一、禁止ip访问
# nginx.conf
server {
listen 80 default;
server_name _;
return 500;
# rewrite ^(.*) http://xxx.xx permanent;
}
二、匹配规则
# http://server/api/abc http://server/api/abc
location /api {
proxy_pass http://server;
}
# http://server/aaa/abc http://server/abc
location /aaa/ {
proxy_pass http://server/;
}
# http://server/aaa/abc http://server/aaa/abc
location /aaa/ {
proxy_pass http://server;
}
# http://server/aaa/abc http://server/apiabc
location /aaa/ {
proxy_pass http://server/api;
}
# 多项目二级访问路径
location /bbb {
alias /riit/bbb/; # 使用alias方式访问时,bbb 后面必须跟 /
index index.html index.htm;
# VUE History路由模式
try_files $uri $uri/ /index.html;
}
# 以 /prefix/ 开头 .html 结尾的所有 URI 请求都拒绝访问 ~区别大小写
location ~ ^/prefix/.*\.html$ {
deny all;
}
三、反向代理配置
upstream backend{
server ip:port; #默认把每个请求按顺序逐一分配到不同的server如果server挂掉能自动剔除
# max_fails(1)次失败(404不算)服务fail_timeout(10s)内不可用,max_fails=0一直可用
# 可用通过设置proxy_next_upstream/fastcgi_next_upstream指定失败情形
# weight权重默认1,down不可用,backup服务都不可用后的备用
# max_fails修改>1可能会导致超时的接口重复调用
server ip:port max_fails=0 fail_timeout=10s weight=1 down/backup;
# keepalive 20000; 设置每个worker进程与后端服务器保持连接的最大数量
# ip_haash; 基于客户端的IP地址在服务器间进行分发,可解决session问题
}
location / {
proxy_pass http://backend;
proxy_set_header Host $host; # 携带host请求到后端
proxy_set_header X-Reel-IP $remote_addr; # 远端IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-proto $scheme; # 确定客户端与负载均衡服务器之间所使用的协议
proxy_buffer_size 128k; #设置缓冲区的大小为size
proxy_buffers 100 128k; #为每个连接设置number缓冲区,每块缓冲区的大小为size
proxy_busy_buffers_size 256k; #该大小默认是proxy_buffer_size和proxy_buffers指令设置单块缓冲大小的两倍,写缓冲到达设置值时发送响应到客户端直到小于设置值
proxy_temp_file_write_size 256k; #缓冲到临时文件时,设置每次保存时的大小。默认值是proxy_buffer_size指令和proxy_buffers指令定义的每块缓冲区大小的两倍
proxy_max_temp_file_size 1024MB; #默认1024MB,后端服务器的文件不大于1G都可以缓存到nginx代理硬盘中,如果超过1G,那么文件不缓存,而是直接中转发送给客户端.如果proxy_max_temp_file_size设置为0,表示不使用临时缓存
proxy_connect_timeout 600s; #默认是60s,设置与后端服务器建立连接的超时时间
proxy_send_timeout 1200; #默认60s, 定义向后端服务器传输请求的超时
proxy_read_timeout 1200; #默认60s,定义从后端服务器读取响应的超时
proxy_http_version 1.1; #对于HTTP代理应该设置为“1.1”,同时“Connection”头的值应清空
proxy_set_header Connection "";
# proxy_next_upstream error timeout invalid_header http_500;指定失败情形
}
四、通用配置
# nginx.conf
user www-data;
worker_processes 1;
# pid /var/run/nginx.pid;
error_log /var/log/nginx/nginx.error.log warn;
events {
# 单个进程允许的客户端最大连接数
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /dev/null;
#access_log /var/log/dnmp/nginx.access.log main;
# 隐藏版本号
server_tokens off;
client_header_buffer_size 512k;
large_client_header_buffers 4 512k;
client_max_body_size 100M;
sendfile on; # 通过减少步骤 切换 拷贝来提升性能
tcp_nopush on; # 必须有sendfile 和tcp_nodelay互斥按累计大小发送而不是时间
# tcp_nodelay on; socket时 on:立马发送数据 off:nagle算法隔0.2s发送数据
keepalive_timeout 65;
# php 配置fastcgi
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
# 开启压缩
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript application/javascript text/css application/xml;
gzip_vary off;
include /etc/nginx/conf.d/*.conf;
}
五、try_files的使用
location /joomla {
root /www;
index index.php index.html index.htm;
# 尝试访问对应的资源,在第一个资源访问不到时,访问第二个资源,以次向后
# 可以解决vue路由模式为history时404问题
try_files $uri $uri/ /joomla/index.php?$args;
location ~ \.php$ {
root /www;
fastcgi_pass php7:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /www/joomla/$request_filename;
include fastcgi_params;
}
}
六、反向代理路径中的转义字符被还原如RabbitMQ地址中的%2F到NG时被还原为/
location /rabbit/ {
proxy_pass http://rabbit:15672/;
}
location /rabbit/api/ {
rewrite ^ $request_uri;
rewrite ^/rabbit/api/(.*) /api/$1 break;
return 400;
proxy_pass http://rabbit:15672$uri;
}
七、Websocket代理配置
location /ws {
proxy_pass http://rabbit:15674;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# client_max_body_size 35m;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /mqtt/ {
proxy_pass http://rabbit:15675/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /testapi/websocket {
proxy_pass http://hairbiztest:9999;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# client_max_body_size 35m;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}