Nginx实用配置-2
Nginx配置-2
1、升级Openssl
[root@rocky8 ~]# nginx -V #查看现在nginx的OpenSSL版本和编译情况
nginx version: nginx/1.22.0
built by gcc 8.5.0 20210514 (Red Hat 8.5.0-10) (GCC)
built with OpenSSL 1.1.1k FIPS 25 Mar 2021
TLS SNI support enabled
configure arguments: --prefix=/apps/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module
[root@rocky8 ~]# tar xf openssl-3.0.5.tar.gz -C /usr/local
[root@rocky8 ~]# cd /usr/local/nginx-1.22.0/
[root@rocky8 nginx-1.22.0]# ./configure --prefix=/apps/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module --with-openssl=/usr/local/openssl-3.0.5
[root@rocky8 nginx-1.22.0]# make && make install
###提示以下错误:需要安装perl-IPC-Cmd包
Can't locate IPC/Cmd.pm in @INC (you may need to install the IPC::Cmd module)
[root@rocky8 nginx-1.22.0]# dnf install perl-IPC-Cmd
[root@rocky8 nginx-1.22.0]# make && make install #再次编译
2、if指令
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
charset utf8;
server_name www.wang.org;
root /data/nginx/html/pc;
location /if {
index index.html;
root /data/nginx/test;
default_type text/html;
echo "if----> $scheme";
if (!-e $request_filename) {
echo "$request_filename is not exist";
}
}
}
[root@rocky8 conf.d]# mkdir /data/nginx/test/if -p
[root@rocky8 conf.d]# echo /data/nginx/test/if > /data/nginx/test/if/index.html
[root@rocky8 conf.d]# nginx -s reload
===========================================================
[root@rocky8 conf.d]# rm -f /data/nginx/test/if/index.html #删除后再测试
[root@rocky8 conf.d]# nginx -s reload
3、set指令
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
charset utf8;
server_name www.wang.org;
root /data/nginx/html/pc;
location /set {
root /data/nginx/html/pc;
index index.html;
default_type text/html;
set $name wang; #定义$name的值是wang
echo $name; #输出$name
set $my_port $server_port; #定义$my_port的值是$server_port的值
echo $my_port;
}
}
[root@rocky8 conf.d]# nginx -s reload
4、break指令
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
charset utf8;
server_name www.wang.org;
root /data/nginx/html/pc;
location /break {
root /data/nginx/html/pc;
index index.html;
default_type text/html;
set $name wang;
echo "break_before:name=$name";
break; #location块中break后面指令还会执行
set $my_port $server_port;
echo "break_after:my_port=$my_port";
echo "break_after:name=$name";
}
}
[root@rocky8 conf.d]# nginx -s reload
5、return 指令
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
charset utf8;
server_name www.wang.org;
root /data/nginx/html/pc;
location / {
root /data/nginx/html/pc;
index index.html;
default_type text/html;
if ( $scheme = http ) {
return 500 "service error";
echo "if-----> $scheme";
}
if ( $scheme = https ) {
echo "if---> $scheme";
}
}
}
[root@rocky8 conf.d]# nginx -s reload
http跳转到https
## 方法1
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
charset utf8;
server_name www.wang.org;
return 302 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name www.wang.org;
charset utf8;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
location / {
root /data/nginx/html/pc;
}
}
[root@rocky8 conf.d]# nginx -s reload
==========================================================
#方法2
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
if ( $scheme = http ) {
return https://www.wang.org/;
}
}
[root@rocky8 conf.d]# nginx -s reload
6、rewrite 指令
# break
[root@rocky8 conf.d]# echo test1 > /data/nginx/html/pc/test1.html
[root@rocky8 conf.d]# echo test2 > /data/nginx/html/pc/test2.html
[root@rocky8 conf.d]# echo test4 > /data/nginx/html/pc/test4.html
[root@rocky8 conf.d]# echo test3 > /data/nginx/html/pc/test3.html
[root@rocky8 conf.d]# echo testa > /data/nginx/html/pc/testa.html
[root@rocky8 conf.d]# echo testb > /data/nginx/html/pc/testb.html
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
if ( $scheme = http ) {
return https://www.wang.org/;
}
location /test {
rewrite /test1.html /test2.html break;
rewrite /test2.html /test3.html;
}
location /test2.html {
rewrite /test2.html /testa.html;
}
location /test3.html {
rewrite /test3.html /testb.html;
}
}
[root@rocky8 conf.d]# nginx -s reload
# last
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
if ( $scheme = http ) {
return https://www.wang.org/;
}
location /test {
rewrite /test1.html /test2.html last;
rewrite /test2.html /test3.html;
}
location /test2.html {
rewrite /test2.html /testa.html;
}
location /test3.html {
rewrite /test3.html /testb.html;
}
}
[root@rocky8 conf.d]# nginx -s reload
# permanent 永久跳转
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
if ( $scheme = http ) {
return https://www.wang.org/;
}
location /test {
rewrite /test1.html /test2.html last;
rewrite /test2.html /test3.html;
}
location /test2.html {
rewrite /test2.html /testa.html;
}
location /test3.html {
rewrite /test3.html /testb.html;
}
location /permanent {
rewrite /permanent https://blog.51cto.com/dayu permanent; #访问/permanent永久跳转至https://blog.51cto.com/dayu
}
}
[root@rocky8 conf.d]# nginx -s reload
# redirect
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
if ( $scheme = http ) {
return https://www.wang.org/;
}
location /test {
rewrite /test1.html /test2.html last;
rewrite /test2.html /test3.html;
}
location /test2.html {
rewrite /test2.html /testa.html;
}
location /test3.html {
rewrite /test3.html /testb.html;
}
location /redirect {
rewrite /redirect https://blog.51cto.com/dayu redirect; #访问/permanent临时跳转至https://blog.51cto.com/dayu
}
}
[root@rocky8 conf.d]# nginx -s reload
自动跳转 https
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
charset utf8;
server_name www.wang.org;
root /data/nginx/html/pc;
return 302 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
location / {
root /data/nginx/html/pc;
}
}
[root@rocky8 conf.d]# nginx -s reload
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
location / { #针对全站跳转
root /data/nginx/html/pc;
index index.html;
if ( $scheme = http ) { #如果没有加条件判断,会导致死循环
rewrite ^/(.*) https://$host/$1 redirect;
}
location /login { #针对特定的URL进行跳转https
if ( $scheme = http ) { #如果没有加条件判断,会导致死循环
rewrite / https://$host/login redirect;
}
}
}
[root@rocky8 conf.d]# mkdir /data/nginx/html/pc/login
[root@rocky8 conf.d]# echo /data/nginx/html/pc/login > /data/nginx/html/pc/login/index.html
[root@rocky8 conf.d]# nginx -s reload
当用户访问到公司网站的时输入了一个错误的URL,可以将用户重定向至官网首页
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
location / {
root /data/nginx/html/pc;
index index.html;
if ( !-e $request_filename ) {
rewrite .* https://www.wang.org/index.html; #实现客户端浏览器的302跳转
}
}
[root@rocky8 conf.d]# nginx -s reload
指定客户端类型跳转新的域名
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
if ( $http_user_agent ~* "android|iphone|ipad" ) { #判断客户端浏览器类型如果是android或者iphone或者ipad就执行下边指令
rewrite ^/(.*) http://m.wang.org/$1 redirect;
}
[root@rocky8 conf.d]# nginx -s reload
网站维护跳转
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
set $ip 0; #在server层下设定ip变量值为0
if ( $remote_addr = 10.0.0.101 ) {
set $ip 1; #如果来源IP是10.0.0.101则设定变量为ip变量为1。
}
if ( $ip = 0 ) { #如果来源IP不是10.0.0.101则跳转maintain.html这个页面,否则不做任何处理
rewrite ^/(.*)$ /maintain.html break;
}
}
[root@rocky8 conf.d]# echo maintain > /data/nginx/html/pc/maintain.html
[root@rocky8 conf.d]# nginx -s reload
7、防盗链
实现盗链
#实现盗链
## 被盗网站设置
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main; #开启被盗网站的日志功能,main是主配置文件日志名称;
location /images {
root /data/nginx/html/pc;
}
}
[root@rocky8 conf.d]# nginx -s reload
===================================================
## 盗链服务器设置
server {
listen 80;
# listen 443 ssl http2; #如果开启https功能,被盗网站日志无法记录referer
charset utf8;
server_name www.da.org;
root /data/nginx/html/da;
# ssl_certificate /apps/nginx/cert/www.wang.org.pem;
# ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
access_log /apps/nginx/logs/www.da.org_access.log main;
# if ( $scheme = http ) {
# rewrite ^/(.*) https://$server_name$request_uri;
# }
}
[root@rocky8 conf.d]# nginx -s reload
## 浏览器测试:注意:最好选用火狐,edge浏览器最新版默认会检测到盗链而阻止
实现防盗链
#实现防盗链
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location /images {
root /data/nginx/html/pc;
valid_referers none blocked server names *.wang.org ~\.baidu\. ; # 有效referer包含的域名
if ( $invalid_referer ) { #无效referer转到403
return 403;
}
}
[root@rocky8 conf.d]# nginx -s reload
8、反向代理单台 web 服务器
# nginx代理服务器:
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location / {
proxy_pass http://www.yu.org; #访问本机域名转至www.yu.org
}
}
[root@rocky8 conf.d]# vim /etc/hosts #添加www.yu.org解析
10.0.0.101 www.yu.org
[root@rocky8 conf.d]# nginx -s reload
=========================================================
#nginx服务器:
[root@ubuntu2004 ~]#vim /etc/nginx/conf.d/www.yu.org.conf
server {
listen 80;
server_name www.yu.org;
root /data/nginx/html/yu;
}
[root@ubuntu2004 ~]#mkdir /data/nginx/html/yu -p
[root@ubuntu2004 ~]#echo /data/nginx/html/yu > /data/nginx/html/yu/index.html
[root@ubuntu2004 ~]#nginx -s reload
#客户端访问www.wang.org测试
# 反向代理服务器:(要关闭proxy_set_header功能,不然多个网站,只会一直访问一个网站)
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location / {
proxy_pass http://www.b.org;
# proxy_set_header Host $http_host;
#proxy_connect_timeout 10s;
}
[root@rocky8 conf.d]# vim /etc/hosts
10.0.0.18 www.a.org www.b.org
[root@rocky8 conf.d]# nginx -s reload
# nginx服务器
[root@rocky8 ~]# vim /etc/nginx/conf.d/www.a.org.conf
server {
listen 80;
server_name www.a.org;
root /data/nginx/a;
}
server {
listen 80;
server_name www.b.org;
root /data/nginx/b;
}
[root@rocky8 ~]# systemctl restart nginx.service
# 客户端测试
[root@ubuntu2004 ~]#curl www.wang.org
www.b.org
9、指定 location 实现反向代理
# 反向代理:
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location /static {
proxy_pass http://www.b.org; #如果访问www.wang.org/static转到www.b.org/static
}
}
[root@rocky8 conf.d]# nginx -s reload
===================
# nignx服务器
[root@rocky8 ~]# vim /etc/nginx/conf.d/www.a.org.conf
server {
listen 80;
server_name www.a.org;
root /data/nginx/a;
}
server {
listen 80;
server_name www.b.org;
root /data/nginx/b;
}
[root@rocky8 ~]# systemctl restart nginx.service
[root@rocky8 ~]# mkdir /data/nginx/b/static
[root@rocky8 ~]# echo /data/nginx/b/static > /data/nginx/b/static/index.html
# 客户端测试
10、针对特定的资源实现代理
# 动静分离
# 代理服务器:
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location /api {
proxy_pass http://10.0.0.18:8080/hello; 访问www.wang.org转至10.0.0.18:8080/hello(hello是go语言web_demo生成的一个页面)
proxy_set_header Host $http_host;
}
}
[root@rocky8 conf.d]# nginx -s reload
# nginx服务器
[root@rocky8 ~]# chmod +x web_demo
[root@rocky8 ~]# ./web_demo
# 客户端测试
11、开启代理服务器缓存功能(加速客户端访问)
#代理服务器:
[root@rocky8 conf.d]# vim /apps/nginx/conf/nginx.conf #主配置定义proxy_cache_path 缓存路径
proxy_cache_path /data/nginx/proxycache levels=1:2:2 keys_zone=proxycache:20m inactive=120s max_size=1g;
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location /static {
proxy_pass http://www.b.org; #www.b.org(nginx服务器)下边要有static
proxy_cache proxycache;
proxy_cache_key $request_uri;
proxy_cache_valid 200 302 301 10m;
proxy_cache_valid any 5m;
}
}
# 客户端测试:
[root@ubuntu2004 ~]#curl http://www.wang.org/static -L
/data/nginx/b/static
[root@ubuntu2004 ~]#ab -n 2000 -c 200 http://www.wang.org/static
# 代理服务器查看缓存目录
12、添加响应报文头部信息
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location /static {
proxy_pass http://www.b.org;
proxy_cache proxycache;
proxy_cache_key $request_uri;
proxy_cache_valid 200 302 301 10m;
proxy_cache_valid any 5m;
add_header X-Via $server_addr; #当前nginx主机的IP
add_header X-Cache $upstream_cache_status; #缓存HIT,不是缓存MISS
add_header X-Accel $server_name; #客户访问的FQDN
}
[root@rocky8 conf.d]# nginx -s reload
#客户端验证:
13、实现反向代理客户端 IP 透传
一级代理实现客户端IP透传
# 代理服务器(10.0.0.8):
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location / {
proxy_pass http://10.0.0.18;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #添加客户端IP和反向代理服务器IP到请求报文头部
}
}
[root@rocky8 conf.d]# nginx -s reload
# Web Server(10.0.0.18) Apache:
[root@rocky8 ~]# yum install -y httpd
[root@rocky8 ~]# vim /etc/httpd/conf/httpd.conf
#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined #注释原有行,添加新行如下:
LogFormat "%{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
[root@rocky8 ~]# systemctl restart httpd
多级代理实现客户端 IP 透传
# 第一台porxy(10.0.0.8):
[root@rocky8 conf.d]# vim /apps/nginx/conf/nginx.conf #开启日志格式,记录x_forwarded_for
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
include /apps/nginx/conf/conf.d/*.conf;
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location / {
proxy_pass http://10.0.0.28;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #开启日志格式,记录x_forwarded_for
}
}
[root@rocky8 conf.d]# nginx -s reload
======================================
# 第二台porxy(10.0.0.28):
[root@rocky8 nginx]# vim /apps/nginx/conf/nginx.conf
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
server {
........
location / {
proxy_pass http://10.0.0.18;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
......
}
# 10.0.0.18的apache和一级IP透传日志设置一样
# 客户端测试
14、使用 Nginx 反向代理功能解决跨域问题案例
# web服务器启动动态测试服务页面(10.0.0.18)
[root@rocky8 ~]# ./web_demo 默认开启一个hello页面8080端口
===========================
#反向代理服务器(10.0.0.8)
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location /hello { #设置访问hello转至www.dayu.org:8080
proxy_pass http://www.dayu.org:8080; #这里如果写域名的话需要解析,如果写IP地址就不需要
}
}
[root@rocky8 conf.d]# vim /etc/hosts #加上解析至www.dayu.org
10.0.0.18 www.dayu.org
[root@rocky8 conf.d]# vim /data/nginx/html/pc/cors.html #编辑需要有跨域资源的页面
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Cross-origin resource sharing</title>
</head>
<body>
<script src="https://code.jquery.com/jquery-2.2.4.min.js"></script>
<script>
$.ajax({
url:'http://www.wang.org/hello', #指向自己
type:'get',
data:{},
success:function(res){
//res = JSON.parse(res);
console.log('请求成功',res)
},
error:function(er){
console.log('请求错误')
}
})
</script>
</body>
</html>
[root@rocky8 conf.d]# nginx -s reload
#客户端测试
Nginx实用配置-2的更多相关文章
- Nginx 实用配置
1 防盗链 相关配置: valid_referers location ~* \.(gif|jpg|png)$ { # 只允许 192.168.0.1 请求资源 valid_referers none ...
- nginx实用配置用例
vue项目部署及后台api访问 nginx.conf # vue本地项目配置 ... server { listen 8000; server_name localhost; root /.../di ...
- 在nginx中配置如何防止直接用ip访问服务器web server及server_name特性讲解
看了很多nginx的配置,好像都忽略了ip直接访问web的问题,不利于SEO优化,所以我们希望可以避免直接用IP访问网站,而是域名访问,具体怎么做呢,看下面. 官方文档中提供的方法: If you d ...
- 如何在Nginx下配置PHP程序环境
1.nginx与PHP的关系 首先来看nginx与php的关系, FastCGI的关系(而不是像apache那样安装成nginx的模块) FastCGI的意思是, 快速的通用网关接口:CGI Comm ...
- 从零开始学 Java - CentOS 下 Nginx + Tomcat 配置负载均衡
为什么现在有非常多的聪明人都在致力于互联网? 最近在读埃隆·马斯克传记,他说「我认为现在有非常多的聪明人都在致力于互联网」. 仔细一想,好像真的是这样的. 我问了自己一个问题:如果你不敲代码了,你能做 ...
- Nginx主配置参数详解,Nginx配置网站
1.Niginx主配置文件参数详解 a.上面博客说了在Linux中安装nginx.博文地址为:http://www.cnblogs.com/hanyinglong/p/5102141.html b.当 ...
- nginx + tomcat配置负载均衡
目标:Nginx做为HttpServer,连接多个tomcat应用实例,进行负载均衡. 注:本例程以一台机器为例子,即同一台机器上装一个nginx和2个Tomcat且安装了JDK1.7. 1.安装Ng ...
- spring4+websocket+nginx详细配置
实现的版本jdk1.7.0_25, tomcat7.0.47.0, Tengine/2.1.1 (nginx/1.6.2), servlet3.0, spring4.2.2 使用maven导入版本3. ...
- Nginx Location配置总结
Nginx Location配置总结 语法规则: location [=|~|~*|^~] /uri/ { - }= 开头表示精确匹配^~ 开头表示uri以某个常规字符串开头,理解为匹配 url路径即 ...
随机推荐
- Excelize 2.3.2 发布,Go 语言 Excel 文档基础库,2021 年首个更新
Excelize 是 Go 语言编写的用于操作 Office Excel 文档基础库,基于 ECMA-376,ISO/IEC 29500 国际标准.可以使用它来读取.写入由 Microsoft Exc ...
- docker hung住问题排查
背景:这个是之前遇到的老问题. # systemctl status lxcfs● lxcfs.service - FUSE filesystem for LXC Loaded: loaded (/u ...
- 前端知识之CSS(1)-css语法、css选择器(属性、伪类、伪元素、分组与嵌套)、css组合器
目录 前端基础之css 1.关于css的介绍 2.css语法 3.三种编写CSS的方式 3.1.style内部直接编写css代码 3.2.link标签引入外部css文件 3.3.标签内直接书写 4.c ...
- 「题解报告」Blocks
P3503 Blocks 题解 原题传送门 思路 首先我们可以发现,若 \(a_l\) ~ \(a_r\) 的平均值大于等于 \(k\) ,则这个区间一定可以转化为都大于等于 \(k\) 的.我们就把 ...
- Mybatis-Plus使用@TableField实现自动填充日期
一.前言 我们在日常开发中经常使用ORM框架,比如Mybatis.tk.Mybatis.Mybatis-Plus.不过最广泛的还是Mybatis-Plus,我们的一些表,都会有创建时间.更新时间.创建 ...
- 为什么Index Only Scan却还需要访问表
在实际SQL优化工作中,我们经常会发现SQL 执行计划明明是 "Index Only Scan",但执行计划后面却有 "Heap Fetches: x" ,也就 ...
- 手写tomcat——有线程池化能力的servlet 服务
点击查看代码 public class DiyTomcat { private int port = 8080; public static final HashMap<String, DiyS ...
- angr原理与实践(二)—— 各类图的生成(CFG CG ACFG DDG等)
本文系原创,转载请说明出处 Please Subscribe Wechat Official Account:信安科研人,获取更多的原创安全资讯 上一篇文章介绍了angr的原理,自此篇文章开始, ...
- Linux 压缩、解压缩命令
Linux 压缩.解压缩命令 tar 语法命令 tar [options-] [files] options: 选择 描述 -A 追加tar文件至归档 -c 创建一个新文档 -d 找出归档和文件系统的 ...
- Elasticsearch:Index生命周期管理入门
如果您要处理时间序列数据,则不想将所有内容连续转储到单个索引中. 取而代之的是,您可以定期将数据滚动到新索引,以防止数据过大而又缓慢又昂贵. 随着索引的老化和查询频率的降低,您可能会将其转移到价格较低 ...