1、默认安装配置
指向 html 目录下 index 页面
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
#主机配置模块
server {
#监听 80 端口(端口必须被打开,nginx 默认只打开 80 端口)
listen 80;
#监听的 域名 或者 IP
server_name localhost;
#具体处理规则
location / {
root html;
index index.html index.htm;
}
}
}
2、反向代理配置
访问域名 zxguan.com 指向 8080 端口后台管理服务
server {
listen 80;
server_name zxguan.com;
location / {
proxy_pass http://zxguan.com:8080/;
}
}
- 根据
访问路径
指向不同端口
服务
server {
listen 80;
server_name zxguan.com;
location ~ /website/ {
proxy_pass http://zxguan.com:8081;
}
location ~ /admin/ {
proxy_pass http://zxguan.com:8082;
}
}
- 根据
访问域名
指向不同端口
服务
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
#主机配置 1
server {
listen 80;
server_name zxguan.com;
location / {
proxy_pass http://localhost:8080/;
}
}
#主机配置 2
server {
listen 80;
server_name admin.zxguan.com;
location / {
proxy_pass http://localhost:8080/;
}
}
}
3、负载均衡配置
http {
#负载均衡 服务名
upstream myservice {
server 1.1.1.1:8081 weight=1;
server 1.1.1.1:8082 weight=2;
}
server {
listen 80;
server_name 1.1.1.1
location = / {
proxy_pass http://myservice;
}
}
}
4、动静分离配置(动态资源、静态资源分离)
http {
server {
listen 80;
server_name 1.1.1.1
location /images/ {
root /data/;
}
location /css/ {
root /data/;
}
}
}
5、HTTP 与 HTTPS 同时支持
- 分开配置
server {
listen 80;
server_name zxguan.com www.zxguan.com;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
proxy_pass http://localhost:8080/;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
# HTTPS server
server {
#SSL协议访问端口号为443。此处如未添加ssl,可能会造成Nginx无法启动。
listen 443 ssl;
server_name zxguan.com www.zxguan.com;
#证书的文件名
ssl_certificate cert/3929293_zxguan.com.pem;
#证书的密钥文件名
ssl_certificate_key cert/3929293_zxguan.com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
#使用该协议进行配置。
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#使用此加密套件。
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host "zxguan.com";
proxy_set_header X-Protocol https;
proxy_http_version 1.1;
proxy_buffering off;
proxy_ssl_server_name on;
proxy_ssl_session_reuse off;
proxy_pass http://www.zxguan.com:8080/;
}
}
- 合并配置
server {
listen 80 default backlog=2048;
listen 443 ssl;
server_name zxguan.com www.zxguan.com;
charset utf-8;
#证书的文件名
ssl_certificate cert/3929293_zxguan.com.pem;
#证书的密钥文件名
ssl_certificate_key cert/3929293_zxguan.com.key;
#使用该协议进行配置。
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#使用此加密套件。
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
location / {
proxy_pass http://localhost:8080/;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
- HTTP 重定向到 HTTPS
server {
listen 80;
server_name admin.zxguan.com;
rewrite ^(.*)$ https://$host$1 permanent;
}
server {
listen 443 ssl;
server_name admin.zxguan.com;
charset utf-8;
#证书的文件名
ssl_certificate cert/admin.zxguan.com.pem;
#证书的密钥文件名
ssl_certificate_key cert/admin.zxguan.com.key;
#使用该协议进行配置。
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#使用此加密套件。
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
location / {
proxy_pass http://localhost:8888/;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
注意:
- 示例 5 中,
https
代理配置中proxy_pass
为http 协议
路径,若使用https
,则/usr/local/nginx/logs/error.log
中会出现以下异常。
2020/05/18 14:28:27 [error] 21602#0: *615 SSL_do_handshake() failed (SSL: error:1408F10B:SSL routines:ssl3_get_record:wrong version number) while SSL handshaking to upstream, client: 1.1.1.1, server: zxguan.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://1.1.1.1:8080/favicon.ico", host: "www.zxguan.com", referrer: "https://www.zxguan.com/"