Nginx 使用 ¶
Nginx 配置文件 ¶
Nginx 的端口转发 ¶
https 端口转发 ,访问 A 服务器的域名,自动跳转到 B 服务器的某个端口的服务 ¶
server {
server_name <自己的域名>;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate ssl/linuxnbg.com_nginx/linuxnbg.com_bundle.pem;
ssl_certificate_key ssl/linuxnbg.com_nginx/linuxnbg.com.key;
include ssl/linuxnbg.com_nginx/ssl.conf;
location / {
proxy_pass <http://IP:端口>;
}
}
server {
server_name <自己的域名>;
listen 80;
listen [::]:80;
location / {
return 301 https://$host$request_uri;
}
}
访问 A 机器的域名 ,自动跳转到 B 机器的域名(注意:跳转后的地址 会显示B机器的域名,如果写IP 会显示IP ) ¶
server {
server_name <自己的域名>;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate ssl/linuxnbg.com_nginx/linuxnbg.com_bundle.pem;
ssl_certificate_key ssl/linuxnbg.com_nginx/linuxnbg.com.key;
include ssl/linuxnbg.com_nginx/ssl.conf;
if ($host = <旧域名>) {
return 302 <新的域名>;
}
}
server {
server_name <自己的域名>;
listen 80;
listen [::]:80;
location / {
return 302 https://$host$request_uri;
}
}
访问 A机器 本地的静态文件 index.html ¶
server {
server_name <自己的域名>;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate ssl/linuxnbg.com_nginx/linuxnbg.com_bundle.pem;
ssl_certificate_key ssl/linuxnbg.com_nginx/linuxnbg.com.key;
include ssl/linuxnbg.com_nginx/ssl.conf;
root /code/public;
location / {
index index.html;
}
}
server {
server_name <自己的域名>;
listen 80;
listen [::]:80;
location / {
return 301 https://$host$request_uri;
}
}
Nginx 的负载均衡 ¶
nginx 端口监听本地静态index,如wordpress的静态文件 ¶
server {
listen 9999;
root /code/public;
index index.html;
}
upstream service_website {
#ip_hash; #确保了相同的客户端请求一致发送到相同的服务器,以保证session会话
server 101.43.39.226:9999;
}
server {
server_name <自己的域名>;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate ssl/linuxnbg.com_nginx/linuxnbg.com_bundle.pem;
ssl_certificate_key ssl/linuxnbg.com_nginx/linuxnbg.com.key;
include ssl/linuxnbg.com_nginx/ssl.conf;
location / {
proxy_pass http://service_website/;
}
}
server {
server_name <自己的域名>;
listen 80;
listen [::]:80;
location / {
return 301 https://$host$request_uri;
}
}
A 和 B 机器 监听端口 进行 IP轮询 、例如docker、node ¶
upstream service_website {
ip_hash; #确保了相同的客户端请求一致发送到相同的服务器,以保证session会话
server 121.4.22.7:9001 weight=2;
server 101.43.39.226:9001;
}
server {
server_name <自己的域名>;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate ssl/linuxnbg.com_nginx/linuxnbg.com_bundle.pem;
ssl_certificate_key ssl/linuxnbg.com_nginx/linuxnbg.com.key;
include ssl/linuxnbg.com_nginx/ssl.conf;
location / {
proxy_pass http://service_website/;
}
}
server {
server_name <自己的域名>;
listen 80;
listen [::]:80;
location / {
return 301 https://$host$request_uri;
}
}
主域名下的路径 ¶
例如:https://linuxnbg.com/h/c/c/
# 修改 Nginx 配置,按照不同的 URL 进行匹配,转发不同的域名
location ~ ^/h/c/c/(.*)$ {
proxy_pass http://192.168.1.1:8000/$1$is_args$args;
}
location ~ ^/h/c/(.*)$ {
proxy_pass http://192.168.1.1:8777/$1$is_args$args;
}
SSL 配置文件 ¶
# generated 2021-03-24, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1f, intermediate configuration, no OCSP
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1f&ocsp=false&guideline=5.6
ssl_session_timeout 1d; #开启SSL缓存
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
# intermediate configuration #加密算法
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always; #开启HSTS