1. nginx.conf
#主配置文件
user uniondrug uniondrug;
worker_processes 4;
worker_cpu_affinity 0001 0010 0100 1000;
worker_rlimit_nofile 60000;
daemon on;
error_log /data/logs/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
use epoll;
worker_connections 10240;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$http_x_forwarded_for" $host $request_time $upstream_response_time $scheme';
log_format main1 '$remote_addr|$remote_user|[$time_local]|$request|'
'$status|$body_bytes_sent|$http_referer|'
'$http_user_agent|$request_time|$host|$upstream_addr|$lua_request_id|$upstream_response_time';
server_tokens off;
sendfile off;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
keepalive_requests 8192;
# gzip
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_comp_level 3;
gzip_types text/plain application/javascript text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/x-httpd-php image/jpeg image/gif image/png;
gzip_vary on;
client_body_timeout 300;
client_header_timeout 300;
send_timeout 600;
reset_timedout_connection on;
client_max_body_size 30m;
client_body_buffer_size 8192k;
client_header_buffer_size 8k;
large_client_header_buffers 8 256k;
server_names_hash_bucket_size 128;
output_buffers 1 32k;
postpone_output 1460;
open_file_cache max=65535 inactive=60s;
open_file_cache_valid 80s;
open_file_cache_min_uses 1;
open_file_cache_errors on;
# fastcgi set
fastcgi_ignore_client_abort on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
# fastcgi TEST
fastcgi_cache_valid 200 302 1h;
fastcgi_cache_valid 301 1d;
fastcgi_cache_valid any 1m;
fastcgi_cache_min_uses 1;
fastcgi_cache_use_stale error timeout invalid_header http_500;
set_real_ip_from 100.120.33.0/24;
real_ip_header X-Forwarded-For;
# vhost
include /data/conf/nginx/conf.d/*.conf;
#开启缓存LUA代码
lua_code_cache on;
#允许用户自定义请求头
underscores_in_headers on;
#开启依赖的LUA库(kafka && json)
lua_package_path /data/apps/testing/nglua/lualib/?.lua;
#引用LUA代码进行日志处理
log_by_lua_file /data/apps/testing/nglua/lua/dbp_log.lua;
}
2. vhost.conf
##虚拟主机前端配置
server {
listen 80;
server_name activate.frontend.uniondrug.cn;
# root
root /data/apps/frontend.activate/dist;
location / {
include /data/conf/nginx/getRequestId.conf;
index index.html index.htm;
try_files $uri $uri/ /index.html =404;
}
location ~.*\.(js|css|html|png|jpg)$
{
expires 30d;
}
# log
access_log /data/logs/nginx/frontend.activate.access.log main1;
error_log /data/logs/nginx/frontend.activate.error.log warn;
# common
include /data/conf/nginx/common.conf;
}
##虚拟主机后端配置
server {
listen 80;
server_name equity.claim.backend.uniondrug.cn;
# root
root /data/apps/backend.equity.claim/public;
# log
access_log /data/logs/nginx/backend.equity.claim.access.log main1;
error_log /data/logs/nginx/backend.equity.claim.error.log warn;
include /data/conf/nginx/crossdomain.conf;
# common
include /data/conf/nginx/crossdomain.conf;
include /data/conf/nginx/common.conf;
location / {
include /data/conf/nginx/getRequestId.conf;
try_files $uri $uri/ @app;
}
}
##虚拟主机模块
server {
listen 80;
server_name drugs.module.uniondrug.cn;
root /data/apps/module.drugs/public;
access_log /data/logs/nginx/module.drugs.access.log main1;
error_log /data/logs/nginx/module.drugs.error.log warn;
include /data/conf/nginx/common.conf;
location / {
include /data/conf/nginx/getRequestId.conf;
try_files $uri $uri/ @app;
}
}
3. 重写模块
##URL重写模块
index index.php index.html index.htm;
rewrite_log on;
##
try_files $uri $uri/ @app;
# APP
location @app {
if ($request_method = "OPTIONS") {
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header 'Access-Control-Allow-Credentials' "true";
add_header 'Access-Control-Max-Age' 86400;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, DELETE, PUT';
add_header 'Access-Control-Allow-Headers' 'reqid, nid, host, x-real-ip, x-forwarded-ip, event-type, event-id, accept, origin, content-type, token, x-requested-with, authorization';
#add_header 'Access-Control-Allow-Headers' 'reqid, nid, host, x-real-ip, x-forwarded-ip, event-type, event-id, accept, content-type, x-requested-with';
add_header 'Content-Length' 0;
add_header 'Content-Type' 'text/plain, charset=utf-8';
return 204;
}
rewrite ^/(.*)$ /index.php?_url=/$1 last;
}
# 拒绝所有隐藏文件
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# 匹配所有PHP请求
location ~ \.php {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param APP_ENV production;
include fastcgi_params;
}
4. 跨域文件
##跨域
# Author: Jonas.Mao
# 跨域设置
# 1. 应用于244机器nginx反向代理
# 2. PHP项目内无需设置
add_header 'Access-Control-Allow-Origin' "$http_origin";
#add_header 'Access-Control-Allow-Origin' "*";
add_header 'Access-Control-Allow-Credentials' "true";
add_header 'Access-Control-Max-Age' 86400;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, DELETE, PUT';
add_header 'Access-Control-Allow-Headers' 'reqid, nid, host, x-real-ip, x-forwarded-ip, event-type, event-id, accept, content-type, token, DNT, X-Mx-ReqToken, Keep-Alive, User-Agent, If-Modified-Since, Cache-Control, Origin, X-Session-ID, Access-Control-Allow-Origin, x-requested-with, authorization';
if ($request_method = "OPTIONS") {
return 204;
}
5.lua代码引用
# 通过LUA处理请求链ID
# 本文件需在反代location片段中引入
# 1. 入口请求取ngx.request_id值
# 2. 链上的子节点由入口节点向下传递
# date: 2019-04-24
#
set_by_lua $lua_request_id '
local h = ngx.req.get_headers()
local s = h["request-id"]
if type(s) == "nil" or s == "" or s == "-" then
return ngx.var.request_id
end
return s
';
proxy_set_header request-id $lua_request_id;
6. 编译参数
--prefix=/data/applications/nginx-1.12.2 --with-http_stub_status_module --with-http_ssl_module --with-http_realip_module --with-http_sub_module --with-http_gzip_static_module --with-stream --with-pcre --with-http_geoip_module --with-stream=dynamic --with-http_flv_module --with-ld-opt=-Wl,-rpath,/usr/local/luajit/lib --add-module=/data/softwares/ngx_devel_kit-0.3.0/ --add-module=/data/softwares/lua-nginx-module-0.10.10/
7.lua模块添加
#!/bin/bash
yum install gcc gcc-c++ make automake autoconf libtool pcre* zlib openssl openssl-devel lua-devel geoip-devel -y
echo "export LUAJIT_INC=/usr/local/luajit/include/luajit-2.0" >> /etc/profile
echo "export LUAJIT_LIB=/usr/local/luajit/lib" >> /etc/profile
source /etc/profile
cd /data/softwares/ && wget http://luajit.org/download/LuaJIT-2.0.5.tar.gz && tar xzvf LuaJIT-2.0.5.tar.gz && cd LuaJIT-2.0.5 && make PREFIX=/usr/local/luajit && make install PREFIX=/usr/local/luajit
cd /data/softwares/ && wget https://github.com/simpl/ngx_devel_kit/archive/v0.3.0.tar.gz && tar xzvf v0.3.0.tar.gz &&
cd /data/softwares/ && wget https://github.com/openresty/lua-nginx-module/archive/v0.10.10.tar.gz && tar xzvf v0.10.10.tar.gz
cd /data/softwares/nginx-1.12.2 && ./configure --prefix=/data/applications/nginx-1.12.2 --with-http_stub_status_module --with-http_ssl_module --with-http_realip_module --with-http_sub_module --with-http_gzip_static_module --with-pcre --with-http_geoip_module --with-stream=dynamic --with-http_flv_module --with-ld-opt=-Wl,-rpath,/usr/local/luajit/lib --add-module=/data/softwares/ngx_devel_kit-0.3.0/ --add-module=/data/softwares/lua-nginx-module-0.10.10/ --with-stream && make && make install
8.反代请求头
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
9.跳转规则
rewrite ^/premium http://premium.frontend.turboradio.cn permanent;
10.nginx 配置验证
一、创建配置文件如下内容
server {
listen 80;
server_name alilog.turboradio.cn;
include /etc/nginx/crossdomain.conf;
location / {
auth_basic "Auth of udsdk";
auth_basic_user_file /etc/nginx/log.user;
allow 116.193.48.164;
allow 218.81.0.0/16;
proxy_pass http://192.168.3.197:8999;
}
}
二、安装htppasswd
yum install httpd-tools -y
三、使用htppaaswd创建文件和密码
htpasswd -bc log.user ReadLog uniondrug@readline