• Nginx编译安装与常用配置模板

    Nginx编译安装与常用配置模板

    背景

    是在受不了每次都是先去百度,找模板了.
这次将几个常用模板整理一下, 
以后不管在哪里可以直接使用.
注意: 不能直接用于生产, 可用于测试与POC

    第一部分编译

    第一部分文件目录存放:
地址 19服务器 /nginx 目录.
-rw-r--r--  1 root root  335 9月  27 18:50 config.txt
drwxr-xr-x  9 root root  186 12月  4 2019 nginx-1.17.3
drwxr-xr-x  9 root root  186 9月  27 15:14 nginx-1.22.0
drwxr-xr-x  9 root root  186 7月  18 14:45 nginx-1.23.0
drwxr-xr-x  9 root root  186 9月  27 15:05 nginx-1.23.1
drwxr-xr-x  4 root root  207 8月   9 2016 nginx-sticky
drwxrwxr-x 19 root root 4096 9月  27 15:57 openssl-1.1.1b
drwxr-xr-x  9 root root 8192 9月  27 15:57 pcre-8.43
drwxr-xr-x 14 root root 4096 9月  27 15:58 zlib-1.2.11

    第一部分编译

    关于安装的说明:
不需要单独编译zlib openssl之类的内容.
直接在nginx 下面 config 添加就会自动编译.
注意可以放到arm目录上面进行编译出来的制品就可以在国产环境上面运行
注意prefix的路径 建议设定好. 便于维护.

    第一部分编译

    ./configure --prefix=/data/nginx \
--sbin-path=/data/nginx/nginx \
--conf-path=/data/nginx/nginx.conf \
--pid-path=/data/nginx/nginx.pid \
--with-http_ssl_module \
--with-pcre=../pcre-8.43 \
--with-zlib=../zlib-1.2.11 \
--with-openssl=../openssl-1.1.1b \
--with-stream \
--with-stream_ssl_preread_module \
--add-module=../nginx-sticky

    Nginx 配置节模板

    • 简单的前端文件
    • 可以用来进行前后端分离时, nignx暴露前端页面.
    user  root;
worker_processes  1;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    sendfile        on;
    gzip  on;
    server {
        listen       80;
        server_name  localhost;
        location / {
            root /myapp/web/ ;
            index  index.html index.htm;
        }
    }
}

    Nginx配置模板

    • 七层反向代理的模板
    • 可以实现简单的应用负载均衡.
    • 注意 upstream 的名字跟proxy_pass的处理.
    user  root;
worker_processes  1;
events {
    worker_connections  1024;
}
http {
    upstream myapp {
        sticky;|ip_hash;
        server 10.x.x.x:5200;
        server 10.2x.x.x:5200;
    }
    server {
     listen  80;
     server_name ip;|localhost|somename;
    location / {
         add_header 'Access-Control-Allow-Origin' "$http_origin";
         add_header 'Access-Control-Allow-Credentials' "true";
         proxy_pass http://myapp ;
        }
    }
}

    Nginx配置模板

    • 四层反向代理
    • configure 里面必须带 with-stream
    • 需要注意, http替换成了stream 并且没有location的字段.
    worker_processes 1;
events {
    worker_connections  1024;
}
stream {
    upstream backend {
        hash $remote_addr consistent;
        server 127.0.0.1:12346 weight=5;
        server 127.0.0.1:12347            max_fails=3 fail_timeout=30s;
        server 127.0.0.1:12348            max_fails=3 fail_timeout=30s;
    }
    server {
        listen 12345;
        proxy_connect_timeout 1s;
        proxy_timeout 3s;
        proxy_pass backend;
    }
}

    Nginx配置模板

    • 四层不用证书反向代理HTTPS网站
    • 注意必须使用ssl_preread的模块, 注意可以同时反向代理多个站点.
    • 可以在其他服务器上面修改DNS的方式进行使用.
    worker_processes  2;
events {
    worker_connections  10240;
}
stream {
  map $ssl_preread_server_name $backend_pool {
      www.baidu.com baidu;
      www.163.com  163;
  }
  upstream baidu {
  server www.baidu.com:443;
  }
  upstream 163 {
  server www.163.com:443;
  }
    server {
        listen 443;
        ssl_preread on;
        proxy_pass $backend_pool;
        proxy_connect_timeout 15s;
        proxy_timeout 15s;
        proxy_next_upstream_timeout 15s;
    }
}

    Nginx配置模板

    • Https以及80跳转443的写法
    worker_processes  auto;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile on;
    gzip  on;
    access_log off;
    client_max_body_size 20m;
    client_header_buffer_size 64k;
    large_client_header_buffers 4 64k;
    client_body_buffer_size 100m;
    gzip_buffers 16 8k;
    proxy_buffer_size 64k;
    proxy_buffers 4 128k;
    proxy_busy_buffers_size 256k;
    keepalive_timeout 6000;
    fastcgi_connect_timeout 600;
    fastcgi_send_timeout 600;
    fastcgi_read_timeout 600;
    proxy_connect_timeout 600s;
    proxy_send_timeout 1200;
    proxy_read_timeout 1200;
    server_tokens off;

 upstream myapp{
     ip_hash;|sticky;
     server 127.0.0.1:5200 ;   
     server 127.0.0.1:5300 ;   
   }
  server {
     listen  80;
     server_name your.site.com ;
     rewrite ^(.*) https://$server_name$1 permanent; 
        }
    server {
        listen       443 ssl;
        server_name your.site.com ;
        error_page 497 https://$http_host$request_uri;
        ssl_certificate cert/server.crt;
        ssl_certificate_key cert/server.key;
        ssl_session_cache  shared:SSL:1m;
        ssl_session_timeout 5m;
        proxy_buffer_size   128k;
        proxy_buffers   4 256k;
        proxy_busy_buffers_size   256k;
        proxy_set_header        Host            $http_host;
        proxy_set_header        X-Real-IP       $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        valid_referers none blocked server_names; 
        if ($invalid_referer = "1") {
            return 403;
        }
       location / {
         add_header 'Access-Control-Allow-Origin' "$http_origin";
         add_header 'Access-Control-Allow-Credentials' "true";
         proxy_pass http://myapp ;
        }
        location ^~ /api/runtime/sys/v1.0/messagecenter {
            proxy_pass  http://myapp/api/runtime/sys/v1.0/messagecenter;
                    proxy_http_version 1.1;
                    proxy_read_timeout 3600s;
                    proxy_set_header Upgrade $http_upgrade;
                    proxy_set_header Connection "upgrade";
        }
    }
}

    Nginx配置模板

    • 双向SSL认证模板
    worker_processes  auto;
events {
    worker_connections  10240;
}
http {
    client_header_timeout 600;
    client_body_timeout 600;
    client_max_body_size 300m;
    proxy_send_timeout 600;
    proxy_read_timeout 600;
    include       mime.types;
    default_type  application/octet-stream;
    access_log off;
    sendfile        on;
    keepalive_timeout  65;
    gzip on;
    gzip_min_length 1k;
    gzip_buffers 4 16k;
    gzip_comp_level 8;
    gzip_types text/plain application/javascript text/css application/json text/javascript image/svg+xml image/png;
    gzip_vary off;
    upstream myapp {
          ip_hash;
          server 127.0.0.1:5200 weight=5 max_fails=1000 fail_timeout=10s;
    }
   server {
    listen 80;
    server_name www.myapp.com;
    rewrite ^(.*)$ https://${server_name}$1 permanent;
     }
    server {
        listen       443 ssl;
        server_name  www.myapp.com;
        add_header Strict-Transport-Security "max-age=172800; includeSubDomains" ;
        ssl_certificate      /opt/myapp/cert/server.crt;  # server证书公钥 或阿里云证书pem
        ssl_certificate_key  /opt/myapp/cert/server.key;  # server私钥 或阿里云证书key
        ssl_client_certificate /opt/myapp/cert/ca.crt;  # 根级证书公钥,用于验证各个二级client
        ssl_verify_client on;  # 开启客户端证书验证
        ssl_prefer_server_ciphers  on;
        ssl_early_data on;
        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;
        ssl_protocols TLSv1.3 ;
        ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

        location ^~ /  {
            proxy_pass  http://myapp/;
        }
   }
}
  • 相关阅读:
    升级安装 Ubuntu 后该做的20项优化工作
    Delphi中点击DBGrid某一行获得其详细数据方法
    android eclipse xml不自动代码提示
    区别不同浏览器,CSS hack写法
    自我介绍
    秋季学期学习总结
    人生路上影响最大的三位老师
    SQL优化34条
    Visual Studio 2010将支持多种架构设计图
    Visual Studio 2010的SharePoint工作流功能
  • 原文地址:https://www.cnblogs.com/jinanxiaolaohu/p/16736422.html
Copyright © 2020-2023  润新知