ngnix
- 负载均衡
- 反向代理(解决跨域问题)
- 部署静态文件
- 动静分离
gzip压缩
在http块内配置以下内容,gzip后可以压缩文件的大小,减少请求时间。
http {
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml;
gzip_vary on;
gzip_proxied expired no-cache no-store private auth;
gzip_disable "MSIE [1-6]\.";
}
nginx配置升级到HTTPS和HTTP2
http2是基于https的,所以在开启http2前,必须存在证书,才能开启
server{
listen 443 ssl http2;
// 还需要和下面一样配置证书
}
server{
#SSL 默认访问端口号为 443
listen 443 ssl http2;
#绑定证书的域名xxx.com
server_name xxx.xxx;
#证书文件的相对路径或绝对路径
ssl_certificate /www/server/nginx/xxx.xxx_bundle.crt;
#私钥文件的相对路径或绝对路径
ssl_certificate_key /www/server/nginx/xxx.xxx.key;
ssl_session_timeout 5m;
#协议配置
ssl_protocols TLSv1.2 TLSv1.3;
#请按照以下套件配置,配置加密套件,写法遵循 openssl 标准。
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
}
配置重定向
因为升级https,所以需要把原有的http重定向到新路径,把原本http默认端口80重定向到Https
server {
listen 80;
#绑定证书的域名xxx
server_name xxx;
#把http的域名请求转成https
return 301 https://$host$request_uri;
}
一个端口下部署多个前端项目
http 域名默认服务器端口80,https默认服务器端口443,
例:浏览器输入http://baidu.com实际上访问的是http://www.baidu.com:80
所以大多数对外开放的页面基本上用的是80端口,
http{
...
server {
port 80
server_name myServer
...
# 1.配置根目录指向
localtion /{
index index.html index.htm;
root /www/wwwroot/home/index;
}
# 2.配置二级路径
# 例如浏览器访问 xxx.com/blog
# 会返回/www/wwwroot/myBlog/index.html 文件(打包后的静态文件)
location /blog/{
index index.html index.htm;
root /www/wwwroot/myBlog/2022.7.30/;
}
# 3.反向代理接口
# 当前访问的api都会代理到8006端口运行的服务器上
# 例如 xxx.com/api/getUserInfo
# 则会请求 xxx.com:8006/getUserInfo这个接口
location /api/ {
rewrite /api/(.*) /$1 break; # 替换掉请求路径上/api/
proxy_pass http://127.0.0.1:8006;
# 设置响应头转发服务器的ip,不转发服务器端无法获取到客户端的ip
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
}
# 4.代理当前本地起的前端服务(本质上也是反向代理)
# 当本地启动前端项目端口9002
# 访问xxx.com:9002/frontPage 就能访问到本地启动的前端项目
location /frontPage/ {
index index.html;
proxy_pass http://127.0.0.1:9002/;
ssi on;
ssi_types text/shtml;
ssi_value_length 512;
charset UTF-8;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
}
# 5.alias 配置文件路径
# alias指定静态页面的路径,和root的区别在于匹配规则不同
location /fromPage2/ {
index index.html;
alias D:/xxx/fromPage2/;
ssi on;
ssi_types text/shtml;
ssi_value_length 512;
charset UTF-8;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
}
}
}
比较全的配置
nginx.conf
user www www;
worker_processes auto;
error_log /www/wwwlogs/nginx_error.log crit;
pid /www/server/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;
events {
use epoll;
worker_connections 51200;
multi_accept on;
}
http {
include mime.types;#
include luawaf.conf;
include proxy.conf;
default_type application / octet - stream;
server_names_hash_bucket_size 512;
client_header_buffer_size 32 k;
large_client_header_buffers 4 32 k;
client_max_body_size 50 m;
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64 k;
fastcgi_buffers 4 64 k;
fastcgi_busy_buffers_size 128 k;
fastcgi_temp_file_write_size 256 k;
fastcgi_intercept_errors on;
gzip on;
gzip_min_length 1 k;
gzip_buffers 4 16 k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text / plain application / javascript application / x - javascript text / javascript text / css application / xml;
gzip_vary on;
gzip_proxied expired no - cache no - store private auth;
gzip_disable "MSIE [1-6]\.";
limit_conn_zone $binary_remote_addr zone = perip: 10 m;
limit_conn_zone $server_name zone = perserver: 10 m;
server_tokens off;
access_log off;
server {
listen 80;
server_name myServer;
location / {
index index.html index.htm;
root / www / wwwroot / home / index;
#root / www / wwwroot / web / deploy / admin;
#proxy_pass http: //127.0.0.1:8000;
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header Host $http_host;
#proxy_set_header X-NginX-Proxy true;
#proxy_redirect off;
#root / www/wwwroot/web/deploy/ admin;
#index index.html;
#try_files $uri / index.html
#proxy_set_header Host $host;
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded -For $proxy_add_x_forwarded_for;
}
location / blog / {
index index.html index.htm;
root / www / wwwroot / myBlog / 2022.7 .30 / ;
}
location / admin / {
index index.html index.htm;
alias / www / wwwroot / web / deploy / admin / dist / ;
#proxy_set_header X-Forwarded-For $remote_addr;
#proxy_set_header X-Real-IP $remote_addr;
}
location / stars - lib - docs / {
index index.html index.htm;
root / www / wwwroot / lib / ;
}
location / resource / {
index index.html index.htm;
alias / www / wwwroot / resource / ;
}
location / jenkins / {
proxy_pass http: //127.0.0.1:8005;
charset UTF - 8;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
add_header 'Cross-Origin-Opener-Policy'
'same-origin';
add_header 'Cross-Origin-Embedder-Policy'
'require-corp';
}
location / baota {
proxy_pass http: //127.0.0.1:8888;
charset UTF - 8;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location / api / {
rewrite / api / (.*) / $1
proxy_pass http: //127.0.0.1:8006;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
}
}
server {
listen 8881;
server_name phpmyadmin;
index index.html index.htm index.php;
root / www / server / phpmyadmin;
#
error_page 404 / 404. html;
include enable - php.conf;
location~.*\.(gif | jpg | jpeg | png | bmp | swf) $ {
expires 30 d;
}
location~.*\.(js | css) ? $ {
expires 12 h;
}
location~/\. {
deny all;
}
access_log / www / wwwlogs / access.log;
}
include / www / server / panel / vhost / nginx/*.conf;
}```
## 之前的笔记
链接: [link](http://licc.cloud/blog/docs/deploy/nginx.html)