一、nginx简单配置示例
user www www;
worker_processes 10;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
#最大文件描述符
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 51200;
}
http
{
include conf/mime.types;
default_type application/octet-stream;
keepalive_timeout 120;
tcp_nodelay on;
upstream www.xxx.com {
server 192.168.1.2:80;
server 192.168.1.3:80;
server 192.168.1.4:80;
server 192.168.1.5:80;
}
upstream blog.xxx.com {
server 192.168.1.7:8080;
server 192.168.1.7:8081;
server 192.168.1.7:8082;
}
server
{
listen 80;
server_name www.xxx.com;
location / {
proxy_pass http://www.zyan.cc;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404;
}
log_format www_xxx_com '$remote_addr - $remote_user [$time_local] $request '
'"$status" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /data1/logs/www.log www_xxx_com;
}
server
{
listen 80;
server_name blog.xxx.com;
location / {
proxy_pass http://blog.zyan.cc;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404;
}
log_format blog_xxx_com '$remote_addr - $remote_user [$time_local] $request '
'"$status" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /data1/logs/blog.log blog_xxx_com;
}
}
二、HTTPS配置示例
upstream xxx_xxx_xxx {
server 192.168.1.7:8080;
server 192.168.1.7:8081;
server 192.168.1.7:8082;
}
server {
listen 443;
server_name xxx.xxx.xxx;
access_log /home/chenwebstore1/logs/xxx.xxx.xxx/https.29289080/access.log combined;
error_log /home/chenwebstore1/logs/xxx.xxx.xxx/https.29289080/error.log error;
ssl on;
ssl_certificate keys/xxx.xxx.xxx.pem;
ssl_certificate_key keys/xxx.xxx.xxx.key;
ssl_session_cache shared:ssl.xxx.xxx.xxx:128k;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location / {
proxy_pass http://xxx_xxx_xxx;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404;
}
}
其中ssl_certificate_key文件格式为:
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
其中ssl_certificate文件格式(后缀可以为cer)为:
(Certificate:)
----BEGIN CERTIFICATE-----
----END CERTIFICATE-----
(Intermediate Certificate:)
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
上面这三段字符串值可以在HTTPS证书申请时获取到。