nginx反向代理配置文件
- nginx.conf
- proxy_default.conf
- vhost/*.conf
- upstream/*.conf
- cache/*.conf
nginx.conf 配置
user www;
worker_processes 2;
pid /var/run/nginx.pid;
worker_cpu_affinity auto;
worker_rlimit_nofile 65535;
events {
use epoll;
worker_connections 65535;
}
http {
include /usr/local/nginx/conf/autoconfig/proxy_default.conf;
include /usr/local/nginx/conf/autoconfig/vhost/*.conf;
include /usr/local/nginx/conf/autoconfig/upstream/*.conf;
include /usr/local/nginx/conf/autoconfig/cache/*.conf;
include /usr/local/nginx/conf/include/*.conf;
map $host $node_ip {
default "192.168.1.87";
}
server {
listen 80 default_server;
server_name _;
root html;
client_body_buffer_size 2m;
client_header_buffer_size 2m;
location / {
return 403;
}
location = /_.gif {
empty_gif;
}
}
server {
listen 443 ssl default_server;
server_name _;
ssl_certificate /usr/local/nginx/nginx.crt;
ssl_certificate_key /usr/local/nginx/nginx.key;
return 403;
}
}
proxy_default.conf 默认reverse proxy配置
include mime.types;
default_type "text/html";
charset utf-8;
log_format main ‘$time_local{G;}$remote_addr{G;}$http_host{G;}$request_uri{G;}$upstream_cache_status{G;}$status{G;}$upstream_addr{G;}$upstream_status{G;}$upstream_response_time{G;}$request_time{G;}$body_bytes_sent{G;}$request_length{G;}$content_length{G;}$sent_http_cache_control{G;}$sent_http_content_type{G;}$http_referer{G;}$http_x_forwarded_for{G;}$http_user_agent{G;}$node_ip{G;}$geoip2_data_country_code{G;}$geoip2_data_city_name{G;}$geoip2_data_province_isocode{G;}$server_port{G;}$server_protocol{G;}$request_method{G;}$scheme{G;}$ssl_protocol{G;}$remote_port{G;}$mobile_request{G;}$http_cookie{G;}$args‘;
log_format json ‘{"@timestamp":"$time_local",‘
‘"remote_addr":"$remote_addr",‘
‘"http_host":"$http_host",‘
‘"request_uri":"$request_uri",‘
‘"upstream_cache_status":"$upstream_cache_status",‘
‘"status":"$status",‘
‘"upstream_addr":"$upstream_addr",‘
‘"upstream_status":"$upstream_status",‘
‘"upstream_response_time":"$upstream_response_time",‘
‘"request_time":"$request_time",‘
‘"body_bytes_sent":"$body_bytes_sent",‘
‘"request_length":"$request_length",‘
‘"content_length":"$content_length",‘
‘"sent_http_cache_control":"$sent_http_cache_control",‘
‘"sent_http_content_type":"$sent_http_content_type",‘
‘"http_referer":"$http_referer",‘
‘"http_x_forwarded_for":"$http_x_forwarded_for",‘
‘"http_user_agent":"$http_user_agent",‘
‘"node_ip":"$node_ip",‘
‘"geoip2_data_country_code":"$geoip2_data_country_code",‘
‘"geoip2_data_city_name":"geoip2_data_city_name",‘
‘"geoip2_data_province_isocode":"$geoip2_data_province_isocode",‘
‘"server_port":"$server_port",‘
‘"server_protocol":"$server_protocol",‘
‘"request_method":"$request_method",‘
‘"scheme":"$scheme",‘
‘"ssl_protocol":"$ssl_protocol",‘
‘"remote_port":"$remote_port",‘
‘"mobile_request":"$mobile_request",‘
‘"http_cookie":"$http_cookie",‘
‘"args":"$args"}‘;
access_log logs/access.json.log json;
access_log logs/access.log main buffer=4k flush=10s;
open_log_file_cache max=1024 inactive=10s valid=10s min_uses=1;
server_tokens off;
ssl_session_cache shared:SSL:50m;
resolver 8.8.8.8 8.8.4.4 1.1.1.1 valid=600s ipv6=off;
resolver_timeout 30s;
etag on;
sendfile on;
send_timeout 3600s;
tcp_nopush on;
keepalive_timeout 3600;
keepalive_requests 360000;
server_names_hash_bucket_size 4096;
server_names_hash_max_size 4096;
client_header_buffer_size 128k;
large_client_header_buffers 32 128k;
client_max_body_size 300M;
client_header_timeout 36000;
connection_pool_size 4096;
proxy_connect_timeout 360000;
proxy_send_timeout 360000;
proxy_read_timeout 360000;
proxy_headers_hash_max_size 51200;
proxy_headers_hash_bucket_size 6400;
underscores_in_headers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers ‘ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:RSA-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:DHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:AES256-GCM-SHA384:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:RSA-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-GCM-SHA256:AES128-GCM-SHA256:PSK-AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:ECDHE-PSK-AES256-CBC-SHA384:ECDHE-PSK-AES256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:RSA-PSK-AES256-CBC-SHA384:DHE-PSK-AES256-CBC-SHA384:RSA-PSK-AES256-CBC-SHA:DHE-PSK-AES256-CBC-SHA:AES256-SHA:PSK-AES256-CBC-SHA384:PSK-AES256-CBC-SHA:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:RSA-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA:DHE-PSK-AES128-CBC-SHA:AES128-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA‘;
ssl_prefer_server_ciphers on;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets on;
fastcgi_connect_timeout 360000;
fastcgi_send_timeout 360000;
fastcgi_read_timeout 360000;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 128k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
gzip on;
gzip_min_length 1024;
gzip_buffers 16 8k;
gzip_comp_level 5;
gzip_types text/xml text/plain application/xml application/xhtml+xml image/svg+xml text/javascript application/x-javascript application/javascript application/json text/css application/font-woff;
gzip_vary on;
fastcgi_param COUNTRY_CODE $geoip2_data_country_code;
fastcgi_param COUNTRY_NAME $geoip2_data_country_name;
fastcgi_param CITY_NAME $geoip2_data_city_name;
geoip2 /usr/local/nginx/geoip/maxmind-city.mmdb {
$geoip2_data_country_code default=US source=$remote_addr country iso_code;
$geoip2_data_country_name country names en;
$geoip2_data_city_name default=London city names en;
$geoip2_data_province_name subdivisions 0 names en;
$geoip2_data_province_isocode subdivisions 0 iso_code;
}
client_body_buffer_size 512k;
tcp_nodelay on;
proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504 http_404;
proxy_next_upstream error timeout http_500 http_502 http_503 http_504;
proxy_ignore_headers X-Accel-Expires Expires Set-Cookie;
proxy_buffering on;
proxy_cache_lock on;
proxy_cache_revalidate on;
proxy_buffer_size 64k;
proxy_buffers 64 128k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
chunked_transfer_encoding on;
map $http_upgrade $connection_upgrade
{
default upgrade;
‘‘ close;
}
vhost 实例 配置
server
{
listen 80;
# if ( $scheme = ‘http‘ ){rewrite ^(.*)$ https://$host$1 permanent;}
listen 443 ssl http2;
ssl_certificate /usr/local/nginx/conf/autoconfig/ssl/img.baidu.com.crt;
ssl_certificate_key /usr/local/nginx/conf/autoconfig/ssl/img.baidu.com.key;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /usr/local/nginx/conf/autoconfig/ssl/img.baidu.com.crt;
server_name img.baidu.com;
access_log logs/img-access.json.log json;
access_log logs/img-access.log main;
client_body_temp_path /usr/local/nginx/temp/client_body_temp/img 1 2 3;
set $mobile_request ‘0‘;
if ($http_user_agent ~* ‘(Android|webOS|iPhone|iPod|BlackBerry)‘) { set $mobile_request ‘1‘;}
location /
{
include /usr/local/nginx/conf/autoconfig/proxy_default.conf;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_ignore_headers Cache-Control;proxy_no_cache 1;expires -1;
proxy_pass http://img;
break;
}
location ^~ /.well-known/acme-challenge/ {
alias /usr/local/nginx/challenges/;
}
location ~* ^.*\.(ggg)$
{
include /usr/local/nginx/conf/autoconfig/proxy_default.conf;
proxy_set_header Connection ‘‘;
proxy_hide_header Set-Cookie;
add_header X-Proxy-Cache ‘HIT‘;
root /usr/local/nginx/temp/proxy_store/img;
proxy_store on;
proxy_store_access user:rw group:rw all:rw;
proxy_temp_path /usr/local/nginx/temp/proxy_store/img;
if ( !-e $request_filename) {
proxy_pass http://img;
}
}
location ~* ^.*\.(gif|jpg|jpeg|png|bmp|swf|woff2|css|js|rar|zip|docx|tiff|csv|pptx|svg|midi|ppt|mid|fnt|svgz|ps|doc|eps|eot|tif|xlsx|woff|ejs|pdf|ico|class|webp|jar|pls|otf|xls|pict|ttf|opus|webm|mp3|ogg|zip|mp4|ipa|apk|wav|m4a)$
{
include /usr/local/nginx/conf/autoconfig/proxy_default.conf;
proxy_set_header Connection ‘‘;
proxy_hide_header Set-Cookie;
add_header X-Proxy-Cache ‘HIT‘;
proxy_cache img;
proxy_cache_key $uri$is_args$args;
proxy_cache_valid 404 10s;
proxy_ignore_headers Cache-Control; proxy_cache_valid 200 206 301 304 14d;
proxy_cache_valid 405 2m;
expires 14d;
if ( !-e $request_filename) {
proxy_pass http://img;
}
}
location = /_.gif {
empty_gif;
}
}
upsteam 实例配置
upstream img
{
check interval=20000 fall=5 rise=2 timeout=3000 default_down=false type=tcp;
dynamic_resolve fallback=stale fail_timeout=30s;
server origin.abc.com:80 max_fails=3 fail_timeout=0s;
server 192.168.1.30:80 max_fails=3 fail_timeout=0s backup;
server 192.168.1.31:80 max_fails=3 fail_timeout=0s backup;
server 192.168.1.30:80 max_fails=3 fail_timeout=0s backup;
server 192.168.1.31:80 max_fails=3 fail_timeout=0s backup;
server 192.168.1.30:80 max_fails=3 fail_timeout=0s backup;
server 192.168.1.31:80 max_fails=3 fail_timeout=0s backup;
keepalive 360000;
}
cache path 相关配置
proxy_cache_path /usr/local/nginx/temp/proxy_cache/img levels=1:2 keys_zone=img:15m inactive=7d max_size=1024M use_temp_path=off;
原文地址:https://www.cnblogs.com/faberbeta/p/nginx-install004.html
时间: 2024-08-30 03:30:24