stream 转发
stream {
server {
listen 15672;
proxy_pass 1.1.1.1:15672;
}
}
不能配置到http模块下
我比较爱用的日志格式
log_format exapmle '$remote_addr|$remote_user|$time_local|$request|$http_host|'
'$status|$body_bytes_sent|$http_referer|'
'$http_user_agent|$http_x_forwarded_for|$request_time|'
'$upstream_addr|$upstream_status|$upstream_response_time';
用nginx设置简单账密校验
server
{
listen 8082;
server_name 1.1.1.1;
location / {
auth_basic "Please input password"; #这个是提示信息
auth_basic_user_file /usr/local/openresty/nginx/password; #存放密码文件的路径
proxy_redirect off;
proxy_pass http://Server;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Cookie $http_cookie;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_max_temp_file_size 0;
proxy_connect_timeout 480;
proxy_send_timeout 360;
proxy_read_timeout 360;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
client_max_body_size 200m; #上传文件大小限制
}
}
upstream Server{
server 1.1.1.1:8080;
}
location 转发设置跨域
location /file/read/group1/M00/ {
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
add_header Access-Control-Allow-Headers *;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://1.1.1.1/fastdfs/data/;
普通location转发
location /api/app/wechat/ws {
proxy_pass http://test;
keepalive_timeout 610;
proxy_read_timeout 600s;
proxy_set_header Host $host;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header X-Forwarded-for $remote_addr;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'Upgrade';
}
upstream test {
server 172.25.108.142:80;
}
低端爬虫自动403
if ($http_user_agent ~* (Scrapy|HttpClient|bot|Python-urllib|python-requests|java|ApacheBench|bingbot|Googlebot|Yahoo)) {
return 403;
}
配置ssl
server {
listen 80;
listen 443 ssl http2;
server_name test.cn ;
proxy_intercept_errors on;
access_log /data/logs/nginx/test.log hhh;
ssl_certificate /usr/local/openresty/nginx/conf/scs1663354805950__.tongxin.cn_server.crt;
ssl_certificate_key /usr/local/openresty/nginx/conf/scs1663354805950__.tongxin.cn_server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers AES128+EECDH:AES128+EDH:!aNULL;
ssl_session_cache shared:SSL:10m;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
配置限流和拒绝访问
limit_req_zone $binary_remote_addr zone=mylimit:10m rate=10r/s;
limit_conn_zone $binary_remote_addr zone=addr:10m;
deny 157.55.0.0/16;
配在http模块里
拒绝default
server {
server_name _ default;
location / {
return 404;
}
}
转发网页
server
{
listen 80;
server_name test.com;
index index.html index.htm index.php;
location / {
index index.php index.html index.htm;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://test.com/test/;
}
}
一些匹配地址的跳转
if ($host ~ "www\.([0-9a-z]+)\.b2b\.test\.net") {
rewrite ^(.*) http://www.test.net$1 permanent;
}
if (!-e $request_filename)
{
rewrite ^/myadmin.php/(.*)$ /myadmin.php/$1 last;
rewrite ^/transfer.php/(.*)$ /transfer.php?_s_=$1 last;
rewrite ^/(.*)$ /index.php/$1 last;
}
if ($subdomain = 'www') {
rewrite ^/(.*)$ https://www.test.net/$1 permanent;
}
if ($host = 'test.net'){
rewrite ^/(.*)$ http://www.test.net/$1 permanent;
}
server
{
listen 80;
server_name *.test.com;
index index.html index.htm index.php;
access_log /data/logs/nginx/saascms.log main;
rewrite ^(.*)$ https://$host$1 permanent;
}