【nginx实用配置】生产中八个常用的nginx配置

最新推荐文章于 2024-05-15 06:22:39 发布

汪碧康

最新推荐文章于 2024-05-15 06:22:39 发布

阅读量368

点赞数 4

分类专栏： nginx 文章标签： nginx 运维 linux

本文链接：https://blog.csdn.net/weixin_56364253/article/details/137865125

版权

nginx 专栏收录该内容

3 篇文章 0 订阅

订阅专栏

1.nginx防跨域配置

           add_header Access-Control-Allow-Origin $http_Origin;
           add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
           add_header Access-Control-Allow-Headers '*';
           if ($request_method = 'OPTIONS') { return 204;}

2.nginx缓存配置

2.1 http下先定义缓存空间

    proxy_temp_path /dev/shm/nginx_cache/proxy_temp_dir;
    proxy_cache_path /dev/shm/nginx_cache/proxy_cache_dir levels=1:2 keys_zone=cache_html:500m inactive=1d max_size=1g;

2.2 在需要进行缓存的location 下配置

           proxy_cache cache_html;  #引用第一步设置的缓存空间
           proxy_cache_valid 200 304 15m;  #将200 304状态码缓存15分钟
           proxy_cache_key $host$uri$is_args$args;  #定义完整需要缓存的URL
           proxy_set_header Host $host; #定义传到后端的host
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
           proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_504; #当后端返回超时或502时，下一跳请求
           proxy_ignore_headers Set-Cookie; #忽略cookie提高命中率
           proxy_ignore_headers X-Accel-Expires Expires Cache-Control; #忽略缓存头提高命中率
           add_header Nginx-Cache "$upstream_cache_status"; #响应头里显示命中状态

2.3 配置清理nginx缓存，前提是nginx需要安装purage模块，清理缓存时，将URL放到/purge/后边去请求

        location ~ ^/purge(/.*) {
                allow            127.0.0.1;
                allow            192.168.0.0/16;
                deny            all;
                add_header      X-Purge    'cache_html'; #注意缓存空间要一致
                proxy_cache_purge    cache_tuangou   $host$1$is_args$args;
        }

3.nginx配置websocket反向代理

            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header Origin "";

4.nginx配置json日志格式

    log_format  lognormal  '{"@timestamp":"$time_iso8601","remote_addr":"$remote_addr","host":"$host","request_method":"$request_method","uri":"$uri","request_uri":"$request_uri",'
                           '"status":$status,"body_bytes_sent":$body_bytes_sent,"http_referer":"$http_referer",'
                           '"http_user_agent":"$http_user_agent","http_x_forwarded_for":"$http_x_forwarded_for",'
                           '"upstream_addr":"$upstream_addr","upstream_status":"$upstream_status","upstream_response_time":"$upstream_response_time",'
                           '"server_addr":"$server_addr","request_time":$request_time,"scheme":"$scheme",'
                           '"remote_port":"$remote_port"}';

5.nginx https的标准设置

        listen       443 ssl http2; #需安装httpv2模块
        #hsts enable
        #add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
        #ssl                         on;
        ssl_certificate cert/xx.crt;
        ssl_certificate_key cert/xx.key;
        ssl_prefer_server_ciphers   on;
        # self define
        ssl_ciphers  ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AE
S256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA2
56:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
        ssl_protocols             TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
        ssl_session_cache           shared:SSL:20m;
        ssl_session_timeout         10m;

6.nginx通过map定义变量

6.1通过定义变量获取真实的网友IP，先取x-forward-for，为空时去remoteAddress,

map $http_x_forwarded_for $clientRealIp {
    ""    $remote_addr;
    ~^(?P<firstAddr>[0-9\.]+),?.*$    $firstAddr;
}

6.2 获取网友真实IP的C段配置

map $http_x_forwarded_for  $cRealIp {
    ~^(?P<cfirstAddr>[\d]+\.[\d]+\.[\d]+),?.*$    $cfirstAddr;
}

6.3 区分爬虫和真实网友的useragent

map $http_user_agent  $useragent {
   default "";
   ~*spider "spider";
   ~*bot "spider";
}

7.nginx通过useragent进行爬虫或手机端判断

7.1通过useragent判断爬虫

      if ( $http_user_agent ~* (spider|bot|Yahoo\!|dita|crawl) ) {
         rewrite (.*) /SPIDER$1 last;
      }

7.2 通过useragent判断手机端

      if ( $http_user_agent ~* (mobile|nokia|iphone|ipad|ipod|android|samsung|htc|blackberry) ) {
         rewrite (.*) /WAP$1 last;
      }

8.nginx通过404下一跳访问另外一组机器

8.1通过404状态码可以实现相同入口下，两组机器资源不一致的情况

    upstream WEB_APP { #第一组机器
        server  172.16.1.1:6020 fail_timeout=2s max_fails=0;
    }
    
    upstream WEB_HTML { #第二组机器
        server  172.16.1.2:6060 fail_timeout=2s max_fails=0;
    }   
        location ~ ^/aa {
            proxy_intercept_errors on; #该配置会将后端的错误状态码专递回来
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_redirect      off;
            proxy_pass http://WEB_APP; #正常请求第一组机器
            recursive_error_pages on; #该配置会将第二跳后端的错误状态码传递回来
            error_page 404 = @WEB_APP_fallback; #404后通过WEB_APP_fallback请求第二组机器
        }
        
        location @WEB_APP_fallback {
            internal;
            include nginx_proto.conf;
            proxy_pass          http://WEB_HTML;
            proxy_redirect      off;
            proxy_set_header    Host          $host;
            proxy_set_header    X-Real-IP        $remote_addr;
            proxy_set_header    X-Forwarded-For  $proxy_add_x_forwarded_for;
            proxy_intercept_errors on;
        }