Nginx高级配置

本文主要介绍Nginx高级配置。

http与https并存(一般测试使用)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68

upstream test {
ip_hash;
server 172.18.1.155:52101 weight=10 max_fails=3 fail_timeout=30s;
server 172.18.1.156:52101 weight=10 max_fails=3 fail_timeout=30s;
#max_fails = 3 为允许失败的次数,默认值为1
#fail_timeout = 30s 当max_fails次失败后,暂停将请求分发到该后端服务器的时间
#weight=10 轮询权值
}

server{
listen 80;
server_name www.test.cn;
#rewrite ^(.*) https://$server_name$1 permanent;

location / {

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $http_x_forwarded_for;
proxy_redirect off;
proxy_pass http://test/;

}
location / {

root /opt/web/dist;
index index.html index.htm;
try_files $uri $uri/ /index.html;
error_page 404 /index.html;

}

}

server {

listen 443;
server_name www.yunshibsc.com 47.91.254.214;
charset utf-8;

ssl on;
ssl_certificate /opt/app/nginx-1.14.2/ssl/www.test.cn.pem;
ssl_certificate_key /opt/app/nginx-1.14.2/ssl/www.test.cn.key;
#ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
ssl_ciphers AES256+EECDH:AES256+EDH:AES256-SHA:HIGH:!ADH:!EXPORT56:+MEDIUM:!MD5;
ssl_session_timeout 30m;
location / {

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $http_x_forwarded_for;
proxy_redirect off;
proxy_pass http://test/;

}

location / {

add_header Access-Control-Allow-Origin *;
root /opt/data/nginx_php/file/public;
try_files $uri $uri/ /index.php?$query_string;

}

access_log /opt/logs/nginx/www.test.cn.log main;
access_log /opt/logs/nginx/www.test.cn_json.log access_json;
}

图片防盗链

1
2
3
4
5
6
7
8
9
10

location ~* \.(gif|jpg|png)$ { #表示对gif、jpg、png后缀的文件实行防盗链

valid_referers none blocked www.onlyloveacat.com onlyloveacat.com; #表示对url来源进行判断,允许文件链出的域名白名单, onlyloveacat.com这个指的是子域名,域名与域名之间使用空格隔开
if ($invalid_referer) {

return 403;
}

}
扫一扫,请老师喝水