Nginx 学习之使用示例

最新推荐文章于 2021-12-10 23:36:55 发布

zxguan

最新推荐文章于 2021-12-10 23:36:55 发布

阅读量229

点赞数

分类专栏： Nginx 文章标签： nginx

本文链接：https://blog.csdn.net/DreamStar2560/article/details/106170888

版权

Nginx 专栏收录该内容

1 篇文章 0 订阅

订阅专栏

使用示例

注意：

1、默认安装配置

指向 html 目录下 index 页面

	http {
	    include       mime.types;
	    default_type  application/octet-stream;
	    sendfile        on;
	    keepalive_timeout  65;
		#主机配置模块
	    server {
			#监听 80 端口(端口必须被打开，nginx 默认只打开 80 端口)
	        listen       80;
	        
			#监听的 域名 或者 IP
	        server_name  localhost;
	        
			#具体处理规则
	        location / {
	            root   html;
	            index  index.html index.htm;
	        }
	    }
	}

2、反向代理配置

访问域名 zxguan.com 指向 8080 端口后台管理服务

    server {
        listen       80;
        server_name  zxguan.com;
        location / {
			proxy_pass http://zxguan.com:8080/;
        }
    }

根据 访问路径 指向不同 端口 服务

    server {
        listen       80;
        server_name  zxguan.com;

		location ~ /website/ {
			proxy_pass http://zxguan.com:8081;
		}
		
		location ~ /admin/ {
			proxy_pass http://zxguan.com:8082;
		}
    }

根据 访问域名 指向不同 端口 服务

	http {
	    include       mime.types;
	    default_type  application/octet-stream;
	    sendfile        on;
	    keepalive_timeout  65;
	    
	    #主机配置 1
		server {
			listen       80;
			server_name  zxguan.com;

			location / {
				proxy_pass http://localhost:8080/;
			}
		}
		
		#主机配置 2
		server {
			listen       80;
			server_name  admin.zxguan.com;

			location / {
				proxy_pass http://localhost:8080/;
			}
		}
	}

3、负载均衡配置

	http {
		#负载均衡 服务名 
		upstream myservice {
			server 1.1.1.1:8081 weight=1;
			server 1.1.1.1:8082 weight=2;
		}
	
		server {
			listen 	80;
			server_name	1.1.1.1
			
			location = / {
				proxy_pass http://myservice;
			}
		}
	}

4、动静分离配置（动态资源、静态资源分离）

	http {
		server {
			listen 	80;
			server_name	1.1.1.1	
			location /images/ {
				root /data/;
			}
			location /css/ {
				root /data/;
			}
		}
	}

5、HTTP 与 HTTPS 同时支持

分开配置

    server {
        listen       80;
        server_name  zxguan.com www.zxguan.com;
        #charset koi8-r;
        #access_log  logs/host.access.log  main;

        location / {
            proxy_pass http://localhost:8080/;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }

    # HTTPS server
    server {
		#SSL协议访问端口号为443。此处如未添加ssl，可能会造成Nginx无法启动。
        listen       443 ssl;
        server_name  zxguan.com www.zxguan.com;
		
		#证书的文件名
        ssl_certificate      cert/3929293_zxguan.com.pem;
		#证书的密钥文件名
        ssl_certificate_key  cert/3929293_zxguan.com.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;
		
		#使用该协议进行配置。
		ssl_protocols TLSv1 TLSv1.1 TLSv1.2;   
		
		#使用此加密套件。
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; 
        ssl_prefer_server_ciphers  on;

        location / {
            proxy_set_header  X-Real-IP  $remote_addr;
            proxy_set_header Host "zxguan.com";
            proxy_set_header X-Protocol https;
            proxy_http_version 1.1;
            proxy_buffering off;
		    proxy_ssl_server_name on;
		    proxy_ssl_session_reuse off;
            proxy_pass http://www.zxguan.com:8080/;
        }
    }

合并配置

    server {
        listen 80 default backlog=2048;
		listen 443 ssl;
        server_name  zxguan.com www.zxguan.com;

        charset utf-8;
		
		#证书的文件名
        ssl_certificate      cert/3929293_zxguan.com.pem;
        #证书的密钥文件名
        ssl_certificate_key  cert/3929293_zxguan.com.key;
		
        #使用该协议进行配置。
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
		
        #使用此加密套件。
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_prefer_server_ciphers  on;
		
        ssl_session_cache    shared:SSL:10m;
        ssl_session_timeout  10m;

        location / {
            proxy_pass http://localhost:8080/;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }

HTTP 重定向到 HTTPS

	server {  
		listen 80;  
		server_name admin.zxguan.com;  
		rewrite ^(.*)$  https://$host$1 permanent;  
	}  
	
    server {
		listen 443 ssl;
        server_name  admin.zxguan.com;

        charset utf-8;
		
		#证书的文件名
        ssl_certificate      cert/admin.zxguan.com.pem;
        #证书的密钥文件名
        ssl_certificate_key  cert/admin.zxguan.com.key;
		
        #使用该协议进行配置。
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
		
        #使用此加密套件。
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_prefer_server_ciphers  on;
		
        ssl_session_cache    shared:SSL:10m;
        ssl_session_timeout  10m;

        location / {
            proxy_pass http://localhost:8888/;
        }

        error_page  500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }

注意：

示例 5 中，https 代理配置中 proxy_pass 为 http 协议 路径，若使用 https，则 /usr/local/nginx/logs/error.log 中会出现以下异常。

	2020/05/18 14:28:27 [error] 21602#0: *615 SSL_do_handshake() failed (SSL: error:1408F10B:SSL routines:ssl3_get_record:wrong version number) while SSL handshaking to upstream, client: 1.1.1.1, server: zxguan.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://1.1.1.1:8080/favicon.ico", host: "www.zxguan.com", referrer: "https://www.zxguan.com/"