设为首页收藏本站
开启辅助访问
Nginx 您所在的位置:网站首页 windows部署nginx代理 Nginx

Nginx

#Nginx| 来源: 网络整理| 查看: 265

Nginx 配置整理IP传递(代理java接口)流穿透mysqlredishttp 自动导向httpshttps 配置 (SSL)纯静态VUE静态文件h5minioconsole地址file地址非Root配置标准的Root配置使用Rewrite的非Root配置 - 一般用这个限制文件大小负载均衡重定向带参数不带参数跨域IPV6配置同时监听IPV4和IPV6只监听IPV6监听指定IPV6地址配置错误页面nginx配置,增加登录验证安装htpasswd工具生成密钥文件在原有密码文件中增加下一个用户不更新密码文件,只显示加密后的用户名和密码用htpasswd命令删除用户名和密码用 htpasswd 命令修改密码htpasswd命令选项参数说明nginx配置登录验证nginx 搭建文件服务器Spring boot admin配置双方的 X-Forwarded-Proto 就是为了正确地识别实际用户发出的协议是 http 还是 https

Nginx 配置整理

linux : nginx -s reload

windows :去任务管理器搜nginx 进行杀掉后重启

IP传递(代理java接口)location /test/ { proxy_pass http://localhost:9002/; proxy_set_header Host $host; proxy_http_version 1.1; // proxy_set_header Connection ""; proxy_set_header X-Forwarded-Host $server_name; proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Real-IP $remote_addr;z proxy_set_header REMOTE_ADDR $remote_addr; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;} /** * 获取有网关是 的真正客户端IP 测试过nginx可以获取 * * * location /test/ { * proxy_pass http://localhost:9002/; * proxy_set_header Host $host; * proxy_set_header X-Forwarded-Host $server_name; * proxy_set_header X-Real-IP $remote_addr; * proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; * } * * @param request request * @return ip */ public static String getPoxyIp(HttpServletRequest request) { String ip = request.getHeader("X-Forwarded-For"); if ( null != ip && !UNKNOWN.equalsIgnoreCase(ip) ) { // 多次反向代理后会有多个ip值,第一个ip才是真实ip int index = ip.indexOf(","); if ( index != -1 ) { return ip.substring(0, index); } else { return ip; } } ip = request.getHeader("X-Real-IP"); if ( null != ip && !UNKNOWN.equalsIgnoreCase(ip) ) { return ip; } return request.getRemoteAddr(); }

流穿透

我使用的是 openresty 自带 stream模块

原生请参考:我也没试过,百度来的

mysql redis

mysqlstream { upstream mysql{ hash $remote_addr consistent; # $binary_remote_addr; server 127.0.0.1:3306 weight=5 max_fails=3 fail_timeout=30s; } server { listen 3317;#数据库服务器监听端口 proxy_connect_timeout 10s; proxy_timeout 300s;#设置客户端和代理服务之间的超时时间,如果5分钟内没操作将自动断开。 proxy_pass mysql; }}

redisstream { upstream redis { server 127.0.0.1:6379 max_fails=3 fail_timeout=30s; } server { listen 6616; proxy_connect_timeout 1s; proxy_timeout 3s; proxy_pass redis; }}

http 自动导向https

rewrite ^(.*) https://$server_name$1 permanent;

nginx http 自动导向httpsserver { listen 80; server_name nexus.tannn.cn; #charset koi8-r; #access_log logs/host.access.log main; rewrite ^(.*) https://$server_name$1 permanent;} server { listen 443 ssl; server_name xx.cn; ssl_certificate /usr/local/openresty/nginx/xx.cn_nginx/xx.cn.pem; ssl_certificate_key /usr/local/openresty/nginx/xx.cn_nginx/xx.tannn.cn.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; client_max_body_size 500M; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_pass http://localhost:8081/; proxy_set_header X-Forwarded-Proto https; # 转发时使用https协议 proxy_set_header REMOTE_ADDR $remote_addr; proxy_set_header Host $http_host; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; }}

https 配置 (SSL)

🧅 listen

🧅 ssl_certificate

🧅 ssl_certificate_key

🧅 proxy_set_header X-Forwarded-Proto https;

server { listen 443 ssl; server_name xx.cn; ssl_certificate /usr/local/openresty/nginx/xx.cn_nginx/xx.cn.pem; ssl_certificate_key /usr/local/openresty/nginx/xx.cn_nginx/xx.tannn.cn.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; client_max_body_size 500M; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_pass http://localhost:8081/; proxy_set_header X-Forwarded-Proto https; # 转发时使用https协议 proxy_set_header REMOTE_ADDR $remote_addr; proxy_set_header Host $http_host; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; }}

纯静态# 代理到 所有文件的公共根目录bistdashboard/html/index.html## 目录结构#### bistdashboard/html/xx.html#### bistdashboard/js/xx.js#### bistdashboard/css/xx.css# 访问 http://127.0.0.1:80/bistdashboard/html/index.htmllocation /bistdashboard/ { alias /home/detabes/softwares/bist-dashboard/;}

VUE静态文件# nginx - vue (/tn/index.html 中的 tn必须要在 location 中体现)location /tn { alias /tn/tn/admin/dist; index index.html; try_files $uri $uri/ /tn/index.html;}

h5location /mobile { alias C:/detabes/web/h5/; index index.html; try_files $uri $uri/ /mobile/index.html;}

minioserver { listen 80; server_name xx.com; # To allow special characters in headers ignore_invalid_headers off; # Allow any size file to be uploaded. # Set to a value such as 1000m; to restrict file size to a specific value client_max_body_size 0; # To disable buffering proxy_buffering off; location / { proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-NginX-Proxy true; # This is necessary to pass the correct IP to be hashed real_ip_header X-Real-IP; proxy_connect_timeout 300; # To support websocket proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; chunked_transfer_encoding off; proxy_pass http://127.0.0.1:9100; } location ~^/files { proxy_buffering off; proxy_set_header Host $http_host; rewrite ^/files/(.*)$ /$1 break; proxy_pass http://127.0.0.1:9000; }}

console地址location / { proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-NginX-Proxy true; # This is necessary to pass the correct IP to be hashed real_ip_header X-Real-IP; proxy_connect_timeout 300; # To support websocket proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; chunked_transfer_encoding off; proxy_pass http://console.com; }

file地址

非Root配置 location ~^/files { proxy_buffering off; proxy_set_header Host $http_host; proxy_pass http://localhost:9000; }

标准的Root配置server { listen 80; server_name example.com; location / { proxy_set_header Host $http_host; proxy_pass http://localhost:9000; }}

使用Rewrite的非Root配置 - 一般用这个location ~^/files { proxy_buffering off; proxy_set_header Host $http_host; rewrite ^/files/(.*)$ /$1 break; proxy_pass http://localhost:9000; }

限制文件大小文件大小限制http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; # 大小 client_max_body_size 1024M; # timeout时间 keepalive_timeout 1800; #gzip on;}

负载均衡 权重 weight (数字越大访问比例越高) : weight和访问比率成正比iphash(ip_hash可以和weight配合使用):每个请求都根据访问ip的hash结果分配,经过这样的处理,每个访客固定访问一个后端服务。least_conn(least_conn可以和weight配合使用):将请求分配到连接数最少的服务上fair(fair可以和weight配合使用):按后端服务器的响应时间来分配请求,响应时间短的优先分配 upstream www.api.com { iphash; server 172.31.253.1:1122 weight=1; server 172.31.253.2:1122 weight=2;}server { listen 8888; # 多 server_name server_name 172.31.253.1 xx.xx.com 123.123.1.14; #client_max_body_size 200m; #charset koi8-r; #access_log logs/host.access.log main; location /api { proxy_pass http://www.api.com/api; proxy_redirect off; proxy_set_header Host $host:8888; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_read_timeout 300; } }

重定向

rewrite

带参数server { listen 8085 ssl; server_name web.xxx.com; ssl_certificate /home/detabes/https/6388682_web.xxx.com_nginx/6388682_web.xxx.com.pem; ssl_certificate_key /home/detabes/https/6388682_web.xxx.com_nginx/6388682_web.xxx.com.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; client_max_body_size 500M; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { // rewrite ^(.*) https://$server_name$1 permanent; // $server_name = server_name web.xxx.com; rewrite ^(.*) https://web.xxx.com:8085/RMS/html/index02.html$1 permanent; } location /RMS { proxy_pass http://127.0.0.1:8084/RMS; proxy_redirect off; proxy_set_header X-Forwarded-Proto https; proxy_set_header Host $host:8085; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_read_timeout 300; }}

不带参数server { listen 8085 ssl; server_name web.xxx.com; ssl_certificate /home/xxx/https/6388682_web.xxx.com_nginx/6388682_web.xxx.com.pem; ssl_certificate_key /home/xxx/https/6388682_web.xxx.com_nginx/6388682_web.xxx.com.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; client_max_body_size 500M; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { // rewrite ^(.*) https://$server_name; // $server_name = server_name web.xxx.com; rewrite ^(.*) https://web.xxx.com:8085/RMS/html/index02.html; } location /RMS { proxy_pass http://127.0.0.1:8084/RMS; proxy_redirect off; proxy_set_header X-Forwarded-Proto https; proxy_set_header Host $host:8085; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_read_timeout 300; }}

跨域location / { add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS'; add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization'; if ($request_method = 'OPTIONS') { return 204; }}

IPV6配置

同时监听IPV4和IPV6server { listen [::]:80;}

只监听IPV6server { listen [::]:80 default ipv6only=on;}

监听指定IPV6地址server { listen [xx:xx:xx:xx:1]:80;}

配置错误页面

nginx配置,增加登录验证

https://zhuanlan.zhihu.com/p/351256125

https://blog.51cto.com/u_10950710/2334528

安装htpasswd工具# centos yum -y install nginx #安装nginxyum -y install httpd-tools #安装httpd-tools # ubuntu sudo apt search htpasswdsudo apt install apache2-utils

生成密钥文件[root@test102 conf.d]# htpasswd -cm /etc/nginx/htpasswd crystal #/etc/nginx/htpasswd就是配置文件里面配置的密码文件,crystal就是用户名New password: #输入密码Re-type new password: #再次输入密码,回车Adding password for user crystal

在原有密码文件中增加下一个用户

htpasswd -b /etc/nginx/htpasswd ren002 456 cat /etc/nginx/htpasswd ren001:$apr1$Ln1ZsyVn$2hn3VFqP0L5tNA1UCSU8F. ren002:$apr1$hCiMb9jc$Z.m7ZgOBCj0ISeIieTaVy/ #去掉c选项,即可在第一个用户之后添加第二个用户,依此类推

不更新密码文件,只显示加密后的用户名和密码

htpasswd -nb ren002 456 ren002:$apr1$DT53A20W$YRS7p4j.1Wum9q0kG3OQv. #不更新.passwd文件,只在屏幕上输出用户名和经过加密后的密码

用htpasswd命令删除用户名和密码

htpasswd -D /etc/nginx/htpasswd ren002 Deleting password for user ren002 cat /etc/nginx/htpasswd ren001:$apr1$Ln1ZsyVn$2hn3VFqP0L5tNA1UCSU8F.

用 htpasswd 命令修改密码

htpasswd -D /etc/nginx/htpasswd ren001 Deleting password for user ren001 htpasswd -b /etc/nginx/htpasswd ren001 123456 Adding password for user ren001

htpasswd命令选项参数说明

-c 创建一个加密文件

-n 不更新加密文件,只将htpasswd命令加密后的用户名,密码显示在屏幕上

-m 默认htpassswd命令采用MD5算法对密码进行加密

-d htpassswd命令采用CRYPT算法对密码进行加密

-p htpassswd命令不对密码进行进行加密,即明文密码

-s htpassswd命令采用SHA算法对密码进行加密

-b htpassswd命令行中一并输入用户名和密码而不是根据提示输入密码

-D 删除指定的用户

nginx配置登录验证

windows路径注意:

❌D:\tools\nginx\openresty-1.19.3.1-win64\htpasswd

✅D:/tools/nginx/openresty-1.19.3.1-win64/htpasswd

location /password { # proxy_pass http://10.0.0.102:5601$request_uri; #加上下面两行内容: auth_basic "登陆验证"; auth_basic_user_file /etc/nginx/htpasswd; #/etc/nginx/htpasswd是密码文件,路径自定义}# 例子location /api { #加上下面两行内容: auth_basic "登陆验证"; auth_basic_user_file D:/tools/nginx/openresty-1.19.3.1-win64/htpasswd; #/etc/nginx/htpasswd是密码文件,路径自定义 proxy_pass http://192.168.0.65:9004/; proxy_set_header Host $host; proxy_set_header X-Forwarded-Host $server_name; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;}

nginx 搭建文件服务器

location / { # 文件目录 alias D:/share; # 基本验证 可选 auth_basic "nginx basic auth"; auth_basic_user_file C:/nginx/conf/htpasswd; # 文件显示功能 autoindex on; #开启索引功能 autoindex_exact_size off; #关闭计算文件确切大小(单位bytes),只显示大概大小(单位kb、mb、gb) autoindex_localtime on; #显示本机时间而非 GMT 时间 }

Spring boot admin# 没测试过# nohup java -jar springbootadmin-1.0-SNAPSHOT.jar --server.servlet.context-path=/adminlocation /admin { rewrite ^~/admin/(.*) /$1 break; proxy_pass http://localhost:9002;} # https配置文件中server: forward-headers-strategy: nativespring: boot: admin: context-path: / ui: public-url: https://域名/ cache: no-cache: truelocation / { proxy_pass http://localhost:8001; proxy_set_header Host $proxy_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Host $host; proxy_http_version 1.1; proxy_set_header X-Forwarded-Proto https; proxy_set_header Upgrade $http_upgrade; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Port $server_port;}

配置双方的 X-Forwarded-Proto 就是为了正确地识别实际用户发出的协议是 http 还是 httpsproxy_set_header X-Forwarded-Proto $scheme;proxy_set_header X-Forwarded-Port $server_port;


【本文地址】

公司简介

联系我们

今日新闻

    推荐新闻

    专题文章
      CopyRight 2018-2019 实验室设备网 版权所有