1.清除缓存
add_header Last-Modified $date_gmt;
add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off;
expires off;
etag off;
2.作为文件服务器
location /pkgs {
alias /alidata1/admin/data/nginx;
autoindex on;
## 如果文件以txt doc ... 结尾, 不在浏览器打开 直接下载
if ($request_filename ~* ^.*?\.(txt|doc|pdf|rar|gz|zip|docx|exe|xlsx|ppt|pptx)$){
add_header Content-Disposition attachment;
}
autoindex_exact_size off; # 关闭计算文件确切大小(单位bytes),只显示大概大小(单位kb、mb、gb)
autoindex_localtime on; # 显示本机时间而非 GMT 时间
charset utf-8; # 避免中文乱码
}
3.nginx反向代理阿里云OSS
location /oss/ {
proxy_set_header Host oss.abc.com; #oss的地址
proxy_set_header walmart-target $host;
proxy_set_header originalDomain $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://oss.abc.com/;
}
4.nginx 代理websocket
location /socket.io {
proxy_pass http://127.0.0.1:9090;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
5.nginx解决Frame问题
问题描述如下: in a frame because it set ‘X-Frame-Options’ to ‘sameorigin’
location xxx {
# -------
# -------
add_header X-Frame-Options allowall;
}
6.nginx解决跨域
location / {
if ($request_method = 'OPTIONS') {
add_header Access-Control-Allow-Origin $http_origin;
add_header Access-Control-Allow-Credentials true;
add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' '*';
return 200;
}
if ($request_method = 'POST') {
add_header 'Access-Control-Allow-Origin' $http_origin;
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' '*';
}
if ($request_method = 'GET') {
add_header 'Access-Control-Allow-Origin' $http_origin;
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' '*';
}
root /xxx/xxx/;
}
7.nginx 获取客户端真实ip
location / {
......
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
8.代理TCP协议
stream {
upstream waf-443 {
hash $remote_addr consistent; #远程地址做个hash
server 11.100.5.136:443 max_fails=200 fail_timeout=10;
server 11.100.5.137:443 max_fails=200 fail_timeout=10;
}
server {
listen 443 ;
proxy_connect_timeout 1s;
proxy_timeout 30s; #后端连接超时时间
proxy_pass waf-443;
}
}
9.跳转swagger
location / {
proxy_pass http://xxxx;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $server_name;
}
10.超时问题
proxy_http_version 1.1; 指定了使用HTTP/1.1协议进行代理传输。这是一个可选的指令,默认情况下Nginx会使用HTTP/1.0协议。通过设置为1.1,可以启用更高级的特性,如持久连接(keep-alive)和管道化(pipelining)等。
proxy_set_header Connection ""; 用于设置请求头中的Connection字段。将其设置为空字符串,可以防止Nginx在代理请求时修改或添加Connection字段。这样做是为了避免一些问题,例如某些后端服务器可能不支持或不正确处理Connection字段的特定值。
这两个指令通常用于配置Nginx作为反向代理服务器时,与后端服务器之间的通信。它们可以根据实际需求进行调整和配置。