一.默认访问协议强制跳转(http--->https)
server {
listen ;
server_name dannylinux.top www.dannylinux.top;
# rewrite ^/(.*) https://$server_name/$1 permanent;
return https://$server_name/$request_uri;
}
server {
listen ;
server_name dannylinux.top www.dannylinux.top;
ssl on;
ssl_certificate /usr/local/nginx/conf/ssl/server.pem;
ssl_certificate_key /usr/local/nginx/conf/ssl/server.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1. TLSv1.;
#启用TLS1.、TLS1.2要求OpenSSL1..1及以上版本,若您的OpenSSL版本低于要求,请使用 ssl_protocols TLSv1;
ssl_ciphers HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM;
ssl_prefer_server_ciphers on;
location /
{
root /opt/source/dannyweb;
index index.html;
}
}
二.获取用户真实源IP
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Cookie $http_cookie;
client_max_body_size 30m;
client_body_buffer_size 128k;
proxy_connect_timeout ;
proxy_read_timeout ;
proxy_send_timeout ;
proxy_buffer_size 64k;
proxy_buffers 32k;
proxy_busy_buffers_size 128k;
proxy_http_version 1.1;
三.反向代理功能实现
#danny-test1
upstream danny-test1 {
ip_hash;
server 12.1.1.1:;
server 12.1.1.2:;
check interval= rise= fall= timeout= default_down=true type=http; //开启nginx状态检查
} #danny-test2
upstream danny-test2 {
ip_hash;
server 12.1.1.1:;
server 12.1.1.2:;
check interval= rise= fall= timeout= default_down=true type=tcp;
} #danny-web
upstream danny-web {
ip_hash;
server 12.1.1.1:;
server 12.1.1.1:;
check interval= rise= fall= timeout= default_down=true type=http;
} #danny-fs
upstream danny-fs {
ip_hash;
server 12.1.1.1:;
server 12.1.1.2:;
check interval= rise= fall= timeout= default_down=true type=tcp;
} #danny-order-web
upstream danny-order-web {
ip_hash;
server 12.1.1.1:;
server 12.1.1.1:;
check interval= rise= fall= timeout= default_down=true type=http;
} ####################################### server {
listen default;
listen ssl;
server_name blog.dannylinux.top; #ssl on;
ssl_certificate /usr/local/nginx/conf/ssl/server.pem;
ssl_certificate_key /usr/local/nginx/conf/ssl/server.key;
ssl_client_certificate /usr/local/nginx/conf/ssl/client.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1. TLSv1.;
ssl_ciphers HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM;
ssl_prefer_server_ciphers on;
#ssl_verify_client on; #####################################屏蔽爬虫
if ($http_user_agent ~* "qihoobot|Baiduspider|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot") {
return ;
} location ^~ /WEB-INF {
deny all;
} ##upstream status
location /upstream_status {
allow 12.1.1.3;
allow 13.1.0.0/;
allow 14.1.1.2;
allow 15.1.1.1;
# deny all;
check_status;
access_log off;
} ##nginx status
location /nginx_status {
allow 12.1.1.3;
allow 13.1.0.0/;
allow 14.1.1.2;
# deny all;
stub_status on;
access_log off;
} #danny-new-static
location ~ ^/(teststatic)/ {
root /opt/source/danny-static/;
} ##########3.0 proxy########## location / {
proxy_pass http://danny-web;
include /usr/local/nginx/conf/proxy.conf;
} #版本匹配
location ~ ^/(v(\d+)/danny-test1)/ {
proxy_pass http://danny-test1;
include /usr/local/nginx/conf/proxy.conf; #普通匹配
location ~ ^/(danny-test2) {
proxy_pass http://danny-test2;
include /usr/local/nginx/conf/proxy.conf;
} #条件匹配
#danny-fs
location ~ ^/(resource|upload)/ {
root /opt/proxy_temp; if (!-e $request_filename){
proxy_pass http://danny-fs;
}
proxy_cache imgcache;
proxy_cache_valid 30d;
proxy_cache_valid any 1d;
proxy_cache_key $host$uri$is_args$args; include /usr/local/nginx/conf/proxy.conf;
} #多条件匹配
#danny-order-web
location ~ ^/(v(\d+)/hehe|v(\d+)/haha|v(\d+)/yoyo|v(\d+)/wuwu|v(\d+)/xixi)/ {
proxy_pass http://danny-order-web;
include /usr/local/nginx/conf/proxy.conf;
}
以上都可单独为写为conf文件