nignx 相关配置
1:nginx 生产环境配置
upstream baidu{
server ip1 weight=3;
server ip2 weight=1;
}
server{
listen 443 ssl;
server_name www.baidu.com;
client_max_body_size 2048m;
ssl_certificate /usr/local/nginx/conf/ssl/baidu.pem;
ssl_certificate_key /usr/local/nginx/conf/ssl/baidu.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
root /a/b/c/dist;
index index.html;
gzip_static on;
if ($request_uri = "/") {
add_header Pragma no-cache;
add_header Cache-Control no-store;
}
}
location /abc/ {
proxy_pass http://baidu;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
# proxy_connect_timeout 1;
# proxy_send_timeout 1;
# proxy_read_timeout 1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
server {
listen 80;
server_namewww.baidu.com;
rewrite ^(.*) https://$server_name$1 permanent;
}
接口的轮询
1:按照权重进行轮询(weight代表权重)
upstream baidu{
server ip1 weight=3;
server ip2 weight=1;
}
2:按照顺序进行轮询
upstream baidu{
server ip1;
server ip2;
}
3:ip的hash结果分配
upstream baidu{
ip_hash;
server ip1;
server ip2;
}
证书的配置
server{
#配置https必须监听443端口
listen 443 ssl;
#域名,配置https必须绑定域名
server_name www.baidu.com;
#post请求体的最大值
client_max_body_size 2048m;
#ssh证书
ssl_certificate /usr/local/nginx/conf/ssl/baidu.pem;
ssl_certificate_key /usr/local/nginx/conf/ssl/baidu.key;
#超时时间
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
}
前端静态资源配置
location / {
#静态资源的绝对路径
root /a/b/c//dist;
index index.html;
#强制不缓存
gzip_static on;
if ($request_uri = "/") {
add_header Pragma no-cache;
add_header Cache-Control no-store;
}
}
后端服务配置
location /abc/ {
#http://baidu后面的shuran代表上面的 upstream baidu{}里的baidu
proxy_pass http://baidu;
#下面未固定配置
proxy_set_header Host $http_host;
proxy_http_version 1.1;
# proxy_connect_timeout 1;
# proxy_send_timeout 1;
# proxy_read_timeout 1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
配置访问80端口默认访问的域名
server {
listen 80;
server_name www.baidu.com;
rewrite ^(.*) https://$server_name$1 permanent;
}
2:nginx配置访问docker
upstream baidu{
server ip;
}
server{
listen 443 ssl;
server_name www.baidu.com;
if ($host != 'www.baidu.com'){
return 404;
}
ssl_certificate /usr/local/nginx/conf/ssl/baidu/baidu.pem;
ssl_certificate_key /usr/local/nginx/conf/ssl/baidu/baidu.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://baidu;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
server {
listen 80;
server_name www.baidu.com;
rewrite ^(.*) https://$server_name$1 permanent;
}
基本配置同上,如果发现配置之后辉跳转到配置的默认访问地址,需要配置
upstream office{
server ip;
}
强制nginx在此范围内进行匹配(不建议)