NGINX 配置清单
NGINX 配置清单
以下内容来自 SimulatedGREG/nginx-cheatsheet。
通用设置
端口 listen
server {
# standard HTTP protocol
listen 80;
# standard HTTPS protocol
listen 443 ssl;
# listen on 80 using IPv6
listen [::]:80;
# listen only on IPv6
listen [::]:80 ipv6only=on;
}
域名 server_name
server {
# Listen to yourdomain.com
server_name yourdomain.com;
# Listen to multiple domains
server_name yourdomain.com www.yourdomain.com;
# Listen to all sub-domains
server_name *.yourdomain.com;
# Listen to all top-level domains
server_name yourdomain.*;
# Listen to unspecified hostnames (listens to IP address itself)
server_name "";
}
访问日志 access_log
server {
# Relative or full path to log file
access_log /path/to/file.log;
# Turn 'on' or 'off'
access_log on;
}
gzip
, client_max_body_size
server {
# Turn gzip compression 'on' or 'off'
gzip on;
# Limit client body size to 10mb
client_max_body_size 10M;
}
响应文件
静态文件
server {
listen 80;
server_name yourdomain.com;
location / {
root /path/to/website;
}
}
支持前端路由
server {
listen 80;
server_name yourdomain.com;
root /path/to/website;
location / {
try_files $uri $uri/ /index.html;
}
}
重定向
301
永久重定向
用于比如 www.yourdomain.com
重定向到 yourdomain.com
或 将 http
重定向到 https
。
server {
listen 80;
server_name www.yourdomain.com;
return 301 http://yourdomain.com$request_uri;
}
302
临时重定向
server {
listen 80;
server_name yourdomain.com;
return 302 http://otherdomain.com;
}
重定向指定页面
server {
listen 80;
server_name yourdomain.com;
location /redirect-url {
return 301 http://otherdomain.com;
}
}
反向代理
基本
server {
listen 80;
server_name yourdomain.com;
location / {
proxy_pass http://0.0.0.0:3000;
# where 0.0.0.0:3000 is your Node.js Server bound on 0.0.0.0 listing on port 3000
}
}
进阶
upstream node_js {
server 0.0.0.0:3000;
# where 0.0.0.0:3000 is your Node.js Server bound on 0.0.0.0 listing on port 3000
}
server {
listen 80;
server_name yourdomain.com;
location / {
proxy_pass http://node_js;
}
}
socket 相关
upstream node_js {
server 0.0.0.0:3000;
}
server {
listen 80;
server_name yourdomain.com;
location / {
proxy_pass http://node_js;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
# not required but useful for applications with heavy WebSocket usage
# as it increases the default timeout configuration of 60
proxy_read_timeout 80;
}
}
TLS/SSL (HTTPS)
以下仅是简单 HTTPS 示例,并不是可用于生产环境的最优配置。
相关资源:
server {
listen 443 ssl;
server_name yourdomain.com;
ssl on;
ssl_certificate /path/to/cert.pem;
ssl_certificate_key /path/to/privkey.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /path/to/fullchain.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
add_header Strict-Transport-Security max-age=15768000;
}
# Permanent redirect for HTTP to HTTPS
server {
listen 80;
server_name yourdomain.com;
return 301 https://$host$request_uri;
}
大型应用
负载均衡
upstream node_js {
server 0.0.0.0:3000;
server 0.0.0.0:4000;
server 123.131.121.122;
}
server {
listen 80;
server_name yourdomain.com;
location / {
proxy_pass http://node_js;
}
}