nginx 多配置(.conf)的使用
通常情况下我们在一个.conf 承载好多服务代理的配置,使用.conf 文件过大,过长,以至于管理难,有时修改某个小配置,由于重起或重截配置文件,使用服务受影响。因此使用多配置组合的方式进行管理很有必要。
注意:本文中配置的文件和影射的目录文件,因为我用的是docker 镜像挂载,所以目录要注意宿主的还是容器的目录。
举例:如在一个conf 下的样例
#############################################################
#
# fengsh998
# nginx 反向代理设置,统一集管处,机器不够的话开集群。
# 包括:
# SSL,限流,跨域,集群,黑名单,白名单,负载均衡
#
# $PWD = /opt/nginx
# docker run -p 443:443 -p 80:80 -p 18883:1883 -p 33060:3306 -p 38066:8066 --name nginx
# -v $PWD/www:/www
# -v $PWD/conf/nginx.conf:/etc/nginx/nginx.conf
# -v $PWD/conf/modules:/usr/share/nginx
# -v $PWD/logs:/wwwlogs
# -v $PWD/cert:/opt/nginx/cert
# -d nginx
#############################################################user nginx;#指定进程数
worker_processes auto;#错误日志
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;#动态加载外部配置文件【inclue 路径 + *.conf 】
include /usr/share/nginx/modules/*.conf;#每个进程的最大连接数
events {worker_connections 1024;
}http {log_format main '$remote_addr - $remote_user [$time_local] "$request" ''$status $body_bytes_sent "$http_referer" ''"$http_user_agent" "$http_x_forwarded_for"';#access_log /var/log/nginx/access.log main;access_log /wwwlogs/httpproxy.log main;sendfile on;tcp_nopush on;tcp_nodelay on;keepalive_timeout 65;types_hash_max_size 2048;include /etc/nginx/mime.types;default_type application/octet-stream;# Load modular configuration files from the /etc/nginx/conf.d directory.# See http://nginx.org/en/docs/ngx_core_module.html#include# for more information.# 加载配置include /etc/nginx/conf.d/*.conf;################################################### wiki 服务 # 可以设多个server进行负载均衡# IP绑定 ip_hash每个请求按访问ip的hash结果分配,这样# 每个访客固定访问一个后端服务器,可以解决session的问题。################################################## upstream jira_server {server 172.xx.206.109:8080;}upstream wiki_server {server 172.xx.206.109:8090;}upstream git_server {server 172.xx.206.109:8999;}upstream kibana_server {server 172.xx.188.21:5601;}upstream nexus_admin { server 47.xxx.xx.126:18888 ; }upstream nexus_registry { server 47.xxx.xx.126:18888 ; }#########################以下是服务配置以上是负载均衡########################################################################################################### 使用重定向方式,来把http转为ssl## .company.com 等效于 company.com wwww.company.com *.company.com##############################################################################server {listen 80;server_name advert.company.com;location / {proxy_pass http://advert.igaicloud.cn:8000;}}#dashboardserver {listen 80;server_name dashboard.company.com;location / {root /www/dashboard;index index.html index.htm;}error_page 404 403 500 502 503 504 /404.html;location = /404.html {root /www;}}# server {
# listen 80;
# server_name .company.com; #使用通配的方式
# rewrite ^(.*)$ https://$http_host$request_uri? permanent;
# }server {listen 443 ssl;listen [::]:443 ssl;#访问的域名server_name .company.com;#ssl 证书配置ssl_certificate "/opt/nginx/cert/company.com.pem";ssl_certificate_key "/opt/nginx/cert/company.com.key";ssl_session_cache shared:SSL:1m;ssl_session_timeout 10m;ssl_ciphers HIGH:!aNULL:!MD5;ssl_prefer_server_ciphers on;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;# 泛域名开始配置 subdomain.domain.com的格式if ( $host ~* (.*)\.(.*)\.(.*) ) {set $domain_pix $1; #获取当前的域名前缀 eg wiki.company.com则domain被设置为wiki}#jiraif ($domain_pix = jira) {set $goserver jira_server; }if ($domain_pix = wiki2) {set $goserver wiki_server;}#gitlab 映射if ($domain_pix = gitlab) {set $goserver git_server;}#代理配置location / {############################################################### 跨域配置###############################################################开启代理错误拦截功能proxy_intercept_errors on;proxy_pass http://$goserver;proxy_set_header Host $host;#缓存key规则,自动清除缓存proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-Server $host;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forward-Proto https;proxy_buffering off;proxy_request_buffering off;client_max_body_size 1G;proxy_connect_timeout 3000;proxy_send_timeout 3000;proxy_read_timeout 3000;tcp_nodelay on; }location /localwebsite {root /www/mobile;}location ^~ /kibana {proxy_pass http://kibana_server;proxy_set_header Host $host;#缓存key规则,自动清除缓存proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forward-Proto https;}#屏蔽wiki直接输入访问,所以做了个重定向location /browsepeople.action {rewrite ^(.*)$ https://wiki.company.com permanent;}error_page 404 /404.html;location = /40x.html {}error_page 500 502 503 504 /50x.html;location = /50x.html {}} ###end server ssl#dashboard
# server {
# listen 443 ssl;
# listen [::]:443 ssl;#正式环境的站点
# server_name dashboard.company.com;#ssl 证书配置
# ssl_certificate "/opt/nginx/cert/company.com.pem";
# ssl_certificate_key "/opt/nginx/cert/company.com.key";# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 10m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;# location / {
# root /www/dashboard;
# index index.html index.htm;
# }# error_page 404 403 500 502 503 504 /404.html;
# location = /404.html {
# root /www;
# }# }}stream {log_format proxy '$remote_addr [$time_local] ''$protocol $status $bytes_sent $bytes_received ''$session_time "$upstream_addr" ''"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';access_log /wwwlogs/tcp-access.log proxy;open_log_file_cache off;upstream mysql_server {server 172.xx.218.228:33060;server 172.xx.218.229:33060;}server {listen 3306;proxy_connect_timeout 10s;proxy_timeout 525600m;proxy_pass mysql_server; }
}
进行多文件管理,做多文件管理之前做好目录结构管理,以便于自己管理起来方便。都放一起也行,看个人。
分别来看单个配置文件的内容:
总配置文件
nginx.conf
#############################################################
#
# fengsh998
# nginx 反向代理设置,统一集管处,机器不够的话开集群。
# 包括:
# SSL,限流,跨域,集群,黑名单,白名单,负载均衡
#
# $PWD = /opt/nginx
# docker run -p 443:443 -p 80:80 -p 18883:1883 -p 33060:3306 -p 38066:8066 --name nginx
# -v $PWD/www:/www
# -v $PWD/conf/nginx.conf:/etc/nginx/nginx.conf
# -v $PWD/conf/modules:/usr/share/nginx
# -v $PWD/logs:/wwwlogs
# -v $PWD/cert:/opt/nginx/cert
# -d nginx
#############################################################user nginx;#指定进程数
worker_processes auto;#错误日志
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;#动态加载外部配置文件【inclue 路径 + *.conf 】
include /usr/share/nginx/modules/*.conf;#每个进程的最大连接数
events {worker_connections 1024;
}http {log_format main '$remote_addr - $remote_user [$time_local] "$request" ''$status $body_bytes_sent "$http_referer" ''"$http_user_agent" "$http_x_forwarded_for"';#access_log /var/log/nginx/access.log main;access_log /wwwlogs/httpproxy.log main;sendfile on;tcp_nopush on;tcp_nodelay on;keepalive_timeout 65;types_hash_max_size 2048;include /etc/nginx/mime.types;default_type application/octet-stream;# Load modular configuration files from the /etc/nginx/conf.d directory.# See http://nginx.org/en/docs/ngx_core_module.html#include# for more information.# 加载配置include /etc/nginx/conf.d/*.conf;#加载upstream模块include /usr/share/nginx/ups_modules_http.conf;#加载http server 模块include /usr/share/nginx/http_servers/*.conf; }stream {log_format proxy '$remote_addr [$time_local] ''$protocol $status $bytes_sent $bytes_received ''$session_time "$upstream_addr" ''"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';access_log /wwwlogs/tcp-access.log proxy;open_log_file_cache off;#挂载盘opt/nginx/conf/modulesinclude /usr/share/nginx/stream_servers/*.conf;
}
ups_modules_http.conf
################################################ # 可以设多个server进行负载均衡# IP绑定 ip_hash每个请求按访问ip的hash结果分配,这样# 每个访客固定访问一个后端服务器,可以解决session的问题。################################################## upstream jira_server {server 172.xx.206.109:8080;}upstream wiki_server {server 172.xx.206.109:8090;}upstream git_server {server 172.xx.206.109:8999;}upstream hostapi_arm2_server {server 172.xx.206.111:32000;}upstream kibana_server {#server 172.xx.188.21:5601;#server 172.xx.206.112:5601;server 172.xx.218.227:5601;}#测试用upstream eureka_server {#server 172.xx.188.23:8761;server 172.xx.188.28:8001;}upstream nexus_admin { server 47.xxx.xx.126:18888 ; }upstream nexus_registry { server 47.xxx.xx.126:18888 ; }
mysql.conf
upstream mysql_server {server 172.xx.xxx.228:33060;server 172.xx.xxx.229:33060;}server {listen 3306;proxy_connect_timeout 10s;proxy_timeout 525600m;proxy_pass mysql_server; }
match.conf 当一个顶级通配域名时,可以通过规则进行匹配处理。
#将所有来自http的都自动跳转为https;server { listen 80;server_name .company.com; #使用通配的方式rewrite ^(.*)$ https://$http_host$request_uri? permanent;}server {listen 443 ssl;listen [::]:443 ssl;#访问的域名server_name .company.com;#ssl 证书配置ssl_certificate "/opt/nginx/cert/company.com.pem";ssl_certificate_key "/opt/nginx/cert/company.com.key";ssl_session_cache shared:SSL:1m;ssl_session_timeout 10m;ssl_ciphers HIGH:!aNULL:!MD5;ssl_prefer_server_ciphers on;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;# 泛域名开始配置 subdomain.domain.com的格式if ( $host ~* (.*)\.(.*)\.(.*) ) {set $domain_pix $1; #获取当前的域名前缀 eg wiki.company.com则domain被设置为wiki}if ( $host ~* (.*)\.(.*)\.(.*)\.(.*) ) {set $subdomain_pix $1;}if ($subdomain_pix = eureka) {set $goserver eureka_server;}#jiraif ($domain_pix = jira) {set $goserver jira_server;# set $goserver kibana_server; }if ($domain_pix = wiki2) {set $goserver wiki_server;}if ($domain_pix = arm2api) {set $goserver hostapi_arm2_server;}#gitlab 映射if ($domain_pix = gitlab) {set $goserver git_server;}#kibana#if ($domain_pix = kibana) {# set $goserver kibana_server;#}#代理配置location / {#开启代理错误拦截功能proxy_intercept_errors on;proxy_pass http://$goserver;proxy_set_header Host $host;#缓存key规则,自动清除缓存proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-Server $host;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forward-Proto https;proxy_buffering off;proxy_request_buffering off;client_max_body_size 1G;proxy_connect_timeout 3000;proxy_send_timeout 3000;proxy_read_timeout 3000;tcp_nodelay on; }location /localwebsite {root /www/mobile;}location /kibana/ {auth_basic "请输入用户密码"; #这里是验证时的提示信息auth_basic_user_file /opt/nginx/cert/passwd/fkibana;proxy_pass http://kibana_server/;rewrite ^/kibabna/(.*)$ /$1 break;proxy_set_header X-Real-IP $remote_addr;proxy_set_header Host $host:$server_port;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_http_version 1.1;}#屏蔽wiki直接输入访问,所以做了个重定向location /browsepeople.action {rewrite ^(.*)$ https://wiki.company.com permanent;}error_page 404 /404.html;location = /40x.html {}error_page 500 502 503 504 /50x.html;location = /50x.html {}} ###end server ssl
dashbroad.conf
server {listen 80;server_name dashboard.company.com;location / {root /www/dashboard;index index.html index.htm;}location ^~ /visitor/ {root /www/;try_files $uri $uri/ /index.html last;index index.html index.htm;}# location / {# proxy_set_header Host $host;# proxy_set_header X-Real-IP $remote_addr;# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;# proxy_set_header X-NginX-Proxy true;# proxy_pass http://172.xx.xxx.112:18900;
# }error_page 404 403 500 502 503 504 /404.html;location = /404.html {root /www;}}
nginx 多配置(.conf)的使用相关推荐
- 2022年4月10日记:Linux服务器开发,King,Nginx反向代理与系统参数配置conf原理
Nginx反向代理与系统参数配置conf原理 前言 nginx成功开源的原因: nginx三个可控入口: 惊群 总结 前言 今天学习Nginx反向代理,可以说是慕名而来.从整体上看,我对Nginx的了 ...
- nginx技术(2)nginx的配置详解
nginx的配置 1,启动nginx 1 2 3 4 5 6 7 [root@centos6 nginx-1.2.9]# /usr/sbin/nginx -c /etc/nginx/nginx.con ...
- 实现nginx上配置免费证书Let's Encrypt
Let's Encrypt 的免费证书有效期为三个月,不过可以免费续期,写一个脚本定期更新即可. 准备一台nginx 服务器 ,将以下三个附件上传到你的nginx服务器. 1.下载脚本文件,wget ...
- 推荐一款 Nginx 可视化配置神器
以下文章来源方志朋的博客,回复"666"获面试宝典 来源:逛逛GitHub Nginx 是前后端开发工程师必须掌握的神器.该神器有很多使用场景,比如反向代理.负载均衡.动静分离.跨 ...
- Nginx其他配置——日志管理、网页压缩、访问控制
一.Nginx日志切割 在生产环境中每一天的日志文件都是要打包备份的,如果每天都手动的去截取日志,重命名这样就很不方便,所以我们编写一个脚本并建立一个定时任务来进行这些工作 1.编辑脚本文件,加权限 ...
- php和nginx安装脚本,Nginx + PHP 配置和启动脚本
Nginx + PHP 配置和启动脚本,很实用 # nginx.conf server { listen 8080 ; server_name localhost; location / { root ...
- php修改后nginx返回不生效,nginx修改配置后不生效的问题
nginx增加了新的server name配置,发现nginx -s reload之后总是不生效. http和https均可以打开页面,但是页面是别的server页面,使用的证书也是别的server的 ...
- nginx lua 配置cc 防攻击-使用lua 配置黑白名单
nginx lua 配置cc 防攻击-使用lua 配置黑白名单 cc 防攻击和ip 禁止期限 lua_shared_dict _dict 1m; lua_shared_dict _blacklist ...
- 用Nginx如何配置运行无扩展名PHP文件或非.PHP扩展名文件
用Nginx如何配置运行无扩展名PHP文件或非.PHP扩展名文件 使用Apache + PHP 很容易做到运行无扩展名的PHP文件. 在Nginx中能做到吗?是可以的. 只需将nginx.conf文件 ...
最新文章
- perl5 第十章 格式化输出
- php 请求url没有扩展名,apache – 将.php重定向到无扩展名,并在没有.php的情况下创建url...
- 2020中国互联网房产服务行业用户洞察报告
- Python黑客编程3网络数据监听和过滤
- 一文读懂GaussDB(openGauss) 的六大关键技术特性
- 腾讯计划对斗鱼进行私有化?斗鱼盘前涨超10%
- 微信:情人节女性收520红包的数量是男性的3.9倍,有用户收到200多个
- php 设计模式系列,一看就懂系列之 php设计模式(一)-Go语言中文社区
- 决策树:ID3和C4.5
- 2008 r2 server sql 中文版补丁_sql2008 r2 sp1下载
- Mendeley-一款免费好用的文献管理软件
- 未名down了,人生无趣
- 据说百度的月饼最差劲!!
- npm create vite@latest 失败
- 一句话突破上传限制一句话_一句话的基础
- VOS3000软交换怎么样,云服务器可以配置吗?
- composer设置镜像
- 新手小白如何用linux云服务器搭建wordpress个人网站
- Substrate区块链框架学习小组
- Internal error: : 8 [#1] PREEMPT SMP ARM,vmlinux反汇编命令调试查找错误的步骤