常见的nginx配置¶

更新日期 2022-9-9

2022-9-9 增加说明
2022-8-5 增加例子
2022-7-26 增加例子
2022-7-19 更新文档
2022-7-11 创建文档

常见的nginx配置。查看版本，配置服务，负载均衡配置。收录一些常用的配置。配置ssl证书。

centos安装

yum install nginx

查看nginx的版本

nginx -v
nginx version: nginx/1.20.1

centos里，systemctl查看nginx的状态

systemctl status nginx

启动nginx

systemctl start nginx

配置文件一般在/etc/nginx目录下，文件名为 nginx.conf

log配置¶

在http标签里

log常见配置
    log_format json '{"time_local":"$time_local","remote_addr":"$remote_addr","remote_user":"$remote_user","http_host":"$http_host","body_bytes_sent":$body_bytes_sent,"request_time":$request_time,"status":"$status","request":"$request","request_method":"$request_method","uri":"$uri","query_string":"$query_string","http_referrer":"$http_referer","http_x_forwarded_for":"$http_x_forwarded_for","http_user_agent":"$http_user_agent","upstream_status":"$upstream_status","proxy_host":"$proxy_host","upstream_addr":"$upstream_addr","upstream_response_time":$upstream_response_time,"upstream_connect_time":$upstream_connect_time,"upstream_header_time":$upstream_header_time,"bytes_sent":$bytes_sent,"gzip_ratio":"$gzip_ratio","connection_requests":$connection_requests,"msec":$msec,"pipe":"$pipe","connection":$connection,"request_length":$request_length,"appkey":"$http_appkey","ts":"$http_ts","msgdgt":"$http_msgdgt","region":"$http_region","x-region-id":"$http_x_region_id"}';

    access_log /rustfisher/nginx/logs/access.log json;
    error_log /rustfisher/nginx/logs/error.log warn;

配置服务的例子¶

Ubuntu的nginx.conf里，有包含2个目录下的配置

http {
    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}

我们可以将配置新建在/etc/nginx/sites-enabled里

新建simple-chat

simple-chat
# simple chat 的 wss
# Created: 20220507
# Update: 20220510

map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}

upstream chatws {
    server 127.0.0.1:9010;
}

upstream signalws {
    server 127.0.0.1:9002;
}

server {
    listen 443;
    server_name antalkws.rustfisher.com;
    ssl on;
    ssl_certificate /home/ubuntu/server/ssl/antalk/antalkws.rustfisher.com_bundle.crt;
    ssl_certificate_key /home/ubuntu/server/ssl/antalk/antalkws.rustfisher.com.key;
    ssl_session_timeout 20m;
    ssl_verify_client off;
    location / {
        root /home/ubuntu/server/wiki-site/an-rf-wiki;
        index index.html index.htm;

        proxy_pass http://127.0.0.1:9010;
    }

    location /chat1 {
        proxy_pass http://chatws;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_read_timeout 300s;
    }

    location /chat2 {
        proxy_pass http://chatws;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_read_timeout 300s;
    }

    location /signal {
        proxy_pass http://chatws;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_read_timeout 300s;
    }
}

配置好后测试一下，然后重载即可

nginx -t
nginx -s reload

简单负载均衡的例子¶

例如我们有2个应用服务器，nginx将访问转发给这两台机器。假设他们的公网ip为

x.x.x.1
x.x.x.2

修改nginx的配置文件，在http标签里，或者另外的配置文件

upstream配置部分
upstream rustfisher_server {
    server x.x.x.1:8080 weight=2;
    server x.x.x.2:8080 weight=1;
}

server {
    listen       8084;
    server_name  rustfisher;
    proxy_http_version 1.1;
    proxy_set_header Connection "";

    location ~ / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_buffering off;
        proxy_pass http://rustfisher_server;
    }
}

NG机器监听8084端口，然后按照权重分配到1号和2号应用服务器上。

location ~ / 里面的 ~表示正则匹配，表示含有，如果没有~则表示完全匹配，这时候路径要完全相等才能匹配。

转发请求的配置¶

转发到另一个服务器上¶

访问1号服务器，把请求转发到另一个服务器上。

访问1号服务器的ip加端口10070，会转到2号机上

单独的配置
server {
    listen 10070;
    server_name x.x.x.1;
    proxy_http_version 1.1;
    proxy_set_header Connection "";

    location / {
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_buffering off;
            proxy_pass http://y.y.y.2:8986;
    }

    location /img {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_buffering off;
        proxy_pass http://y.y.y.2:8986/img;
    }
}

可以精确地匹配 /img

转发到本机另一个端口¶

转发端口1999到本机的2022上。

单独的配置
server {
    listen 1999;
    server_name  rustfisher-test;
    proxy_http_version 1.1;
    proxy_set_header Connection "";

    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_buffering off;
        proxy_pass http://127.0.0.1:2022;
    }
}

配置SSL¶

一种比较常用的配置方式

单独的配置
server {
    listen       443;
    server_name  good.rustfisher.com;
    proxy_http_version 1.1;
    proxy_set_header Connection "";

    ssl on;
    ssl_certificate "/root/rf/ssl/good.rustfisher.com_nginx/rf.pem";
    ssl_certificate_key "/root/rf/ssl/good.rustfisher.com_nginx/rf.key";
    ssl_verify_client off;
    ssl_session_timeout  10m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;   

    location / {
        root /root/rustfisher/web;
        index index.html index.htm;
    }
}

如果使用了ssl on，nginx会警告

警告

nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /etc/nginx/conf.d/anrfdev.conf:10

本站说明

一起在知识的海洋里呛水吧。广告内容与本站无关。如果喜欢本站内容，欢迎投喂作者，谢谢支持服务器。如有疑问和建议，欢迎在下方评论~

📖AndroidTutorial 📚AndroidTutorial 🙋反馈问题 🔥最近更新 🍪投喂作者

Ads