1.nginx防跨域配置
2.nginx缓存配置
2.1 http下先定义缓存空间
2.2 在需要进行缓存的location 下配置
proxy_cache cache_html; #引用第一步设置的缓存空间
proxy_cache_valid 200 304 15m; #将200 304状态码缓存15分钟
proxy_cache_key $host$uri$is_args$args; #定义完整需要缓存的URL
proxy_set_header Host $host; #定义传到后端的host
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_504; #当后端返回超时或502时,下一跳请求
proxy_ignore_headers Set-Cookie; #忽略cookie提高命中率
proxy_ignore_headers X-Accel-Expires Expires Cache-Control; #忽略缓存头提高命中率
add_header Nginx-Cache "$upstream_cache_status"; #响应头里显示命中状态
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
2.3 配置清理nginx缓存,前提是nginx需要安装purage模块,清理缓存时,将URL放到/purge/后边去请求
3.nginx配置websocket反向代理
4.nginx配置json日志格式
log_format lognormal'{"@timestamp":"$time_iso8601","remote_addr":"$remote_addr","host":"$host","request_method":"$request_method","uri":"$uri","request_uri":"$request_uri",'
'"status":$status,"body_bytes_sent":$body_bytes_sent,"http_referer":"$http_referer",'
'"http_user_agent":"$http_user_agent","http_x_forwarded_for":"$http_x_forwarded_for",'
'"upstream_addr":"$upstream_addr","upstream_status":"$upstream_status","upstream_response_time":"$upstream_response_time",'
'"server_addr":"$server_addr","request_time":$request_time,"scheme":"$scheme",'
'"remote_port":"$remote_port"}';
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
5.nginx https的标准设置
listen443 ssl http2; #需安装httpv2模块
#hsts enable
#add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
#ssl on;
ssl_certificate cert/xx.crt;
ssl_certificate_key cert/xx.key;
ssl_prefer_server_ciphers on;
# self define
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AE
S256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA2
56:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
6.nginx通过map定义变量
6.1通过定义变量获取真实的网友IP,先取x-forward-for,为空时去remoteAddress,
6.2 获取网友真实IP的C段配置
6.3 区分爬虫和真实网友的useragent
7.nginx通过useragent进行爬虫或手机端判断
7.1通过useragent判断爬虫
7.2 通过useragent判断手机端
8.nginx通过404下一跳访问另外一组机器
8.1通过404状态码可以实现相同入口下,两组机器资源不一致的情况
upstream WEB_APP{ #第一组机器
server 172.16.1.1:6020 fail_timeout=2s max_fails=0;
}
upstream WEB_HTML { #第二组机器
server 172.16.1.2:6060 fail_timeout=2s max_fails=0;
}
location ~ ^/aa {
proxy_intercept_errors on; #该配置会将后端的错误状态码专递回来
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect off;
proxy_pass http://WEB_APP; #正常请求第一组机器
recursive_error_pages on; #该配置会将第二跳后端的错误状态码传递回来
error_page 404 = @WEB_APP_fallback; #404后通过WEB_APP_fallback请求第二组机器
}
location @WEB_APP_fallback {
internal;
include nginx_proto.conf;
proxy_pass http://WEB_HTML;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_intercept_errors on;
}
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
- 21.
- 22.
- 23.
- 24.
- 25.
- 26.
- 27.
- 28.