nginx域名反向代理配置(https/负载均衡):nginx.conf

版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/alan_liuyue/article/details/90475437

简介

  1. nginx域名反向代理,整合http和https,同时实现iphash的负载均衡配置;
  2. 本篇博客展示nginx的配置文件nginx.conf的详细配置;

实践

#user  nobody;
worker_processes  1;

events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    fastcgi_cache_path /usr/local/nginx/fastcgi_cache levels=1:2 keys_zone=licache:10m inactive=5m;
    fastcgi_cache_key "$request_method://$host$request_uri";
    fastcgi_connect_timeout 300;
    fastcgi_send_timeout 300;
    fastcgi_read_timeout 300;
    fastcgi_buffer_size 64k;
    fastcgi_buffers 8 64k;
    fastcgi_busy_buffers_size 128k;
    fastcgi_temp_file_write_size 128k;
    fastcgi_cache licache;
    fastcgi_cache_valid 200 302 1h;
    fastcgi_cache_valid 301 1d;
    fastcgi_cache_valid any 1m;
    fastcgi_cache_min_uses 1;
    fastcgi_cache_use_stale error timeout invalid_header http_500;

    open_file_cache max=65535 inactive=20s;
    open_file_cache_min_uses 1;
    open_file_cache_valid 30s;

    sendfile        on;
    keepalive_timeout 120;
     upstream tomcat1{ #配置代理映射ip以及端口
             server 192.168.2.22:8080;
            }

     upstream tomcat2{
            ip_hash; #配置iphash,多台服务器负载,不需要则去掉
            server 192.168.2.22:8081;
            server 192.168.2.23:8081;
            }

#1. nginx默认接入端口为80;
#2. 多少个域名配置则配置使用多少个server;
#3. nginx接入https端口默认是443;

server {
	listen       80;
    server_name  www.admin.com; #申请的域名

    location / {
		proxy_pass   http://tomcat1; #区分域名映射的tomcat
		index  index.html index.htm;
	}

	error_page   500 502 503 504  /50x.html;
	location = /50x.html {
		root   html;
	}
}

server {
        listen       80;
        server_name  www.test.com; #申请的域名
        location / {
             proxy_pass   http://tomcat2; #区分域名映射的tomcat
            index  index.html index.htm;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }

#1. 配置https域名前缀,默认监听端口443,需自行申请ssl证书,下载证书到同级目录下,引入即可
server {
    listen 443;
    server_name open.36change.com;
    ssl on;
    root html;
    index index.html index.htm;
    ssl_certificate     cert/admin/214877699140754.pem; #ssl证书
    ssl_certificate_key  cert/admin/214877699140754.key; #ssl证书秘钥
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    location / {
        proxy_pass   http://tomcat1; #https域名对应的tomcat
        index index.html index.htm;
        client_max_body_size 40M;
    }
}

server {
    listen 443;
    server_name www.opensporting.com;
    ssl on;
    root html;
    index index.html index.htm;
    ssl_certificate     cert/test/214926212910754.pem; #ssl证书
    ssl_certificate_key  cert/test/214926212910754.key; #ssl证书秘钥
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    location / {
        proxy_pass   http://tomcat2; #https域名对应的tomcat
        index index.html index.htm;
        client_max_body_size 1000M;
	proxy_connect_timeout 600;
	proxy_send_timeout 600;
	proxy_read_timeout 600;
	proxy_buffer_size 32k;
        proxy_buffers 32 256k;
        proxy_busy_buffers_size 512k;
        proxy_temp_file_write_size 512k;
    }
}


}

 

总结

实践是检验认识真理性的唯一标准,自己动手,丰衣足食~~

展开阅读全文

没有更多推荐了,返回首页