nginx

nignx 相关配置

1：nginx 生产环境配置

upstream baidu{
    server ip1 weight=3;
    server ip2 weight=1;    
}

server{
    listen 443 ssl;
    server_name  www.baidu.com;
    client_max_body_size 2048m;

    ssl_certificate /usr/local/nginx/conf/ssl/baidu.pem;
    ssl_certificate_key /usr/local/nginx/conf/ssl/baidu.key;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    

    location / {
        root       /a/b/c/dist;
        index      index.html;
        gzip_static on;
        if ($request_uri = "/") {
            add_header Pragma no-cache;
            add_header Cache-Control no-store;
        }
    }
    
    location /abc/ {
        proxy_pass http://baidu;
        proxy_set_header Host $http_host;
        proxy_http_version 1.1;
        # proxy_connect_timeout 1;
        # proxy_send_timeout 1;
        # proxy_read_timeout 1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
    }

    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
    }
}
server {
	listen 80;
	server_namewww.baidu.com;
	rewrite ^(.*) https://$server_name$1 permanent;
}

接口的轮询
1:按照权重进行轮询(weight代表权重)
upstream baidu{
    server ip1 weight=3;
    server ip2 weight=1;    
}
2:按照顺序进行轮询
upstream baidu{
    server ip1;
    server ip2;    
}
3:ip的hash结果分配
upstream baidu{
    ip_hash;
    server ip1;
    server ip2;    
}

证书的配置
server{
    #配置https必须监听443端口
    listen 443 ssl;
    #域名，配置https必须绑定域名
    server_name  www.baidu.com;
    #post请求体的最大值
    client_max_body_size 2048m;
    
    #ssh证书
    ssl_certificate /usr/local/nginx/conf/ssl/baidu.pem;
    ssl_certificate_key /usr/local/nginx/conf/ssl/baidu.key;
    #超时时间
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
}

前端静态资源配置
    location / {
        #静态资源的绝对路径
        root      /a/b/c//dist;
        index      index.html;
        #强制不缓存
        gzip_static on;
        if ($request_uri = "/") {
            add_header Pragma no-cache;
            add_header Cache-Control no-store;
        }
    }

后端服务配置
    location /abc/ {
        #http://baidu后面的shuran代表上面的 upstream baidu{}里的baidu
        proxy_pass http://baidu;
        #下面未固定配置
        proxy_set_header Host $http_host;
        proxy_http_version 1.1;
        # proxy_connect_timeout 1;
        # proxy_send_timeout 1;
        # proxy_read_timeout 1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
    }

配置访问80端口默认访问的域名
server {
	listen 80;
	server_name www.baidu.com;
	rewrite ^(.*) https://$server_name$1 permanent;
}

2：nginx配置访问docker

upstream baidu{
    server ip;
}

server{
    listen 443 ssl;
    server_name  www.baidu.com;
    if ($host != 'www.baidu.com'){
        return 404;
    }
    ssl_certificate /usr/local/nginx/conf/ssl/baidu/baidu.pem;
    ssl_certificate_key /usr/local/nginx/conf/ssl/baidu/baidu.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;

    location / {
        proxy_pass http://baidu;
        proxy_set_header Host $http_host;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header   X-Real-IP        $remote_addr;
        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
    }

    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
    }
}

server {
    listen 80;
    server_name www.baidu.com;
    rewrite ^(.*) https://$server_name$1 permanent;
}

基本配置同上，如果发现配置之后辉跳转到配置的默认访问地址，需要配置
upstream office{
    server ip;
}
强制nginx在此范围内进行匹配(不建议)