Nginx中间件配置
概要
- 用于Linux服务器,Nginx中间件搭建。
相关内容
- 配置涵盖域名配置,TLS配置,及配置安全的加密算法,处理跨域问题,请求头问题等
技术细节
nginx.conf 配置文件
powershell
user root;
worker_processes 2;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 10000;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
server_tokens off;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 64k;
client_max_body_size 50m;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 80;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 256k;
proxy_buffer_size 64k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
upstream business_server {
#ip_hash;
server localhost:8080 weight=10 max_conns=10000 max_fails=3 fail_timeout=15;
server localhost:8081 weight=10 max_conns=10000 max_fails=3 fail_timeout=15;
server localhost:8082 weight=10 max_conns=10000 max_fails=3 fail_timeout=15;
}
server {
add_header X-XSS-Protection 1;
add_header Set-Cookie "Path=/; HttpOnly; Secure";
listen 443 ssl; #SSL协议访问端口号为443。此处如未添加ssl,可能会造成Nginx无法启动。
server_name www.business.com; #将localhost修改为您证书绑定的域名,例如:www.business.com。
root html;
index index.html index.htm;
ssl_certificate /app/business/www.business.com.pem;
ssl_certificate_key /app/business/www.business.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA;
ssl_prefer_server_ciphers on;
client_max_body_size 1024M;
location / {
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
#访问地址方式一
location /business-pc/ {
add_header Access-Control-Allow-Origin *;
alias /app/business-pc/;
}
#访问地址方式二
location /business-pc/ {
add_header Access-Control-Allow-Origin http://192.168.0.1;
add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
if ($request_method = 'OPTIONS') {
return 204;
}
add_header X-Frame-Options SAMEORIGIN;
add_header Content-Security-Policy "worker-src 'self'";
add_header X-Content-Type-Options nosniff;
alias /app/business-pc/;
}
#访问接口
location /business-web{
access_log /etc/nginx/logs/business-web.log;
proxy_pass http://business_server/business-web;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
链接
下载链接:https://download.csdn.net/download/qq_38254635/89532087
OK,就这些吧。
有什么不对的还望指正,书写不易,觉得有帮助就点个赞吧!☺☺☺