使用nginx时我们常用到nginx处理转发、代理、屏蔽ip访问等等,文章记录了相设置配置文档
一、nginx常用指令
%重新加载配置文件
nginx -s reload
%快速关闭nginx
nginx -s stop
%正常停止
nginx -s quit
%检测配置文件正确性
nginx -t
%查看帮助
nginx -h
%查看nginx版本信息
nginx -v
%查看nginx版本信息和编译信息
nginx -V
二、使用nginx作为web服务器
location /webui/ {
root F:\10.hardware\HardwareReleaseTool\iHR-PublishWebSites;
#服务路径。
index index.html index.htm;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
三、使用nginx转发
location /api/ {
proxy_pass http://localhost:13669/api/;#服务地址
underscores_in_headers on; #为了配合我们的CLIENT_UID,需要配置允许使用_下划线。
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
完整的配置文件如下:
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 8421;
server_name 0.0.0.0;
underscores_in_headers on;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
proxy_pass http://localhost:9306;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
四、使用nginx转https访问
server {
listen 443 ssl;
server_name localhost;
underscores_in_headers on; #为了配合我们的CLIENT_UID,需要配置允许使用_下划线。
#ssl_certificate cert.pem;
#证书名称、路径
ssl_certificate ./csr/hengda.crt;
ssl_certificate_key ./csr/hengda.rsa;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
完成的配置信息
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
# HTTPS server
#
server {
listen 443 ssl;
server_name localhost;
underscores_in_headers on; #为了配合我们的CLIENT_UID,需要配置允许使用_下划线。
#ssl_certificate cert.pem;
ssl_certificate ./csr/hengda.crt; #如果弄不清路径,配置完整路径也行,但是路径分隔符是 /而不是\
ssl_certificate_key ./csr/hengda.rsa;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
五、使用nginx做负载均衡
upstream backserver {
#转发的ip
server 192.168.18.221:80;
server 192.168.18.222:80;
}
server {
listen 80;
server_name 0.0.0.0;
underscores_in_headers on; #为了配合我们的CLIENT_UID,需要配置允许使用_下划线。
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
proxy_connect_timeout 3s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
proxy_pass http://backserver;
root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
六、白名单设置
server {
listen 8421;
server_name 0.0.0.0;
underscores_in_headers on;
#设置白名单,只允许本机和ip为192.168.18.90的主机访问
allow 192.168.18.90;
allow 127.0.0.1;
deny all;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
proxy_pass http://localhost:9306;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}