Nginx实用配置-2
Nginx配置-2
1、升级Openssl
[root@rocky8 ~]# nginx -V #查看现在nginx的OpenSSL版本和编译情况
nginx version: nginx/1.22.0
built by gcc 8.5.0 20210514 (Red Hat 8.5.0-10) (GCC)
built with OpenSSL 1.1.1k FIPS 25 Mar 2021
TLS SNI support enabled
configure arguments: --prefix=/apps/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module
[root@rocky8 ~]# tar xf openssl-3.0.5.tar.gz -C /usr/local
[root@rocky8 ~]# cd /usr/local/nginx-1.22.0/
[root@rocky8 nginx-1.22.0]# ./configure --prefix=/apps/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module --with-openssl=/usr/local/openssl-3.0.5
[root@rocky8 nginx-1.22.0]# make && make install
###提示以下错误:需要安装perl-IPC-Cmd包
Can't locate IPC/Cmd.pm in @INC (you may need to install the IPC::Cmd module)
[root@rocky8 nginx-1.22.0]# dnf install perl-IPC-Cmd
[root@rocky8 nginx-1.22.0]# make && make install #再次编译
2、if指令
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
charset utf8;
server_name www.wang.org;
root /data/nginx/html/pc;
location /if {
index index.html;
root /data/nginx/test;
default_type text/html;
echo "if----> $scheme";
if (!-e $request_filename) {
echo "$request_filename is not exist";
}
}
}
[root@rocky8 conf.d]# mkdir /data/nginx/test/if -p
[root@rocky8 conf.d]# echo /data/nginx/test/if > /data/nginx/test/if/index.html
[root@rocky8 conf.d]# nginx -s reload
===========================================================
[root@rocky8 conf.d]# rm -f /data/nginx/test/if/index.html #删除后再测试
[root@rocky8 conf.d]# nginx -s reload
3、set指令
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
charset utf8;
server_name www.wang.org;
root /data/nginx/html/pc;
location /set {
root /data/nginx/html/pc;
index index.html;
default_type text/html;
set $name wang; #定义$name的值是wang
echo $name; #输出$name
set $my_port $server_port; #定义$my_port的值是$server_port的值
echo $my_port;
}
}
[root@rocky8 conf.d]# nginx -s reload
4、break指令
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
charset utf8;
server_name www.wang.org;
root /data/nginx/html/pc;
location /break {
root /data/nginx/html/pc;
index index.html;
default_type text/html;
set $name wang;
echo "break_before:name=$name";
break; #location块中break后面指令还会执行
set $my_port $server_port;
echo "break_after:my_port=$my_port";
echo "break_after:name=$name";
}
}
[root@rocky8 conf.d]# nginx -s reload
5、return 指令
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
charset utf8;
server_name www.wang.org;
root /data/nginx/html/pc;
location / {
root /data/nginx/html/pc;
index index.html;
default_type text/html;
if ( $scheme = http ) {
return 500 "service error";
echo "if-----> $scheme";
}
if ( $scheme = https ) {
echo "if---> $scheme";
}
}
}
[root@rocky8 conf.d]# nginx -s reload
http跳转到https
## 方法1
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
charset utf8;
server_name www.wang.org;
return 302 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name www.wang.org;
charset utf8;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
location / {
root /data/nginx/html/pc;
}
}
[root@rocky8 conf.d]# nginx -s reload
==========================================================
#方法2
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
if ( $scheme = http ) {
return https://www.wang.org/;
}
}
[root@rocky8 conf.d]# nginx -s reload
6、rewrite 指令
# break
[root@rocky8 conf.d]# echo test1 > /data/nginx/html/pc/test1.html
[root@rocky8 conf.d]# echo test2 > /data/nginx/html/pc/test2.html
[root@rocky8 conf.d]# echo test4 > /data/nginx/html/pc/test4.html
[root@rocky8 conf.d]# echo test3 > /data/nginx/html/pc/test3.html
[root@rocky8 conf.d]# echo testa > /data/nginx/html/pc/testa.html
[root@rocky8 conf.d]# echo testb > /data/nginx/html/pc/testb.html
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
if ( $scheme = http ) {
return https://www.wang.org/;
}
location /test {
rewrite /test1.html /test2.html break;
rewrite /test2.html /test3.html;
}
location /test2.html {
rewrite /test2.html /testa.html;
}
location /test3.html {
rewrite /test3.html /testb.html;
}
}
[root@rocky8 conf.d]# nginx -s reload
# last
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
if ( $scheme = http ) {
return https://www.wang.org/;
}
location /test {
rewrite /test1.html /test2.html last;
rewrite /test2.html /test3.html;
}
location /test2.html {
rewrite /test2.html /testa.html;
}
location /test3.html {
rewrite /test3.html /testb.html;
}
}
[root@rocky8 conf.d]# nginx -s reload
# permanent 永久跳转
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
if ( $scheme = http ) {
return https://www.wang.org/;
}
location /test {
rewrite /test1.html /test2.html last;
rewrite /test2.html /test3.html;
}
location /test2.html {
rewrite /test2.html /testa.html;
}
location /test3.html {
rewrite /test3.html /testb.html;
}
location /permanent {
rewrite /permanent https://blog.51cto.com/dayu permanent; #访问/permanent永久跳转至https://blog.51cto.com/dayu
}
}
[root@rocky8 conf.d]# nginx -s reload
# redirect
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
if ( $scheme = http ) {
return https://www.wang.org/;
}
location /test {
rewrite /test1.html /test2.html last;
rewrite /test2.html /test3.html;
}
location /test2.html {
rewrite /test2.html /testa.html;
}
location /test3.html {
rewrite /test3.html /testb.html;
}
location /redirect {
rewrite /redirect https://blog.51cto.com/dayu redirect; #访问/permanent临时跳转至https://blog.51cto.com/dayu
}
}
[root@rocky8 conf.d]# nginx -s reload
自动跳转 https
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
charset utf8;
server_name www.wang.org;
root /data/nginx/html/pc;
return 302 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
location / {
root /data/nginx/html/pc;
}
}
[root@rocky8 conf.d]# nginx -s reload
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
location / { #针对全站跳转
root /data/nginx/html/pc;
index index.html;
if ( $scheme = http ) { #如果没有加条件判断,会导致死循环
rewrite ^/(.*) https://$host/$1 redirect;
}
location /login { #针对特定的URL进行跳转https
if ( $scheme = http ) { #如果没有加条件判断,会导致死循环
rewrite / https://$host/login redirect;
}
}
}
[root@rocky8 conf.d]# mkdir /data/nginx/html/pc/login
[root@rocky8 conf.d]# echo /data/nginx/html/pc/login > /data/nginx/html/pc/login/index.html
[root@rocky8 conf.d]# nginx -s reload
当用户访问到公司网站的时输入了一个错误的URL,可以将用户重定向至官网首页
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
location / {
root /data/nginx/html/pc;
index index.html;
if ( !-e $request_filename ) {
rewrite .* https://www.wang.org/index.html; #实现客户端浏览器的302跳转
}
}
[root@rocky8 conf.d]# nginx -s reload
指定客户端类型跳转新的域名
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
if ( $http_user_agent ~* "android|iphone|ipad" ) { #判断客户端浏览器类型如果是android或者iphone或者ipad就执行下边指令
rewrite ^/(.*) http://m.wang.org/$1 redirect;
}
[root@rocky8 conf.d]# nginx -s reload
网站维护跳转
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
set $ip 0; #在server层下设定ip变量值为0
if ( $remote_addr = 10.0.0.101 ) {
set $ip 1; #如果来源IP是10.0.0.101则设定变量为ip变量为1。
}
if ( $ip = 0 ) { #如果来源IP不是10.0.0.101则跳转maintain.html这个页面,否则不做任何处理
rewrite ^/(.*)$ /maintain.html break;
}
}
[root@rocky8 conf.d]# echo maintain > /data/nginx/html/pc/maintain.html
[root@rocky8 conf.d]# nginx -s reload
7、防盗链
实现盗链
#实现盗链
## 被盗网站设置
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main; #开启被盗网站的日志功能,main是主配置文件日志名称;
location /images {
root /data/nginx/html/pc;
}
}
[root@rocky8 conf.d]# nginx -s reload
===================================================
## 盗链服务器设置
server {
listen 80;
# listen 443 ssl http2; #如果开启https功能,被盗网站日志无法记录referer
charset utf8;
server_name www.da.org;
root /data/nginx/html/da;
# ssl_certificate /apps/nginx/cert/www.wang.org.pem;
# ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
access_log /apps/nginx/logs/www.da.org_access.log main;
# if ( $scheme = http ) {
# rewrite ^/(.*) https://$server_name$request_uri;
# }
}
[root@rocky8 conf.d]# nginx -s reload
## 浏览器测试:注意:最好选用火狐,edge浏览器最新版默认会检测到盗链而阻止
实现防盗链
#实现防盗链
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location /images {
root /data/nginx/html/pc;
valid_referers none blocked server names *.wang.org ~\.baidu\. ; # 有效referer包含的域名
if ( $invalid_referer ) { #无效referer转到403
return 403;
}
}
[root@rocky8 conf.d]# nginx -s reload
8、反向代理单台 web 服务器
# nginx代理服务器:
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location / {
proxy_pass http://www.yu.org; #访问本机域名转至www.yu.org
}
}
[root@rocky8 conf.d]# vim /etc/hosts #添加www.yu.org解析
10.0.0.101 www.yu.org
[root@rocky8 conf.d]# nginx -s reload
=========================================================
#nginx服务器:
[root@ubuntu2004 ~]#vim /etc/nginx/conf.d/www.yu.org.conf
server {
listen 80;
server_name www.yu.org;
root /data/nginx/html/yu;
}
[root@ubuntu2004 ~]#mkdir /data/nginx/html/yu -p
[root@ubuntu2004 ~]#echo /data/nginx/html/yu > /data/nginx/html/yu/index.html
[root@ubuntu2004 ~]#nginx -s reload
#客户端访问www.wang.org测试
# 反向代理服务器:(要关闭proxy_set_header功能,不然多个网站,只会一直访问一个网站)
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location / {
proxy_pass http://www.b.org;
# proxy_set_header Host $http_host;
#proxy_connect_timeout 10s;
}
[root@rocky8 conf.d]# vim /etc/hosts
10.0.0.18 www.a.org www.b.org
[root@rocky8 conf.d]# nginx -s reload
# nginx服务器
[root@rocky8 ~]# vim /etc/nginx/conf.d/www.a.org.conf
server {
listen 80;
server_name www.a.org;
root /data/nginx/a;
}
server {
listen 80;
server_name www.b.org;
root /data/nginx/b;
}
[root@rocky8 ~]# systemctl restart nginx.service
# 客户端测试
[root@ubuntu2004 ~]#curl www.wang.org
www.b.org
9、指定 location 实现反向代理
# 反向代理:
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location /static {
proxy_pass http://www.b.org; #如果访问www.wang.org/static转到www.b.org/static
}
}
[root@rocky8 conf.d]# nginx -s reload
===================
# nignx服务器
[root@rocky8 ~]# vim /etc/nginx/conf.d/www.a.org.conf
server {
listen 80;
server_name www.a.org;
root /data/nginx/a;
}
server {
listen 80;
server_name www.b.org;
root /data/nginx/b;
}
[root@rocky8 ~]# systemctl restart nginx.service
[root@rocky8 ~]# mkdir /data/nginx/b/static
[root@rocky8 ~]# echo /data/nginx/b/static > /data/nginx/b/static/index.html
# 客户端测试
10、针对特定的资源实现代理
# 动静分离
# 代理服务器:
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location /api {
proxy_pass http://10.0.0.18:8080/hello; 访问www.wang.org转至10.0.0.18:8080/hello(hello是go语言web_demo生成的一个页面)
proxy_set_header Host $http_host;
}
}
[root@rocky8 conf.d]# nginx -s reload
# nginx服务器
[root@rocky8 ~]# chmod +x web_demo
[root@rocky8 ~]# ./web_demo
# 客户端测试
11、开启代理服务器缓存功能(加速客户端访问)
#代理服务器:
[root@rocky8 conf.d]# vim /apps/nginx/conf/nginx.conf #主配置定义proxy_cache_path 缓存路径
proxy_cache_path /data/nginx/proxycache levels=1:2:2 keys_zone=proxycache:20m inactive=120s max_size=1g;
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location /static {
proxy_pass http://www.b.org; #www.b.org(nginx服务器)下边要有static
proxy_cache proxycache;
proxy_cache_key $request_uri;
proxy_cache_valid 200 302 301 10m;
proxy_cache_valid any 5m;
}
}
# 客户端测试:
[root@ubuntu2004 ~]#curl http://www.wang.org/static -L
/data/nginx/b/static
[root@ubuntu2004 ~]#ab -n 2000 -c 200 http://www.wang.org/static
# 代理服务器查看缓存目录
12、添加响应报文头部信息
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location /static {
proxy_pass http://www.b.org;
proxy_cache proxycache;
proxy_cache_key $request_uri;
proxy_cache_valid 200 302 301 10m;
proxy_cache_valid any 5m;
add_header X-Via $server_addr; #当前nginx主机的IP
add_header X-Cache $upstream_cache_status; #缓存HIT,不是缓存MISS
add_header X-Accel $server_name; #客户访问的FQDN
}
[root@rocky8 conf.d]# nginx -s reload
#客户端验证:
13、实现反向代理客户端 IP 透传
一级代理实现客户端IP透传
# 代理服务器(10.0.0.8):
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location / {
proxy_pass http://10.0.0.18;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #添加客户端IP和反向代理服务器IP到请求报文头部
}
}
[root@rocky8 conf.d]# nginx -s reload
# Web Server(10.0.0.18) Apache:
[root@rocky8 ~]# yum install -y httpd
[root@rocky8 ~]# vim /etc/httpd/conf/httpd.conf
#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined #注释原有行,添加新行如下:
LogFormat "%{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
[root@rocky8 ~]# systemctl restart httpd
多级代理实现客户端 IP 透传
# 第一台porxy(10.0.0.8):
[root@rocky8 conf.d]# vim /apps/nginx/conf/nginx.conf #开启日志格式,记录x_forwarded_for
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
include /apps/nginx/conf/conf.d/*.conf;
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location / {
proxy_pass http://10.0.0.28;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #开启日志格式,记录x_forwarded_for
}
}
[root@rocky8 conf.d]# nginx -s reload
======================================
# 第二台porxy(10.0.0.28):
[root@rocky8 nginx]# vim /apps/nginx/conf/nginx.conf
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
server {
........
location / {
proxy_pass http://10.0.0.18;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
......
}
# 10.0.0.18的apache和一级IP透传日志设置一样
# 客户端测试
14、使用 Nginx 反向代理功能解决跨域问题案例
# web服务器启动动态测试服务页面(10.0.0.18)
[root@rocky8 ~]# ./web_demo 默认开启一个hello页面8080端口
===========================
#反向代理服务器(10.0.0.8)
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location /hello { #设置访问hello转至www.dayu.org:8080
proxy_pass http://www.dayu.org:8080; #这里如果写域名的话需要解析,如果写IP地址就不需要
}
}
[root@rocky8 conf.d]# vim /etc/hosts #加上解析至www.dayu.org
10.0.0.18 www.dayu.org
[root@rocky8 conf.d]# vim /data/nginx/html/pc/cors.html #编辑需要有跨域资源的页面
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Cross-origin resource sharing</title>
</head>
<body>
<script src="https://code.jquery.com/jquery-2.2.4.min.js"></script>
<script>
$.ajax({
url:'http://www.wang.org/hello', #指向自己
type:'get',
data:{},
success:function(res){
//res = JSON.parse(res);
console.log('请求成功',res)
},
error:function(er){
console.log('请求错误')
}
})
</script>
</body>
</html>
[root@rocky8 conf.d]# nginx -s reload
#客户端测试
Nginx实用配置-2的更多相关文章
- Nginx 实用配置
1 防盗链 相关配置: valid_referers location ~* \.(gif|jpg|png)$ { # 只允许 192.168.0.1 请求资源 valid_referers none ...
- nginx实用配置用例
vue项目部署及后台api访问 nginx.conf # vue本地项目配置 ... server { listen 8000; server_name localhost; root /.../di ...
- 在nginx中配置如何防止直接用ip访问服务器web server及server_name特性讲解
看了很多nginx的配置,好像都忽略了ip直接访问web的问题,不利于SEO优化,所以我们希望可以避免直接用IP访问网站,而是域名访问,具体怎么做呢,看下面. 官方文档中提供的方法: If you d ...
- 如何在Nginx下配置PHP程序环境
1.nginx与PHP的关系 首先来看nginx与php的关系, FastCGI的关系(而不是像apache那样安装成nginx的模块) FastCGI的意思是, 快速的通用网关接口:CGI Comm ...
- 从零开始学 Java - CentOS 下 Nginx + Tomcat 配置负载均衡
为什么现在有非常多的聪明人都在致力于互联网? 最近在读埃隆·马斯克传记,他说「我认为现在有非常多的聪明人都在致力于互联网」. 仔细一想,好像真的是这样的. 我问了自己一个问题:如果你不敲代码了,你能做 ...
- Nginx主配置参数详解,Nginx配置网站
1.Niginx主配置文件参数详解 a.上面博客说了在Linux中安装nginx.博文地址为:http://www.cnblogs.com/hanyinglong/p/5102141.html b.当 ...
- nginx + tomcat配置负载均衡
目标:Nginx做为HttpServer,连接多个tomcat应用实例,进行负载均衡. 注:本例程以一台机器为例子,即同一台机器上装一个nginx和2个Tomcat且安装了JDK1.7. 1.安装Ng ...
- spring4+websocket+nginx详细配置
实现的版本jdk1.7.0_25, tomcat7.0.47.0, Tengine/2.1.1 (nginx/1.6.2), servlet3.0, spring4.2.2 使用maven导入版本3. ...
- Nginx Location配置总结
Nginx Location配置总结 语法规则: location [=|~|~*|^~] /uri/ { - }= 开头表示精确匹配^~ 开头表示uri以某个常规字符串开头,理解为匹配 url路径即 ...
随机推荐
- 【python】pandas 索引操作
选择.修改数据(单层索引) 推荐使用.at..iat..loc..iloc 操作 句法 结果 备注 选择列 df[col] Series 基于列名(列的标签),返回Series 用标签选择行 df.l ...
- 被一位读者赶超,手摸手 Docker 部署 ELK Stack
被一位读者赶超,容器化部署 ELK Stack 你好,我是悟空. 被奇幻"催更" 最近有个读者,他叫"老王",外号"茴香豆泡酒",找我崔更 ...
- 第十三篇:axios网络通信
好了这事一个非常艰巨的任务 解释以下的全部代码 <template> <div class="hello"> <p style="colo ...
- ESP8266 NONOS SDK学习
一.概况 1.存储 ESP8266 带有 160 KB 的 RAM,其中 64 KB 为 iRAM,96 KB 为 dRAM.iRAM 进一步 分成两块:32 KB iRAM 块运行标有 IRAM_A ...
- Linux 定时器介绍
以下内容为本人的著作,如需要转载,请声明原文链接微信公众号「englyf」https://www.cnblogs.com/englyf/p/16651865.html 曾经常去沙县小吃,就为了蹭上一碗 ...
- RTSP播放器或RTMP播放器常用的Evnet事件回调设计
很多开发者在开发RTSP或RTMP播放器的时候,不晓得哪些event回调事件是有意义的,针对此,我们以大牛直播SDK(github)的Android平台RTSP/RTMP直播播放端为例,简单介绍下常用 ...
- 百度松果菁英班OJ【连载】
第十六周 2 的 n 次幂 高精度乘法 #include<bits/stdc++.h> using namespace std; vector<int> mul(vector& ...
- MySQL数据备份 mysqldump 详解
MySQL数据备份流程 1 打开cmd窗口 通过命令进行数据备份与恢复: 需要在Windows的命令行窗口中进行: l 开始菜单,在运行中输入cmd回车: l 或者win+R,然后输入cmd回车,即可 ...
- docker bridge 到 k8s pod 跨节点网络通信机制演进
- Jetbrains家的软件都可用的激活码-pycharm
网址:http://vrg123.com/ 步骤: 1,关注下方的公众号 2,点击菜单中的"激活密钥" 3,点击进入,获得网站密钥 4,在网站上输入网站密钥,点击获取,即可获取激活 ...