
server_name _;
root /usr/local/;
location / {
index index.html index.htm;
}
location /wuk-space-web {
index index.html index.htm;
try_files $uri $uri/ /wuk-space-web/index.html;
}
location /wuku-web {
index index.html index.htm;
try_files $uri $uri/ /wuku-web/index.html;
}
}
代理配置
proxy_set_header X-Real-IP $remote_addr; # 存放用户的真实ip
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # 每经过一个反向代理,就会把反向代理IP存放在X-Forwarded-For里
获取真实IP
set_real_ip_from 172.25.78.11; # 真实服务器上一级代理的IP地址或者IP段,可以写多行 real_ip_header X-Forwarded-For; # 告知Nginx真实客户端IP从哪个请求头获取 real_ip_recursive on; 是否递归解析,当real_ip_recursive配置为off时,Nginx会把real_ip_header指定的请求头中的最后一个IP作为真实客户端IP; 当real_ip_recursive配置为on时,Nginx会递归解析real_ip_header指定的请求头,最后一个不匹配set_real_ip_from的IP作为真实客户端IP。
白名单
geo $white_ip { default 1; 10.133.0.0/24 0; } map $white_ip $limit { 1 $binary_remote_addr; 0 ""; }
自定义404
http中打开fastcgi_intercept_errors,server中自定义网页。
fastcgi_intercept_errors on;
error_page 404 /404.html; location = /404.html { root /usr/share/nginx/html; }
504超时
proxy_connect_timeout 3600s;
proxy_send_timeout 3600s;
proxy_read_timeout 3600s;
本文来自博客园,作者:zk01,转载请注明原文链接:https://www.cnblogs.com/zhangxiaokui/p/16017175.html
