Nginx配置示例文件
nginx.conf
worker_processes 4;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#access_log logs/access.log main;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
gzip on;
# 设置缓存的路径和其他参数
# proxy_cache_path path [levels=levels] keys_zone=name:size [inactive=time] [max_size=size] [loader_files=number] [loader_sleep=time] [loader_threshold=time];
# 缓存路径 /data/nginx/cache 缓存结构为 2 层,即该路径下会有 2 层子目录,缓存文件会保存在最下层子目录
# 缓存的 key 会保存在名为 web_cache 的内存区域,该内存区域大小为 50 m
# 10 分钟内缓存没有被访问就会过期
# 缓存文件最多占用 1g 空间
proxy_cache_path ./web_cache levels=1:2 keys_zone=web_cache:1024m inactive=1000m max_size=100g;
#设置连接数域
limit_conn_zone $binary_remote_addr zone=conn:10m;
#设置单个IP每分钟最多60个请求
limit_req_zone $binary_remote_addr zone=allips:10m rate=60r/m;
upstream cwbase {
server 172.18.100.100:8082 weight=10 max_fails=3 fail_timeout=30s;
}
upstream fileview {
server view.xxxx.com:6869 weight=10 max_fails=3 fail_timeout=30s;
}
upstream thumbox {
server 172.18.100.100:8080 weight=10 max_fails=3 fail_timeout=30s;
}
upstream static_backend {
server fileview.xxxx.com:8443 weight=10 max_fails=3 fail_timeout=30s;
}
server {
listen 443 ssl;
server_name fileview.xxxx.com;
#access_log logs/host.access.log main;
#ssl on;
ssl_certificate ../cert/fileview.xxxx.com.crt;
ssl_certificate_key ../cert/fileview.xxxx.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
#开启缓冲
#proxy_buffering on;
#proxy_buffer_size 1k;
#proxy_buffers 24 4k;
#proxy_busy_buffers_size 8k;
#proxy_max_temp_file_size 1024m;
#proxy_temp_file_write_size 32k;
index index.html index.htm;
# 开启gzip
gzip on;
# 启用gzip压缩的最小文件,小于设置值的文件将不会压缩
gzip_min_length 1k;
# gzip 压缩级别,1-9,数字越大压缩的越好,也越占用CPU时间,后面会有详细说明
gzip_comp_level 9;
# 进行压缩的文件类型。javascript有多种形式。其中的值可以在 mime.types 文件中找到。
gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png application/vnd.ms-fontobject font/ttf font/opentype font/x-woff image/svg+xml;
# 是否在http header中添加Vary: Accept-Encoding,建议开启
gzip_vary on;
# 禁用IE 6 gzip
gzip_disable "MSIE [1-6]\.";
# 设置压缩所需要的缓冲区大小
gzip_buffers 32 4k;
# 设置gzip压缩针对的HTTP协议版本
gzip_http_version 1.0;
#后台服务配置,配置了这个location便可以通过http://域名/jeecg-boot/xxxx 访问
location ^~ /jeecg-boot {
proxy_pass http://120.100.100.100:8080/jeecg-boot;
proxy_set_header Host 120.100.100.100;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location / {
#image on;
#image_output on;
root /home/temp/files;
try_files $uri $uri/ @router;#需要指向下面的@router否则会出现vue的路由在nginx中刷新出现404
index index.html index.htm;
#设置下载限速,最大2000Kb/s,防止Nginx占用过多带宽
#limit_conn为限制并发连接数
limit_conn conn 10;
limit_rate_after 3200k;
#limit_rate为限制下载速度;
limit_rate 2000k;
limit_req zone=allips burst=5 nodelay;
#路由的路径资源并不是一个真实的路径,所以无法找到具体的文件,因此需要rewrite到index.html中,然后交给路由在处理请求资源
if (!-e $request_filename) {
rewrite ^(.*)$ /index.html?s=$1 last;
break;
}
#禁用httpClient代理请求
if ($http_user_agent ~* (Apache-HttpClient)) {
return 403;
}
#禁止Scrapy等工具的抓取
if ($http_user_agent ~* (Scrapy|Curl|HttpClient)) {
return 403;
}
#禁止指定UA及UA为空的访问
if ($http_user_agent ~ "FeedDemon|JikeSpider|Indy Library|Alexa Toolbar|AskTbFXTV|AhrefsBot|CrawlDaddy|CoolpadWebkit|Java|Feedly|UniversalFeedParser|ApacheBench|Microsoft URL Control|Swiftbot|ZmEu|oBot|jaunty|Python-urllib|lightDeckReports Bot|YYSpider|DigExt|YisouSpider|HttpClient|MJ12bot|heritrix|EasouSpider|LinkpadBot|Ezooms|^$" ) {
return 403;
}
#禁止非GET|HEAD|POST方式的抓取
if ($request_method !~ ^(GET|HEAD|POST)$) {
return 403;
}
# 缓存使用前面定义的内存区域
proxy_cache web_cache;
# 对于 200 和 304 的响应码进行缓存,过期时间为 1 分钟,这会覆盖前面定义的 10 分钟过期时间
proxy_cache_valid 200 206 304 301 302 10d;
# 设置缓存的 key
proxy_cache_key $scheme$host$request_uri;
# 设置超时时间
expires 30d;
}
#对应上面的@router,主要原因是路由的路径资源并不是一个真实的路径,所以无法找到具体的文件
#因此需要rewrite到index.html中,然后交给路由在处理请求资源
location @router {
rewrite ^.*$ /index.html last;
}
}
server {
listen 443 ssl;
server_name gsp.xxxx.com;
#access_log logs/host.access.log main;
#ssl on;
ssl_certificate ../cert/gsp.xxxx.com.crt;
ssl_certificate_key ../cert/gsp.xxxx.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
#开启缓冲
#proxy_buffering on;
#proxy_buffer_size 1k;
#proxy_buffers 24 4k;
#proxy_busy_buffers_size 8k;
#proxy_max_temp_file_size 1024m;
#proxy_temp_file_write_size 32k;
location / {
#image on;
#image_output on;
add_header Cache-Control no-cache;
proxy_set_header Host gsp.xxxx.com;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://cwbase/;
proxy_connect_timeout 30s;
index login.aspx;
# 缓存使用前面定义的内存区域
proxy_cache web_cache;
# 对于 200 和 304 的响应码进行缓存,过期时间为 1 分钟,这会覆盖前面定义的 10 分钟过期时间
proxy_cache_valid 200 304 1m;
# 设置缓存的 key
proxy_cache_key $scheme$host$request_uri;
}
}
}
worker_processes 4;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#access_log logs/access.log main;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
gzip on;
# 设置缓存的路径和其他参数
# proxy_cache_path path [levels=levels] keys_zone=name:size [inactive=time] [max_size=size] [loader_files=number] [loader_sleep=time] [loader_threshold=time];
# 缓存路径 /data/nginx/cache 缓存结构为 2 层,即该路径下会有 2 层子目录,缓存文件会保存在最下层子目录
# 缓存的 key 会保存在名为 web_cache 的内存区域,该内存区域大小为 50 m
# 10 分钟内缓存没有被访问就会过期
# 缓存文件最多占用 1g 空间
proxy_cache_path ./web_cache levels=1:2 keys_zone=web_cache:1024m inactive=1000m max_size=100g;
#设置连接数域
limit_conn_zone $binary_remote_addr zone=conn:10m;
#设置单个IP每分钟最多60个请求
limit_req_zone $binary_remote_addr zone=allips:10m rate=60r/m;
upstream cwbase {
server 172.18.140.235:8082 weight=10 max_fails=3 fail_timeout=30s;
}
upstream fileview {
server view.brc-beei.com:6869 weight=10 max_fails=3 fail_timeout=30s;
}
upstream thumbox {
server 172.18.140.237:8080 weight=10 max_fails=3 fail_timeout=30s;
}
upstream static_backend {
server fileview.brc-ulife.com:8443 weight=10 max_fails=3 fail_timeout=30s;
}
server {
listen 443 ssl;
server_name fileview.brc-ulife.com;
#access_log logs/host.access.log main;
#ssl on;
ssl_certificate ../cert/fileview.brc-ulife.com.crt;
ssl_certificate_key ../cert/fileview.brc-ulife.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
#开启缓冲
#proxy_buffering on;
#proxy_buffer_size 1k;
#proxy_buffers 24 4k;
#proxy_busy_buffers_size 8k;
#proxy_max_temp_file_size 1024m;
#proxy_temp_file_write_size 32k;
index index.html index.htm;
# 开启gzip
gzip on;
# 启用gzip压缩的最小文件,小于设置值的文件将不会压缩
gzip_min_length 1k;
# gzip 压缩级别,1-9,数字越大压缩的越好,也越占用CPU时间,后面会有详细说明
gzip_comp_level 9;
# 进行压缩的文件类型。javascript有多种形式。其中的值可以在 mime.types 文件中找到。
gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png application/vnd.ms-fontobject font/ttf font/opentype font/x-woff image/svg+xml;
# 是否在http header中添加Vary: Accept-Encoding,建议开启
gzip_vary on;
# 禁用IE 6 gzip
gzip_disable "MSIE [1-6]\.";
# 设置压缩所需要的缓冲区大小
gzip_buffers 32 4k;
# 设置gzip压缩针对的HTTP协议版本
gzip_http_version 1.0;
#后台服务配置,配置了这个location便可以通过http://域名/jeecg-boot/xxxx 访问
location ^~ /jeecg-boot {
proxy_pass http://120.76.65.212:8080/jeecg-boot;
proxy_set_header Host 120.76.65.212;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location / {
#image on;
#image_output on;
root D:\DEFPATH;
try_files $uri $uri/ @router;#需要指向下面的@router否则会出现vue的路由在nginx中刷新出现404
index index.html index.htm;
#设置下载限速,最大1MB/s,防止Nginx占用过多带宽
#限制域 limit_conn_zone conn $binary_remote_addr 5m;
#limit_conn为限制并发连接数;
limit_conn conn 10;
limit_rate_after 3200k;
#limit_rate为限制下载速度;
limit_rate 2000k;
limit_req zone=allips burst=5 nodelay;
#路由的路径资源并不是一个真实的路径,所以无法找到具体的文件,因此需要rewrite到index.html中,然后交给路由在处理请求资源
if (!-e $request_filename) {
rewrite ^(.*)$ /index.html?s=$1 last;
break;
}
#禁用httpClient代理请求
if ($http_user_agent ~* (Apache-HttpClient)) {
return 403;
}
#禁止Scrapy等工具的抓取
if ($http_user_agent ~* (Scrapy|Curl|HttpClient)) {
return 403;
}
#禁止指定UA及UA为空的访问
if ($http_user_agent ~ "FeedDemon|JikeSpider|Indy Library|Alexa Toolbar|AskTbFXTV|AhrefsBot|CrawlDaddy|CoolpadWebkit|Java|Feedly|UniversalFeedParser|ApacheBench|Microsoft URL Control|Swiftbot|ZmEu|oBot|jaunty|Python-urllib|lightDeckReports Bot|YYSpider|DigExt|YisouSpider|HttpClient|MJ12bot|heritrix|EasouSpider|LinkpadBot|Ezooms|^$" ) {
return 403;
}
#禁止非GET|HEAD|POST方式的抓取
if ($request_method !~ ^(GET|HEAD|POST)$) {
return 403;
}
# 缓存使用前面定义的内存区域
proxy_cache web_cache;
# 对于 200 和 304 的响应码进行缓存,过期时间为 1 分钟,这会覆盖前面定义的 10 分钟过期时间
proxy_cache_valid 200 206 304 301 302 10d;
# 设置缓存的 key
proxy_cache_key $scheme$host$request_uri;
# 设置超时时间
expires 30d;
}
#对应上面的@router,主要原因是路由的路径资源并不是一个真实的路径,所以无法找到具体的文件
#因此需要rewrite到index.html中,然后交给路由在处理请求资源
location @router {
rewrite ^.*$ /index.html last;
}
}
server {
listen 443 ssl;
server_name gsp.brc-ulife.com;
#access_log logs/host.access.log main;
#ssl on;
ssl_certificate ../cert/gsp.brc-ulife.com.crt;
ssl_certificate_key ../cert/gsp.brc-ulife.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
#开启缓冲
#proxy_buffering on;
#proxy_buffer_size 1k;
#proxy_buffers 24 4k;
#proxy_busy_buffers_size 8k;
#proxy_max_temp_file_size 1024m;
#proxy_temp_file_write_size 32k;
location / {
#image on;
#image_output on;
add_header Cache-Control no-cache;
proxy_set_header Host gsp.brc-ulife.com;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://cwbase/;
proxy_connect_timeout 30s;
index login.aspx;
# 缓存使用前面定义的内存区域
proxy_cache web_cache;
# 对于 200 和 304 的响应码进行缓存,过期时间为 1 分钟,这会覆盖前面定义的 10 分钟过期时间
proxy_cache_valid 200 304 1m;
# 设置缓存的 key
proxy_cache_key $scheme$host$request_uri;
}
}
server {
listen 8443 ssl;
server_name fileview.brc-ulife.com;
ssl_certificate ../cert/fileview.brc-ulife.com.crt;
ssl_certificate_key ../cert/fileview.brc-ulife.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
root D:\Workspace\Jeecg\vue;
index index.html index.htm;
# 开启gzip
gzip on;
# 启用gzip压缩的最小文件,小于设置值的文件将不会压缩
gzip_min_length 1k;
# gzip 压缩级别,1-9,数字越大压缩的越好,也越占用CPU时间,后面会有详细说明
gzip_comp_level 3;
# 进行压缩的文件类型。javascript有多种形式。其中的值可以在 mime.types 文件中找到。
gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png application/vnd.ms-fontobject font/ttf font/opentype font/x-woff image/svg+xml;
# 是否在http header中添加Vary: Accept-Encoding,建议开启
gzip_vary on;
# 禁用IE 6 gzip
gzip_disable "MSIE [1-6]\.";
# 设置压缩所需要的缓冲区大小
gzip_buffers 32 4k;
# 设置gzip压缩针对的HTTP协议版本
gzip_http_version 1.0;
#后台服务配置,配置了这个location便可以通过http://域名/jeecg-boot/xxxx 访问
location ^~ /jeecg-boot {
proxy_pass http://120.76.65.212:8080/jeecg-boot/;
proxy_set_header Host 120.76.65.212;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
#解决Router(mode: 'history')模式下,刷新路由地址不能找到页面的问题
location / {
root D:\Workspace\Jeecg\vue;
index index.html index.htm;
if (!-e $request_filename) {
rewrite ^(.*)$ /index.html?s=$1 last;
break;
}
# 缓存使用前面定义的内存区域
proxy_cache web_cache;
# 对于 200 和 304 的响应码进行缓存,过期时间为 1 分钟,这会覆盖前面定义的 10 分钟过期时间
proxy_cache_valid 200 206 304 301 302 10d;
# 设置缓存的 key
proxy_cache_key $scheme$host$request_uri;
#设置超时时间
expires 30d;
}
}
}
user root;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /usr/local/nginx/logs/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#access_log logs/access.log main;
client_max_body_size 20m;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
gzip on;
proxy_cache_path ./web_cache levels=1:2 keys_zone=web_cache:1024m inactive=1000m max_size=1g;
upstream cwbase {
server 127.0.0.1:32787 weight=10 max_fails=3 fail_timeout=30s;
server 127.0.0.1:32788 weight=10 max_fails=3 fail_timeout=30s;
server 127.0.0.1:32789 weight=10 max_fails=3 fail_timeout=30s;
server 127.0.0.1:32790 weight=10 max_fails=3 fail_timeout=30s;
server 127.0.0.1:32791 weight=10 max_fails=3 fail_timeout=30s;
server 127.0.0.1:32792 weight=10 max_fails=3 fail_timeout=30s;
server 127.0.0.1:32793 weight=10 max_fails=3 fail_timeout=30s;
server 127.0.0.1:32794 weight=10 max_fails=3 fail_timeout=30s;
server 127.0.0.1:32795 weight=10 max_fails=3 fail_timeout=30s;
server 127.0.0.1:32796 weight=10 max_fails=3 fail_timeout=30s;
}
server {
listen 443 ssl;
server_name www.shengtai.com;
ssl_certificate /root/.caddy/acme/acme-v02.api.letsencrypt.org/sites/www.shengtai.com/www.shengtai.com.crt;
ssl_certificate_key /root/.caddy/acme/acme-v02.api.letsencrypt.org/sites/www.shengtai.com/www.shengtai.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
root /usr/share/nginx/html;
gzip on;
gzip_min_length 1k;
gzip_comp_level 3;
gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png application/vnd.ms-fontobject font/ttf font/opentype font/x-woff image/svg+xml;
gzip_vary on;
gzip_disable "MSIE [1-6]\.";
gzip_buffers 32 4k;
gzip_http_version 1.0;
location ^~ /api {
rewrite ^/(.*) /$1 break;
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'OPTION, POST, GET, DELETE, PUT';
add_header 'Access-Control-Allow-Headers' 'X-Requested-With, Content-Type';
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://cwbase/;
}
location ^~ /apis/ {
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'OPTION, POST, GET, DELETE, PUT';
add_header 'Access-Control-Allow-Headers' 'X-Requested-With, Content-Type';
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://cwbase/api/;
}
location ^~ /jeecg-boot {
proxy_pass http://172.18.231.224:8080/jeecg-boot/;
proxy_set_header Host 172.18.231.224;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ^~ /jeecg-boot/sys/common/view {
alias /root/jeecg/upFiles/;
index index.html index.htm;
}
location ^~ /jenkins {
proxy_pass http://172.18.231.224:8080/jenkins/;
proxy_set_header Host 172.18.231.224;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ^~ /files {
root /root/jeecg/upFiles/;
index index.html index.htm;
}
location / {
root /usr/share/nginx/html;
index index.html index.htm;
if (!-e $request_filename) {
rewrite ^(.*)$ /index.html?s=$1 last;
break;
}
proxy_cache web_cache;
proxy_cache_valid 200 206 304 301 302 10d;
proxy_cache_key $scheme$host$request_uri;
expires 30d;
}
}
}