symbolic
有意思的
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
root@debian:/etc/nginx/sites-enabled# pwd
/etc/nginx/sites-enabled
root@debian:/etc/nginx/sites-enabled# file default
default: symbolic link to /etc/nginx/sites-available/default
nginx conf
80 443 共存
server
{
listen 80;
listen 443 ssl;
server_name www.iamle.com;
index index.html index.htm index.php;
root /home/wwwroot/www.iamle.com/;
#ssl on; 这里要注释掉
ssl_certificate /usr/local/nginx/conf/ssl/www_iamle_com.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl/www_iamle_com.key;
#以下配置省略
}
sns 线上
cat www.cai.net.conf
upstream proxy_node_nuxt.net {
#fair;
#ip_hash;
#hash $clientRealIp;
#server 176.24.18.94:3333 weight=1 max_fails=2 fail_timeout=10s ;
#old
#server 172.16.200.14:3333 weight=1 max_fails=2 fail_timeout=10s;
}
server {
listen 80;
listen [::]:80;
#listen 443 ssl http2;
#listen [::]:443 ssl http2;
server_name www.cai.net cai.net;
# return 301 https://www.cai.net$request_uri;
rewrite ^(.*)$ https://$host$1 permanent;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
# listen 443 ssl;
server_name www.cai.net cai.net;
# if ( $host = 'www.cai.net' ) {
# rewrite ^/(.*)$ https://www.cai.net/$1 permanent;
# }
if ( $host = 'cai.net' ) {
rewrite ^/(.*)$ https://www.cai.net/$1 permanent;
}
root /data/www/www.cai.net;
index index.html index.htm;
ssl_certificate /etc/nginx/ssl/cai.net.crt;
ssl_certificate_key /etc/nginx/ssl/cai.net.key;
#by evan
# if ($scheme = http) {
# return 301 https://$server_name$request_uri;
# }
#by evan
location ~ /360_ssp_verify\.txt {
root /var/www;
}
location /nginx_status {
stub_status on;
access_log off;
allow 183.6.50.25;
allow 39.104.176.12;
allow 45.114.170.162;
allow 127.0.0.1;
deny all;
}
location /download/ {
root /var/www;
}
location ^~ /.well-known/pki-validation/ {
alias /var/www/pki-validation/;
log_not_found off;
}
merge_slashes off;
rewrite ^([^.]*?\/)\/+(.*)$ $1$2 permanent;
location / {
proxy_pass http://proxy_node_nuxt.net;
}
##evan
# 去html
rewrite ^/(.+)\.html /$1 last;
# rewrite ^/info/$ /info/alerts/ last;
error_log /var/log/nginx/www.cai.net.error.log;
access_log /var/log/nginx/www.cai.net.access.log;
# include /etc/nginx/sites-available/blockips.conf;
}
下载站
cat manage.88.com.conf
server {
listen 80;
server_name manage.88.com;
rewrite ^/(.*)$ https://manage.88.com:443/$1 permanent;
access_log /data/wwwlogs/application-management_nginx.log combined;
index index.php index.html;
root /home/containers_data/nginx/wwwroot/application-management/public;
#error_page 404 /404.html;
#error_page 502 /502.html;
#location ~ .*\.(wma|wmv|asf|mp3|mmf|zip|rar|jpg|gif|png|swf|flv|mp4)$ {
# valid_referers none blocked *.bidd.pro manage.88.com;
# if ($invalid_referer) {
# return 403;
# }
#}
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
root /var/www/application-management/public;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
expires 30d;
access_log off;
}
location ~ .*\.(js|css)?$ {
expires 7d;
access_log off;
}
location ~ /\.ht {
deny all;
}
}
server {
listen 443 ssl;
server_name manage.88.com;
# ssl on;
ssl_certificate /usr/local/nginx/conf/ssl/STAR.88.com.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl/STAR.88.com.key;
# ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# ssl_certificate /usr/local/nginx/conf/ssl/STAR.88.com.crt;
# ssl_certificate_key /usr/local/nginx/conf/ssl/STAR.88.com.key;
# ssl_session_timeout 5m;
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
# ssl_prefer_server_ciphers on;
access_log /data/wwwlogs/application-management_nginx.log combined;
index index.php index.html;
root /home/containers_data/nginx/wwwroot/application-management/public;
#error_page 404 /404.html;
#error_page 502 /502.html;
#location ~ .*\.(wma|wmv|asf|mp3|mmf|zip|rar|jpg|gif|png|swf|flv|mp4)$ {
# valid_referers none blocked *.bidd.pro manage.88.com;
# if ($invalid_referer) {
# return 403;
# }
#}
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
root /var/www/application-management/public;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
expires 30d;
access_log off;
}
location ~ .*\.(js|css)?$ {
expires 7d;
access_log off;
}
location ~ /\.ht {
deny all;
}
}
troubleshooting
域名重复
f.d]# nginx -t
nginx: [warn] conflicting server name "testbot.hailu.pro" on 0.0.0.0:88, ignored
nginx: [warn] conflicting server name "testbot.hailu.pro" on 0.0.0.0:8443, ignored
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
[root@10-8-2-235 conf.d]# head -n 5 hellotestzuulintra.conf
server {
listen 88;
listen [::]:88;
server_name testbot.hailu.pro;
return 301 https://$server_name:8443$request_uri;
[root@10-8-2-235 conf.d]# head -n 5 testbot.hailu.pro.conf
server {
listen 88;
#listen [::]:88;
server_name testbot.hailu.pro;
return 301 https://$server_name:8443$request_uri;
ng js css img
css文件 浏览器打开为下载的处理 如下 ,不过其实好像不处理也没事的 只是不太好而已
静态资源文件去掉头
content-type
还有expires
wwwstatic.cai.com.conf
cat wwwstatic.cai.com.conf
#server {
# listen 80;
# server_name wwwstatic.cai.com;
# rewrite ^(.*)$ https://$host$1 permanent;
#}
#
server {
listen 80;
listen 443 ssl;
server_name wwwstatic.cai.com;
#root /var/www/www.cai.com;
index index.html index.htm;
ssl_certificate /etc/nginx/ssl/cai.crt;
ssl_certificate_key /etc/nginx/ssl/cai.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location ~ .*\.(gif|jpg|jpeg|bmp|png|ico|js|css|svg|woff|ttf)$ {
add_header 'Access-Control-Allow-Origin' '*';
proxy_pass http://proxy_node_nuxt;
# add_header Content-Disposition: 'attachment;';
# Content-Disposition 属性是作为对下载文件的一个标识字段,Content-Disposition属性有两种类型:inline 和 attachment 。
# inline :将文件内容直接显示在页面;attachment:弹出对话框让用户下载。下面上代码:
# expires 2d;
}
location / {
root /usr/share/nginx/html;
if ($request_filename ~* ^.*?.(htm|html)$){
add_header Content-Disposition attachment;
}
index index.html index.htm;
}
location ~ /\.ht {
deny all;
}
location /.well-known/acme-challenge/ {
root /var/www/letsencrypt/;
log_not_found off;
}
location @router {
rewrite ^.*$ /index.html last;
}
error_log /var/log/nginx/wwwstatic.cai.com_error.log;
access_log /var/log/nginx/wwwstatic.cai.com_access.log;
# include /etc/nginx/sites-available/blockips.conf;
}
see alos
Nginx安装
|Nginx-安装与配置(1)
http之Content-Disposition 属性
js无法获取响应header的Content-Disposition字段(2020)
nginx实现动态分离,解决css和js等图片加载问题