Nginx配置-2

1、升级Openssl
[root@rocky8 ~]#   nginx -V    #查看现在nginx的OpenSSL版本和编译情况
nginx version: nginx/1.22.0
built by gcc 8.5.0 20210514 (Red Hat 8.5.0-10) (GCC)
built with OpenSSL 1.1.1k FIPS 25 Mar 2021
TLS SNI support enabled
configure arguments: --prefix=/apps/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module [root@rocky8 ~]# tar xf openssl-3.0.5.tar.gz -C /usr/local
[root@rocky8 ~]# cd /usr/local/nginx-1.22.0/
[root@rocky8 nginx-1.22.0]# ./configure --prefix=/apps/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module --with-openssl=/usr/local/openssl-3.0.5
[root@rocky8 nginx-1.22.0]# make && make install
###提示以下错误:需要安装perl-IPC-Cmd包
Can't locate IPC/Cmd.pm in @INC (you may need to install the IPC::Cmd module)
[root@rocky8 nginx-1.22.0]# dnf install perl-IPC-Cmd
[root@rocky8 nginx-1.22.0]# make && make install #再次编译
2、if指令
[root@rocky8 conf.d]# vim  /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
charset utf8;
server_name www.wang.org;
root /data/nginx/html/pc;
location /if {
index index.html;
root /data/nginx/test;
default_type text/html;
echo "if----> $scheme";
if (!-e $request_filename) {
echo "$request_filename is not exist";
}
}
} [root@rocky8 conf.d]# mkdir /data/nginx/test/if -p
[root@rocky8 conf.d]# echo /data/nginx/test/if > /data/nginx/test/if/index.html
[root@rocky8 conf.d]# nginx -s reload ===========================================================
[root@rocky8 conf.d]# rm -f /data/nginx/test/if/index.html #删除后再测试
[root@rocky8 conf.d]# nginx -s reload

3、set指令
[root@rocky8 conf.d]# vim  /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
charset utf8;
server_name www.wang.org;
root /data/nginx/html/pc;
location /set {
root /data/nginx/html/pc;
index index.html;
default_type text/html;
set $name wang; #定义$name的值是wang
echo $name; #输出$name
set $my_port $server_port; #定义$my_port的值是$server_port的值
echo $my_port; }
} [root@rocky8 conf.d]# nginx -s reload

4、break指令
[root@rocky8 conf.d]# vim  /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
charset utf8;
server_name www.wang.org;
root /data/nginx/html/pc;
location /break {
root /data/nginx/html/pc;
index index.html;
default_type text/html;
set $name wang;
echo "break_before:name=$name";
break; #location块中break后面指令还会执行
set $my_port $server_port;
echo "break_after:my_port=$my_port";
echo "break_after:name=$name"; }
} [root@rocky8 conf.d]# nginx -s reload

5、return 指令
[root@rocky8 conf.d]# vim  /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
charset utf8;
server_name www.wang.org;
root /data/nginx/html/pc;
location / {
root /data/nginx/html/pc;
index index.html;
default_type text/html;
if ( $scheme = http ) {
return 500 "service error";
echo "if-----> $scheme";
}
if ( $scheme = https ) {
echo "if---> $scheme";
}
}
} [root@rocky8 conf.d]# nginx -s reload

http跳转到https
## 方法1
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
charset utf8;
server_name www.wang.org;
return 302 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name www.wang.org;
charset utf8;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
location / {
root /data/nginx/html/pc;
}
}
[root@rocky8 conf.d]# nginx -s reload
========================================================== #方法2
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
if ( $scheme = http ) {
return https://www.wang.org/;
}
}
[root@rocky8 conf.d]# nginx -s reload

6、rewrite 指令
# break
[root@rocky8 conf.d]# echo test1 > /data/nginx/html/pc/test1.html
[root@rocky8 conf.d]# echo test2 > /data/nginx/html/pc/test2.html
[root@rocky8 conf.d]# echo test4 > /data/nginx/html/pc/test4.html
[root@rocky8 conf.d]# echo test3 > /data/nginx/html/pc/test3.html
[root@rocky8 conf.d]# echo testa > /data/nginx/html/pc/testa.html
[root@rocky8 conf.d]# echo testb > /data/nginx/html/pc/testb.html
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
if ( $scheme = http ) {
return https://www.wang.org/;
}
location /test {
rewrite /test1.html /test2.html break;
rewrite /test2.html /test3.html;
}
location /test2.html {
rewrite /test2.html /testa.html;
}
location /test3.html {
rewrite /test3.html /testb.html;
}
} [root@rocky8 conf.d]# nginx -s reload

# last
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
if ( $scheme = http ) {
return https://www.wang.org/;
}
location /test {
rewrite /test1.html /test2.html last;
rewrite /test2.html /test3.html;
}
location /test2.html {
rewrite /test2.html /testa.html;
}
location /test3.html {
rewrite /test3.html /testb.html;
}
}
[root@rocky8 conf.d]# nginx -s reload

# permanent 永久跳转
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
if ( $scheme = http ) {
return https://www.wang.org/;
}
location /test {
rewrite /test1.html /test2.html last;
rewrite /test2.html /test3.html;
}
location /test2.html {
rewrite /test2.html /testa.html;
}
location /test3.html {
rewrite /test3.html /testb.html;
}
location /permanent {
rewrite /permanent https://blog.51cto.com/dayu permanent; #访问/permanent永久跳转至https://blog.51cto.com/dayu
}
}
[root@rocky8 conf.d]# nginx -s reload

# redirect
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
if ( $scheme = http ) {
return https://www.wang.org/;
}
location /test {
rewrite /test1.html /test2.html last;
rewrite /test2.html /test3.html;
}
location /test2.html {
rewrite /test2.html /testa.html;
}
location /test3.html {
rewrite /test3.html /testb.html;
}
location /redirect {
rewrite /redirect https://blog.51cto.com/dayu redirect; #访问/permanent临时跳转至https://blog.51cto.com/dayu
}
}
[root@rocky8 conf.d]# nginx -s reload

自动跳转 https
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
charset utf8;
server_name www.wang.org;
root /data/nginx/html/pc;
return 302 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
location / {
root /data/nginx/html/pc;
}
} [root@rocky8 conf.d]# nginx -s reload

[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
location / { #针对全站跳转
root /data/nginx/html/pc;
index index.html;
if ( $scheme = http ) { #如果没有加条件判断,会导致死循环
rewrite ^/(.*) https://$host/$1 redirect;
}
location /login { #针对特定的URL进行跳转https
if ( $scheme = http ) { #如果没有加条件判断,会导致死循环
rewrite / https://$host/login redirect;
}
}
}
[root@rocky8 conf.d]# mkdir /data/nginx/html/pc/login
[root@rocky8 conf.d]# echo /data/nginx/html/pc/login > /data/nginx/html/pc/login/index.html
[root@rocky8 conf.d]# nginx -s reload
当用户访问到公司网站的时输入了一个错误的URL,可以将用户重定向至官网首页
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
location / {
root /data/nginx/html/pc;
index index.html;
if ( !-e $request_filename ) {
rewrite .* https://www.wang.org/index.html; #实现客户端浏览器的302跳转
}
}
[root@rocky8 conf.d]# nginx -s reload

指定客户端类型跳转新的域名
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
if ( $http_user_agent ~* "android|iphone|ipad" ) { #判断客户端浏览器类型如果是android或者iphone或者ipad就执行下边指令
rewrite ^/(.*) http://m.wang.org/$1 redirect;
}
[root@rocky8 conf.d]# nginx -s reload

网站维护跳转
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
set $ip 0; #在server层下设定ip变量值为0
if ( $remote_addr = 10.0.0.101 ) {
set $ip 1; #如果来源IP是10.0.0.101则设定变量为ip变量为1。
}
if ( $ip = 0 ) { #如果来源IP不是10.0.0.101则跳转maintain.html这个页面,否则不做任何处理
rewrite ^/(.*)$ /maintain.html break;
}
}
[root@rocky8 conf.d]# echo maintain > /data/nginx/html/pc/maintain.html
[root@rocky8 conf.d]# nginx -s reload

7、防盗链
实现盗链
#实现盗链
## 被盗网站设置
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main; #开启被盗网站的日志功能,main是主配置文件日志名称;
location /images {
root /data/nginx/html/pc;
}
}
[root@rocky8 conf.d]# nginx -s reload
===================================================
## 盗链服务器设置
server {
listen 80;
# listen 443 ssl http2; #如果开启https功能,被盗网站日志无法记录referer
charset utf8;
server_name www.da.org;
root /data/nginx/html/da;
# ssl_certificate /apps/nginx/cert/www.wang.org.pem;
# ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
access_log /apps/nginx/logs/www.da.org_access.log main;
# if ( $scheme = http ) {
# rewrite ^/(.*) https://$server_name$request_uri;
# }
}
[root@rocky8 conf.d]# nginx -s reload
## 浏览器测试:注意:最好选用火狐,edge浏览器最新版默认会检测到盗链而阻止

实现防盗链
#实现防盗链
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location /images {
root /data/nginx/html/pc;
valid_referers none blocked server names *.wang.org ~\.baidu\. ; # 有效referer包含的域名
if ( $invalid_referer ) { #无效referer转到403
return 403;
}
}
[root@rocky8 conf.d]# nginx -s reload

8、反向代理单台 web 服务器
# nginx代理服务器:
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location / {
proxy_pass http://www.yu.org; #访问本机域名转至www.yu.org
}
}
[root@rocky8 conf.d]# vim /etc/hosts #添加www.yu.org解析
10.0.0.101 www.yu.org
[root@rocky8 conf.d]# nginx -s reload
=========================================================
#nginx服务器:
[root@ubuntu2004 ~]#vim /etc/nginx/conf.d/www.yu.org.conf
server {
listen 80;
server_name www.yu.org;
root /data/nginx/html/yu;
}
[root@ubuntu2004 ~]#mkdir /data/nginx/html/yu -p
[root@ubuntu2004 ~]#echo /data/nginx/html/yu > /data/nginx/html/yu/index.html
[root@ubuntu2004 ~]#nginx -s reload
#客户端访问www.wang.org测试

# 反向代理服务器:(要关闭proxy_set_header功能,不然多个网站,只会一直访问一个网站)
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location / {
proxy_pass http://www.b.org;
# proxy_set_header Host $http_host;
#proxy_connect_timeout 10s;
}
[root@rocky8 conf.d]# vim /etc/hosts
10.0.0.18 www.a.org www.b.org
[root@rocky8 conf.d]# nginx -s reload
# nginx服务器
[root@rocky8 ~]# vim /etc/nginx/conf.d/www.a.org.conf
server {
listen 80;
server_name www.a.org;
root /data/nginx/a;
}
server {
listen 80;
server_name www.b.org;
root /data/nginx/b;
}
[root@rocky8 ~]# systemctl restart nginx.service
# 客户端测试
[root@ubuntu2004 ~]#curl www.wang.org
www.b.org

9、指定 location 实现反向代理
# 反向代理:
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location /static {
proxy_pass http://www.b.org; #如果访问www.wang.org/static转到www.b.org/static
}
}
[root@rocky8 conf.d]# nginx -s reload
===================
# nignx服务器
[root@rocky8 ~]# vim /etc/nginx/conf.d/www.a.org.conf
server {
listen 80;
server_name www.a.org;
root /data/nginx/a;
}
server {
listen 80;
server_name www.b.org;
root /data/nginx/b;
}
[root@rocky8 ~]# systemctl restart nginx.service
[root@rocky8 ~]# mkdir /data/nginx/b/static
[root@rocky8 ~]# echo /data/nginx/b/static > /data/nginx/b/static/index.html
# 客户端测试

10、针对特定的资源实现代理
# 动静分离
# 代理服务器:
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location /api {
proxy_pass http://10.0.0.18:8080/hello; 访问www.wang.org转至10.0.0.18:8080/hello(hello是go语言web_demo生成的一个页面)
proxy_set_header Host $http_host;
}
}
[root@rocky8 conf.d]# nginx -s reload # nginx服务器
[root@rocky8 ~]# chmod +x web_demo
[root@rocky8 ~]# ./web_demo # 客户端测试

11、开启代理服务器缓存功能(加速客户端访问)
#代理服务器:
[root@rocky8 conf.d]# vim /apps/nginx/conf/nginx.conf #主配置定义proxy_cache_path 缓存路径
proxy_cache_path /data/nginx/proxycache levels=1:2:2 keys_zone=proxycache:20m inactive=120s max_size=1g; [root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location /static {
proxy_pass http://www.b.org; #www.b.org(nginx服务器)下边要有static
proxy_cache proxycache;
proxy_cache_key $request_uri;
proxy_cache_valid 200 302 301 10m;
proxy_cache_valid any 5m;
}
}
# 客户端测试:
[root@ubuntu2004 ~]#curl http://www.wang.org/static -L
/data/nginx/b/static
[root@ubuntu2004 ~]#ab -n 2000 -c 200 http://www.wang.org/static
# 代理服务器查看缓存目录

12、添加响应报文头部信息
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location /static {
proxy_pass http://www.b.org;
proxy_cache proxycache;
proxy_cache_key $request_uri;
proxy_cache_valid 200 302 301 10m;
proxy_cache_valid any 5m; add_header X-Via $server_addr; #当前nginx主机的IP
add_header X-Cache $upstream_cache_status; #缓存HIT,不是缓存MISS
add_header X-Accel $server_name; #客户访问的FQDN
} [root@rocky8 conf.d]# nginx -s reload
#客户端验证:

13、实现反向代理客户端 IP 透传
一级代理实现客户端IP透传

# 代理服务器(10.0.0.8):
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location / {
proxy_pass http://10.0.0.18;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #添加客户端IP和反向代理服务器IP到请求报文头部
}
} [root@rocky8 conf.d]# nginx -s reload # Web Server(10.0.0.18) Apache:
[root@rocky8 ~]# yum install -y httpd
[root@rocky8 ~]# vim /etc/httpd/conf/httpd.conf
#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined #注释原有行,添加新行如下:
LogFormat "%{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
[root@rocky8 ~]# systemctl restart httpd

多级代理实现客户端 IP 透传

# 第一台porxy(10.0.0.8):
[root@rocky8 conf.d]# vim /apps/nginx/conf/nginx.conf #开启日志格式,记录x_forwarded_for
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'; include /apps/nginx/conf/conf.d/*.conf;
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location / {
proxy_pass http://10.0.0.28;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #开启日志格式,记录x_forwarded_for
}
}
[root@rocky8 conf.d]# nginx -s reload
======================================
# 第二台porxy(10.0.0.28):
[root@rocky8 nginx]# vim /apps/nginx/conf/nginx.conf
http {
include mime.types;
default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'; server {
........
location / {
proxy_pass http://10.0.0.18;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
......
} # 10.0.0.18的apache和一级IP透传日志设置一样 # 客户端测试

14、使用 Nginx 反向代理功能解决跨域问题案例

# web服务器启动动态测试服务页面(10.0.0.18)
[root@rocky8 ~]# ./web_demo 默认开启一个hello页面8080端口 ===========================
#反向代理服务器(10.0.0.8)
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location /hello { #设置访问hello转至www.dayu.org:8080
proxy_pass http://www.dayu.org:8080; #这里如果写域名的话需要解析,如果写IP地址就不需要
}
}
[root@rocky8 conf.d]# vim /etc/hosts #加上解析至www.dayu.org
10.0.0.18 www.dayu.org
[root@rocky8 conf.d]# vim /data/nginx/html/pc/cors.html #编辑需要有跨域资源的页面
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Cross-origin resource sharing</title>
</head>
<body>
<script src="https://code.jquery.com/jquery-2.2.4.min.js"></script>
<script>
$.ajax({
url:'http://www.wang.org/hello', #指向自己
type:'get',
data:{},
success:function(res){
//res = JSON.parse(res);
console.log('请求成功',res)
},
error:function(er){
console.log('请求错误')
}
})
</script>
</body>
</html>
[root@rocky8 conf.d]# nginx -s reload
#客户端测试

Nginx实用配置-2的更多相关文章

  1. Nginx 实用配置

    1 防盗链 相关配置: valid_referers location ~* \.(gif|jpg|png)$ { # 只允许 192.168.0.1 请求资源 valid_referers none ...

  2. nginx实用配置用例

    vue项目部署及后台api访问 nginx.conf # vue本地项目配置 ... server { listen 8000; server_name localhost; root /.../di ...

  3. 在nginx中配置如何防止直接用ip访问服务器web server及server_name特性讲解

    看了很多nginx的配置,好像都忽略了ip直接访问web的问题,不利于SEO优化,所以我们希望可以避免直接用IP访问网站,而是域名访问,具体怎么做呢,看下面. 官方文档中提供的方法: If you d ...

  4. 如何在Nginx下配置PHP程序环境

    1.nginx与PHP的关系 首先来看nginx与php的关系, FastCGI的关系(而不是像apache那样安装成nginx的模块) FastCGI的意思是, 快速的通用网关接口:CGI Comm ...

  5. 从零开始学 Java - CentOS 下 Nginx + Tomcat 配置负载均衡

    为什么现在有非常多的聪明人都在致力于互联网? 最近在读埃隆·马斯克传记,他说「我认为现在有非常多的聪明人都在致力于互联网」. 仔细一想,好像真的是这样的. 我问了自己一个问题:如果你不敲代码了,你能做 ...

  6. Nginx主配置参数详解,Nginx配置网站

    1.Niginx主配置文件参数详解 a.上面博客说了在Linux中安装nginx.博文地址为:http://www.cnblogs.com/hanyinglong/p/5102141.html b.当 ...

  7. nginx + tomcat配置负载均衡

    目标:Nginx做为HttpServer,连接多个tomcat应用实例,进行负载均衡. 注:本例程以一台机器为例子,即同一台机器上装一个nginx和2个Tomcat且安装了JDK1.7. 1.安装Ng ...

  8. spring4+websocket+nginx详细配置

    实现的版本jdk1.7.0_25, tomcat7.0.47.0, Tengine/2.1.1 (nginx/1.6.2), servlet3.0, spring4.2.2 使用maven导入版本3. ...

  9. Nginx Location配置总结

    Nginx Location配置总结 语法规则: location [=|~|~*|^~] /uri/ { - }= 开头表示精确匹配^~ 开头表示uri以某个常规字符串开头,理解为匹配 url路径即 ...

随机推荐

  1. linux centos7开启防火墙端口

    firewall-cmd --zone=public --add-port=3306/tcp --permanent firewall-cmd --reload

  2. [CTSC2007]数据备份Backup (贪心)

    题面 Description 你在一家 IT 公司为大型写字楼或办公楼(offices)的计算机数据做备份.然而数据备份的工作是枯燥乏味的,因此你想设计一个系统让不同的办公楼彼此之间互相备份,而你则坐 ...

  3. 定时器控制单只LED灯

    点击查看代码 #include <reg51.h> #define uchar unsigned char #define uint unsigned int sbit LED=P0^0; ...

  4. 3-14 Python处理XML文件

    xml文件处理 什么是xml文件? xml即可扩展标记语言,它可以用来标记数据.定义数据类型,是一种允许用户对自己的标记语言进行定义的源语言. 从结构上,很像HTML超文本标记语言.但他们被设计的目的 ...

  5. CF-1684C - Column Swapping

    Problem - 1684C - Codeforces 题意: 现在有一个n*m的棋盘,每个棋子有一个值,你可以交换两列棋盘的棋子位置,使得每一行的棋子从左到右为非递减. 题解: 只需要判断一行不满 ...

  6. LIKE与等式查询比较

    我们知道 char 是定长类型的数据,如果数据长度小于定义的长度,会在字符串尾部加上空格.而对于空格的处理,对于等式匹配,或length等,会忽略空格.而对于like 或模式匹配,空格不能忽略. 一. ...

  7. The 19th Zhejiang Provincial Collegiate Programming Contest

    目录 A.JB Loves Math B.JB Loves Comma C. JB Wants to Earn Big Money G. Easy Glide I. Barbecue L. Candy ...

  8. Java SE 2、抽象类

    抽象类 用abstract关键字来修饰一个类时,这个类就是抽象类 ​ 访问修饰符 abstract 类名 { ​ } 用abstract关键字来修饰一个方法时,这个方法就是抽象方法 ​ 访问修饰符 a ...

  9. 谷歌MapReduce经典论文翻译(中英对照)

    MapReduce: Simplified Data Processing on Large Clusters(MapReduce: 简化大型集群下的数据处理) 作者:Jeffrey Dean and ...

  10. Ubuntu 系统服务器初始化配置、安全加固、内核优化和常用软件安装的Shell脚本分享

    转载自:https://www.bilibili.com/read/cv13875402?spm_id_from=333.999.0.0 描述: 适用于企业内部 Ubuntu 操作服务器初始化.系统安 ...