Nginx配置样例
静态站点
1、最简单的nginx静态
直接用端口访问
server {
listen 8123;
listen [::]:8123;
access_log /var/log/nginx/hexo_8123_access.log;
error_log /var/log/nginx/hexo_8123_error.log warn;
root /data/hexo;
index index.html;
location / {
try_files $uri $uri/ /index.html;
}
}
|
如果你是普通静态网站,不需要回退到首页,也可以写成:
location / {
try_files $uri $uri/ =404;
}
|
2、带域名的http的静态
HTTP
server {
listen 80;
listen [::]:80;
server_name blog.example.com;
access_log /var/log/nginx/blog_http_access.log;
error_log /var/log/nginx/blog_http_error.log warn;
root /data/hexo;
index index.html;
location / {
try_files $uri $uri/ /index.html;
}
}
|
3、带域名走https的静态
HTTPS
server {
listen 80;
listen [::]:80;
server_name blog.example.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name blog.example.com;
access_log /var/log/nginx/blog_https_access.log;
error_log /var/log/nginx/blog_https_error.log warn;
ssl_certificate /etc/nginx/ssl/blog.example.com.crt;
ssl_certificate_key /etc/nginx/ssl/blog.example.com.key;
root /data/hexo;
index index.html;
location / {
try_files $uri $uri/ /index.html;
}
}
|
4、带域名走https的静态但是屏蔽ip+端口了
server {
listen 80;
listen [::]:80;
server_name blog.example.com;
return 301 https://$host$request_uri;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
access_log off;
log_not_found off;
return 444;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name blog.example.com;
ssl_certificate /etc/nginx/ssl/blog.example.com.crt;
ssl_certificate_key /etc/nginx/ssl/blog.example.com.key;
access_log /var/log/nginx/blog_https_access.log;
error_log /var/log/nginx/blog_https_error.log warn;
root /data/hexo;
index index.html;
location / {
try_files $uri $uri/ /index.html;
}
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
server_name _;
ssl_reject_handshake on;
}
|
反向代理
1、最简单的端口到端口,http的话就把severname改为域名就ok了
server {
listen 80;
listen [::]:80;
server_name localhost;
access_log /var/log/nginx/api_http_access.log;
error_log /var/log/nginx/api_http_error.log warn;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
|
2、https的重定向和证书和ip+端口禁止
server {
listen 80;
listen [::]:80;
server_name api.example.com;
return 301 https://$host$request_uri;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 444;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name api.example.com;
access_log /var/log/nginx/api_https_access.log;
error_log /var/log/nginx/api_https_error.log warn;
ssl_certificate /etc/nginx/ssl/api.example.com.crt;
ssl_certificate_key /etc/nginx/ssl/api.example.com.key;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
server_name _;
ssl_reject_handshake on;
}
|
路径分发
一个子域名的不同路径代理服务,其他加证书和重定向什么的参考上面的
server {
listen 80;
listen [::]:80;
server_name web.dostorm.com;
access_log /var/log/nginx/web_router_access.log;
error_log /var/log/nginx/web_router_error.log warn;
location /v1/ {
proxy_pass http://127.0.0.1:8001/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /v2/ {
proxy_pass http://127.0.0.1:8002/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
|
多服务配置
多个反向代理写一个配置中
server {
listen 80;
listen [::]:80;
server_name blog.example.com;
access_log /var/log/nginx/blog_subdomain_access.log;
error_log /var/log/nginx/blog_subdomain_error.log warn;
location / {
proxy_pass http://127.0.0.1:8123;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 80;
listen [::]:80;
server_name api.example.com;
access_log /var/log/nginx/api_subdomain_access.log;
error_log /var/log/nginx/api_subdomain_error.log warn;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 80;
listen [::]:80;
server_name admin.example.com;
access_log /var/log/nginx/admin_subdomain_access.log;
error_log /var/log/nginx/admin_subdomain_error.log warn;
location / {
proxy_pass http://127.0.0.1:9000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
|