Nginx的那些事

来自linux中国网wiki
Evan讨论 | 贡献2020年11月19日 (四) 02:18的版本 →‎ng js css img
跳到导航 跳到搜索

symbolic

有意思的 
  include /etc/nginx/conf.d/*.conf;
  include /etc/nginx/sites-enabled/*;




root@debian:/etc/nginx/sites-enabled# pwd
/etc/nginx/sites-enabled
root@debian:/etc/nginx/sites-enabled# file default 
default: symbolic link to /etc/nginx/sites-available/default

nginx conf

80 443 共存

 server
{

listen 80;
listen 443 ssl;
server_name www.iamle.com;
index index.html index.htm index.php;
root /home/wwwroot/www.iamle.com/;
#ssl on; 这里要注释掉
ssl_certificate /usr/local/nginx/conf/ssl/www_iamle_com.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl/www_iamle_com.key;

#以下配置省略

}

sns 线上

 cat www.cai.net.conf
upstream proxy_node_nuxt.net {
#fair;
#ip_hash;
#hash $clientRealIp;

#server 176.24.18.94:3333 weight=1 max_fails=2 fail_timeout=10s ;

#old 
#server 172.16.200.14:3333 weight=1 max_fails=2 fail_timeout=10s;
}

server  {
	listen 80;
	listen [::]:80;
	#listen 443 ssl http2;
	#listen [::]:443 ssl http2;    
 
    server_name www.cai.net cai.net;

#     return 301 https://www.cai.net$request_uri;
    rewrite ^(.*)$ https://$host$1 permanent;
}

server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;    
#    listen 443 ssl;
    server_name www.cai.net cai.net;

#    if ( $host = 'www.cai.net'  )  {
#        rewrite ^/(.*)$ https://www.cai.net/$1 permanent;
#    }
    if ( $host = 'cai.net'  )  {
        rewrite ^/(.*)$ https://www.cai.net/$1 permanent;
    }
   root /data/www/www.cai.net;


    index index.html index.htm;

    ssl_certificate /etc/nginx/ssl/cai.net.crt;
    ssl_certificate_key /etc/nginx/ssl/cai.net.key;

 #by evan
   # if ($scheme = http) {
   #        return 301 https://$server_name$request_uri;
   # } 
 #by evan

    location ~ /360_ssp_verify\.txt {
         root /var/www;
    }

    location /nginx_status {
            stub_status on;
            access_log off;
            allow 183.6.50.25;
            allow 39.104.176.12;
            allow 45.114.170.162;
            allow 127.0.0.1;
            deny all;
        }


    location /download/ {
         root /var/www;
    }

    location ^~ /.well-known/pki-validation/ {
        alias /var/www/pki-validation/;
        log_not_found off;
    }

   merge_slashes off;
   rewrite ^([^.]*?\/)\/+(.*)$ $1$2 permanent;

    location / {
	proxy_pass http://proxy_node_nuxt.net;
    }
##evan


  # 去html
    rewrite  ^/(.+)\.html       /$1 last;
   # rewrite  ^/info/$           /info/alerts/ last;

    error_log /var/log/nginx/www.cai.net.error.log;
    access_log /var/log/nginx/www.cai.net.access.log;
#    include /etc/nginx/sites-available/blockips.conf;
}

下载站

 cat  manage.88.com.conf 
server {
  listen 80;
  server_name manage.88.com;
  rewrite ^/(.*)$ https://manage.88.com:443/$1 permanent;
  access_log /data/wwwlogs/application-management_nginx.log combined;
  index index.php index.html;
  root /home/containers_data/nginx/wwwroot/application-management/public;
  
  #error_page 404 /404.html;
  #error_page 502 /502.html;
  #location ~ .*\.(wma|wmv|asf|mp3|mmf|zip|rar|jpg|gif|png|swf|flv|mp4)$ {
  #  valid_referers none blocked *.bidd.pro manage.88.com;
  #  if ($invalid_referer) {
  #      return 403;
  #  }
  #}

  location / {
    try_files $uri $uri/ /index.php$is_args$args;
  }

  location ~ \.php$ {
    root /var/www/application-management/public;
    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  }

  location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
    expires 30d;
    access_log off;
  }
  location ~ .*\.(js|css)?$ {
    expires 7d;
    access_log off;
  }
  location ~ /\.ht {
    deny all;
  }
}

server {
  listen 443 ssl;
  server_name manage.88.com;
#  ssl on;
  ssl_certificate      /usr/local/nginx/conf/ssl/STAR.88.com.crt;
  ssl_certificate_key  /usr/local/nginx/conf/ssl/STAR.88.com.key;
#  ssl_session_cache    shared:SSL:1m;
  ssl_session_timeout  5m;
  ssl_ciphers  HIGH:!aNULL:!MD5;
  ssl_prefer_server_ciphers  on;
 #       ssl_certificate /usr/local/nginx/conf/ssl/STAR.88.com.crt;
 #       ssl_certificate_key /usr/local/nginx/conf/ssl/STAR.88.com.key;
 #       ssl_session_timeout 5m;
 #       ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 #       ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
 #       ssl_prefer_server_ciphers on;
  access_log /data/wwwlogs/application-management_nginx.log combined;
  index index.php index.html;
  root /home/containers_data/nginx/wwwroot/application-management/public;

  #error_page 404 /404.html;
  #error_page 502 /502.html;
  #location ~ .*\.(wma|wmv|asf|mp3|mmf|zip|rar|jpg|gif|png|swf|flv|mp4)$ {
  #  valid_referers none blocked *.bidd.pro manage.88.com;
  #  if ($invalid_referer) {
  #      return 403;
  #  }
  #}

  location / {
    try_files $uri $uri/ /index.php$is_args$args;
  }

  location ~ \.php$ {
    root /var/www/application-management/public;
    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  }

  location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
    expires 30d;
    access_log off;
  }
  location ~ .*\.(js|css)?$ {
    expires 7d;
    access_log off;
  }
  location ~ /\.ht {
    deny all;
  }
}

troubleshooting

域名重复

f.d]# nginx  -t 
nginx: [warn] conflicting server name "testbot.hailu.pro" on 0.0.0.0:88, ignored
nginx: [warn] conflicting server name "testbot.hailu.pro" on 0.0.0.0:8443, ignored
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok


[root@10-8-2-235 conf.d]# head  -n 5  hellotestzuulintra.conf 
server {
	listen 88;
	listen [::]:88;
	server_name testbot.hailu.pro;
	return 301 https://$server_name:8443$request_uri;
[root@10-8-2-235 conf.d]# head  -n 5  testbot.hailu.pro.conf 
server {
	listen 88;
	#listen [::]:88;
	server_name testbot.hailu.pro;
	return 301 https://$server_name:8443$request_uri;

ng js css img

css文件 浏览器打开为下载的处理 如下 ,不过其实好像不处理也没事的 只是不太好而已
静态资源文件去掉头
content-type
还有expires
wwwstatic.cai.com.conf
cat wwwstatic.cai.com.conf
#server  {
#    listen 80;
#    server_name  wwwstatic.cai.com;
#    rewrite ^(.*)$ https://$host$1 permanent;
#}
#
server {
    listen 80;
    listen 443 ssl;
    server_name wwwstatic.cai.com;

    #root /var/www/www.cai.com;
    index index.html index.htm;

    ssl_certificate /etc/nginx/ssl/cai.crt;
    ssl_certificate_key /etc/nginx/ssl/cai.key;
        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;
        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

    location ~ .*\.(gif|jpg|jpeg|bmp|png|ico|js|css|svg|woff|ttf)$ {
        add_header 'Access-Control-Allow-Origin' '*';
        proxy_pass http://proxy_node_nuxt;
       # add_header Content-Disposition: 'attachment;';
       # expires      2d;
    }

    location / {
        root /usr/share/nginx/html;
        if ($request_filename ~* ^.*?.(htm|html)$){
           add_header Content-Disposition attachment;
        }
        index index.html index.htm;
    }

    location ~ /\.ht {
        deny all;
    }
   location /.well-known/acme-challenge/ {
        root /var/www/letsencrypt/;
        log_not_found off;
    }

    location @router {
        rewrite ^.*$ /index.html last;
    }

    error_log /var/log/nginx/wwwstatic.cai.com_error.log;
    access_log /var/log/nginx/wwwstatic.cai.com_access.log;
#    include /etc/nginx/sites-available/blockips.conf;
}

see alos

Nginx安装

|Nginx-安装与配置(1)

取自“http://wiki.linuxchina.net/index.php?title=Nginx的那些事&oldid=5155