Nginx配置文件详解
1、禁止IP访问
server {
listen 80 default;
server_name _;
return 403;
}
2、使用80端口访问静态资源
server {
listen 80;
server_name 域名;
location / {
root 路径;
}
}
3、使用80端口访问Tomcat
server {
listen 80;
server_name _;
access_log /data/wwwlogs/access_nginx.log combined;
root /data/wwwroot/default;
index index.html index.htm index.jsp;
#error_page 404 /404.html;
#error_page 502 /502.html;
location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
expires 30d;
access_log off;
}
location ~ .*\.(js|css)?$ {
expires 7d;
access_log off;
}
location ~ {
proxy_pass http://127.0.0.1:8080;
include proxy.conf;
}
location ~ ^/(\.user.ini|\.ht|\.git|\.svn|\.project|LICENSE|README.md) {
deny all;
}
}
4、使用443端口配置Tomcat
server {
listen 443;
server_name 域名;
ssl on;
index index.html;
ssl_certificate pem地址;
ssl_certificate_key key地址;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
expires off;
sendfile off;
root html;
index index.html index.htm;
proxy_pass http://127.0.0.1:8080/;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location /wet/back {
root /root;
index index.html index.htm;
}
}