Nginx常见应用场景及配置

Web服务器

HTTP:

1
2
3
4
5
6
7
8

server {
    listen 80;
    server_name _;
    location / {
        root /data/wwwroot;
        index index.html index.htm;
    }
}

HTTPS:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

server {
    listen 443 ssl;
    server_name _;
    ssl_certificate /path/to/certificate.crt;
    ssl_certificate_key /path/to/private-key.key;
    location / {
        root /data/wwwroot;
        index index.html index.htm;
    }
}

反向代理

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

server {
    listen 443 ssl;
    server_name _;
    ssl_certificate /path/to/certificate.crt;
    ssl_certificate_key /path/to/private-key.key;
    location / {
        proxy_pass http://10.8.1.100;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

负载均衡

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16

upstream webservers {
    ip_hash; # 会话保持
    server 10.8.1.100:8080;
    server 10.8.1.101:8080;
}
server {
    listen 443 ssl;
    server_name _;
    ssl_certificate /path/to/certificate.crt;
    ssl_certificate_key /path/to/private-key.key;
    location / {
        proxy_pass http://webservers;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

重写向

老域名跳转到新域名

1
2
3
4
5
6
7
8
9

server {
    listen 443 ssl;
    server_name old.xxx.com;
    ssl_certificate /path/to/certificate.crt;
    ssl_certificate_key /path/to/private-key.key;
    location / {
        rewrite ^/(.*)$ https://new.xxx.com/$1;
    }
}

路径重定向

1
2
3
4
5
6
7
8
9

server {
    listen 443 ssl;
    server_name old.xxx.com;
    ssl_certificate /path/to/certificate.crt;
    ssl_certificate_key /path/to/private-key.key;
    location / {
        rewrite ^/old-path/(.*)$ /new-path/$1;
    }
}

防盗链

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12

server {
    listen 443 ssl;
    server_name old.xxx.com;
    ssl_certificate /path/to/certificate.crt;
    ssl_certificate_key /path/to/private-key.key;
    location ~* \.(gif|jpg|png)$ {
        valid_referers none blocked *.xxx.com;
        if ($invalid_referer) {
            return 403;
        }
    }
}

手机端重定向PC端

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

server {
    listen 443 ssl;
    server_name old.xxx.com;
    ssl_certificate /path/to/certificate.crt;
    ssl_certificate_key /path/to/private-key.key;
    location / {
        if ($http_user_agent ~* '(android|iphone|ipad)') {
            rewrite ^/(.*)$ https://m.xxx.com/$1;
        }
    }
}

基于请求路径转发不同服务

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21

server {
    listen 443 ssl;
    server_name _;
    ssl_certificate /path/to/certificate.crt;
    ssl_certificate_key /path/to/private-key.key;
    location / {
        proxy_pass http://10.8.1.100;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
    location /a/ {
        proxy_pass http://10.8.1.101;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
    location /b/ {
        proxy_pass http://10.8.1.102;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

参考