highlight: atelier-estuary-light
theme: scrolls-light
@TOC
ngxhttprewrite_module(参考下面示例) - [flag]: - last:重写完成后停止对当前URI在当前location中后续的其它重写操作,而后对新的URI启动新一轮重写检查;提前重启新一轮循环,不建议在location中使用 - break:重写完成后停止对当前URI在当前location中后续的其它重写操作,而后直接跳转至重写规则配置块后的其它配置;结束循环,建议在location中使用 - redirect:临时重定向,重写完成后以临时重定向方式直接返回重写后生成的新URI给客户端,由客户端重新发起请求;可使用相对路径,或http://或https://开头,此重定向信息不可缓存,状态码:302 - permanent:重写完成后以永久重定向方式直接返回重写后生成的新URI给客户端,由客户端重新发起请求,此重定向信息可缓存,状态码:301
实验:rewrite
示例1:last
访问test1时,跳转至test2
nginx10
``` [root@nginx10 ~]# vim /apps/nginx/conf/nginx.conf
location /echo {
default_type text/plain;
echo hello;
if ( $scheme = http ) {
echo http;
}
}
location /test {
index index.html;
default_type text/html;
}
location /test1 { <--
rewrite ^/test1/(.*)$ /test2/$1 last; <--访问test1时,跳转至test2
} <--
location /test2 { <--
default_type test/html; <--
echo test2; <--test2打印一句话
} <--
location / {
root html;
index index.html index.htm;
}[root@nginx10 ~]# nginx -s reload
``` centos6
[root@centos6 ~]$ curl http://192.168.37.10/test1/ test2 [root@centos6 ~]$ curl http://www.test.com/test1/ test2
示例2:break(跳转一次就可以了、不能来回跳)
nginx10 ```
break
[root@nginx10 ~]# vim /apps/nginx/conf/nginx.conf ... location /hn { rewrite ^/hn/(.)$ /henan/$1 break; } location /henan { rewrite ^/henan/(.)$ /hn/$1 break; default_type test/html; echo henan; } ...
[root@nginx10 ~]# mkdir /apps/nginx/html/henan/ [root@nginx10 ~]# echo /apps/nginx/html/henan/index.html > /apps/nginx/html/henan/index.html
[root@nginx10 ~]# nginx -s reload **centos6** [root@centos6 ~]$ curl http://192.168.37.10/hn/ henan [root@centos6 ~]$ curl http://www.test.com/hn/ henan ``` 示例3:permanent(永久重定向)
nginx
``` [root@nginx10 ~]# vim /apps/nginx/conf/nginx.conf ... location /hn { rewrite ^/hn/(.)$ /henan/$1 break; } location /henan { rewrite ^/henan/(.)$ /hn/$1 permanent; <--permanent(永久重定向) default_type test/html; echo henan; } ...
[root@nginx10 ~]# nginx -s reload ```
rewrite 生产案例 - 1. 要求:将 http:// 请求跳转到 https:// 2. 生产案例
location / { if ($scheme = http ) { rewrite / https://www.magedu.net/ redirect; } }
实验:跳转
nginx ``` [root@nginx ~]# vim /etc/nginx/conf.d/test.conf
servertokens off; server { listen 80; listen 443 ssl; servername www.a.net; root /data/site1/; sslcertificate /etc/nginx/ssl/a.net.crt; sslcertificatekey /etc/nginx/ssl/a.net.key; sslsessioncache shared:sslcache:20m; sslsessiontimeout 10m; accesslog /var/log/nginx/anet.access.log accessjson; location / { <-- if ( $scheme = http ) { <--if条件判断 rewrite ^/(.*)$ https://www.a.net/$1 redirect; <-- } <-- } <-- }
server { listen 80; server_name *.a.tech; root /data/site2/; }
[root@nginx ~]# nginx -s reload
**centos6**
'L跳转、-k忽略证书检查'
[root@centos6 ~]$ curl -IL -k http://www.a.net/ HTTP/1.1 302 Moved Temporarily Server: nginx Date: Tue, 09 Aug 2022 19:32:44 GMT Content-Type: text/html Content-Length: 138 Connection: keep-alive Location: https://www.a.net/
HTTP/1.1 200 OK Server: nginx Date: Tue, 09 Aug 2022 19:32:44 GMT Content-Type: text/html Content-Length: 23 Last-Modified: Mon, 08 Aug 2022 18:27:36 GMT Connection: keep-alive ETag: "62f15598-17" Accept-Ranges: bytes
成功
[root@centos6 ~]$ curl -L -k http://www.a.net/ /data/site1/index.html ```
两个ip、主机头区分
nginx ``` [root@nginx ~]# vim /etc/nginx/conf.d/test.conf
servertokens off; server { listen 80; listen 443 ssl; servername www.a.net; root /data/site1/; sslcertificate /etc/nginx/ssl/a.net.crt; sslcertificatekey /etc/nginx/ssl/a.net.key; sslsessioncache shared:sslcache:20m; sslsessiontimeout 10m; accesslog /var/log/nginx/anet.access.log accessjson; location / { if ( $scheme = http ) { rewrite ^/(.*)$ https://www.a.net/$1 redirect; } } }
server { listen 80; listen 443 ssl; servername www.a.org; root /data/site2/; sslcertificate /etc/nginx/ssl/a.org.crt; sslcertificatekey /etc/nginx/ssl/a.org.key; sslsessioncache shared:sslcache:20m; sslsessiontimeout 10m; accesslog /var/log/nginx/aorg.access.log access_json; }
[root@nginx ~]# cd /etc/pki/tls/certs/ [root@nginx certs]# vim Makefile ··· %.key: umask 77 ; \ #/usr/bin/openssl genrsa -aes128 $(KEYLEN) > $@ <--注释掉此行 /usr/bin/openssl genrsa $(KEYLEN) > $@ <--添加、不加密 ···
[root@nginx certs]# make a.org.crt umask 77 ; \ /usr/bin/openssl req -utf8 -new -key a.org.key -x509 -days 365 -out a.org.crt You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:beijing Locality Name (eg, city) [Default City]:beijing Organization Name (eg, company) [Default Company Ltd]:a.org Organizational Unit Name (eg, section) []:opt Common Name (eg, your name or your server's hostname) []:www.a.org Email Address []:
查看文件自签名信息
[root@nginx certs]# openssl x509 -in a.org.crt -noout -text
移动到指定目录
[root@nginx certs]# mv a.org.* /etc/nginx/ssl/
权限600
[root@nginx certs]# chmod 600 /etc/nginx/ssl/*
[root@nginx ~]# nginx -s reload ``` centos6
注意更改/etc/hosts、'192.168.37.7 www.a.org' [root@centos6 ~]$ curl http://www.a.org/ /data/site2/index.html
实验:http跳转到https
如果用户访问的页面不存在、就跳转到指定页面
nginx ``` [root@nginx certs]# vim /etc/nginx/conf.d/test.conf
servertokens off; server { listen 80; listen 443 ssl; servername www.a.net; root /data/site1/; sslcertificate /etc/nginx/ssl/a.net.crt; sslcertificatekey /etc/nginx/ssl/a.net.key; sslsessioncache shared:sslcache:20m; sslsessiontimeout 10m; accesslog /var/log/nginx/anet.access.log accessjson; location / { if ( !-e $request_filename ) { <--如果访问页面不存在 rewrite ^/(.*)$ https://www.a.net/ redirect; <--跳转到指定页面 } <-- } }
server { listen 80; listen 443 ssl; servername www.a.org; root /data/site2/; sslcertificate /etc/nginx/ssl/a.org.crt; sslcertificatekey /etc/nginx/ssl/a.org.key; sslsessioncache shared:sslcache:20m; sslsessiontimeout 10m; accesslog /var/log/nginx/aorg.access.log access_json; } ```
477
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
