当前位置 : Nginx简单配置与反向代理
日期:2017-06-14
Nginx域名跳转
[root@servera ~]#vim /etc/nginx/conf.d/www.hpoto.com.cn.conf
server {
listen 80;
server_name www.hpoto.com.cn;
root /usr/share/nginx/hpoto.com.cn;
index index.html index.htm;
if($http_host ~ www\.hpoto\.cn){
rewrite .* http://www.hpoto.com.cn permanent;
}
}
Nginx主机头优化
[root@servera ~]#vim /etc/nginx/conf.d/www.hpoto.com.cn.conf
server {
listen 80;
server_name www.hpoto.com.cn;
root /usr/share/nginx/hpoto.com.cn;
index index.html index.htm;
if($http_host ~* ^www\.hpoto\.com\.cn$){
break;
}
#如果用户访问的是www.hpoto.com.cn,则不做rewrite
if($http_host ~* ^(.*)\.abc\.com\.cn$){
set $domain $1;
rewrite /.* /$domain/index.html break;
}
}
Nginx_ssl配置
[root@servera ~]#vim /etc/nginx/conf.d/www.hpoto.com.cn.conf
server {
listen 443 ssl; # https监听443端口
server_name www.hpoto.com.cn;
root /usr/share/nginx/hpoto.com.cn; #定义网站根目录相关
index index.html index.htm;
ssl_certificate /etc/nginx/key/servera-web.crt; #证书存放路径
ssl_certificate_key /etc/nginx/key/servera-web.key; #私钥存放位置(私钥权限最小化原则)
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5; #指出允许的密码,密码指定为openssl支持的格式
ssl_prefer_server_ciphers on; #依赖SSLv3 和TLSv1 协议的服务器密码将优先于客户端密码
}
Nginx_proxy反向代理
[root@servera ~]# cat /etc/nginx/conf.d/www.hpoto.com.cn.conf
server {
listen 80;
server_name www.hpoto.com.cn;
location / {
proxy_pass http://192.168.0.11;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404;
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect off;
}
}
[root@servera ~]#vim /etc/nginx/conf.d/www.hpoto.com.cn.conf
server {
listen 80;
server_name www.hpoto.com.cn;
root /usr/share/nginx/hpoto.com.cn;
index index.html index.htm;
if($http_host ~ www\.hpoto\.cn){
rewrite .* http://www.hpoto.com.cn permanent;
}
}
Nginx主机头优化
[root@servera ~]#vim /etc/nginx/conf.d/www.hpoto.com.cn.conf
server {
listen 80;
server_name www.hpoto.com.cn;
root /usr/share/nginx/hpoto.com.cn;
index index.html index.htm;
if($http_host ~* ^www\.hpoto\.com\.cn$){
break;
}
#如果用户访问的是www.hpoto.com.cn,则不做rewrite
if($http_host ~* ^(.*)\.abc\.com\.cn$){
set $domain $1;
rewrite /.* /$domain/index.html break;
}
}
Nginx_ssl配置
[root@servera ~]#vim /etc/nginx/conf.d/www.hpoto.com.cn.conf
server {
listen 443 ssl; # https监听443端口
server_name www.hpoto.com.cn;
root /usr/share/nginx/hpoto.com.cn; #定义网站根目录相关
index index.html index.htm;
ssl_certificate /etc/nginx/key/servera-web.crt; #证书存放路径
ssl_certificate_key /etc/nginx/key/servera-web.key; #私钥存放位置(私钥权限最小化原则)
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5; #指出允许的密码,密码指定为openssl支持的格式
ssl_prefer_server_ciphers on; #依赖SSLv3 和TLSv1 协议的服务器密码将优先于客户端密码
}
Nginx_proxy反向代理
[root@servera ~]# cat /etc/nginx/conf.d/www.hpoto.com.cn.conf
server {
listen 80;
server_name www.hpoto.com.cn;
location / {
proxy_pass http://192.168.0.11;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404;
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect off;
}
}