Nginx服务器的server节点通常用来定义一个服务,Nginx服务器可以配置多个server节点,一个server通常用来定义一个单独项目(网站),也可以用一个 server来定义Nginx全局项目(网站),接下来我们总结Nginx服务器server节点的常用配置参数。
一、基础知识
1.1 常规配置
1
2
3
4
5
6
| server {
listen 80;
server_name jkdev.cn www.jkdev.cn;
root /usr/share/nginx/html;
index index.php index.html index.htm;
}
|
- listen:监听端口
- server_name:域名
- root:项目路径
- index:默认访问文件
1.2 https配置
1
2
3
4
5
6
7
8
9
10
11
12
13
| server {
listen 443 ssl;
server_name jkdev.cn www.jkdev.cn;
root /usr/share/nginx/html;
index index.php index.html index.htm;
ssl_certificate /etc/ssl/jkdev.cn/cert.pem;
ssl_certificate_key /etc/ssl/jkdev.cn/key.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
}
|
- ssl_certificate:证书公钥文件
- ssl_certificate_key:证书私钥文件
- ssl_session_timeout:缓存有效期
- ssl_protocols:安全链接可选的加密协议
- ssl_ciphers:加密算法
- ssl_prefer_server_ciphers on:使用服务器端的首选算法
1.3 从定向
如果访问域名不是www.jkdev.cn,强制从定向到http://www.jkdev.cn,并携带参数。permanent表示返回301永久重定向,地址栏显示重定向后的url
1
2
3
4
5
6
7
8
9
10
| server {
listen 80;
server_name jkdev.cn www.jkdev.cn;
root /usr/share/nginx/html/php/www/public;
index index.php index.html index.htm;
if ( $host != 'www.jkdev.cn' ) {
rewrite ^(.*)$ https://www.jkdev.cn$1 permanent;
}
}
|
在项目的根节点之下,如果访问文件为空,则重定向到根节点下的index.php文件。last表示url重写后,马上发起一个新的请求,再次进入server块,重试location匹配,超过10次匹配不到报500错误,地址栏url不变
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
| server {
listen 80;
server_name jkdev.cn www.jkdev.cn;
root /usr/share/nginx/html/php/www/public;
index index.php index.html index.htm;
if ( $host != 'www.jkdev.cn' ) {
rewrite ^(.*)$ http://www.jkdev.cn$1 permanent;
}
location / {
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php/$1 last;
}
}
}
|
1.4 定义错误界面
当发生500、502、503、504这几种错误时,返回/50x.html。location部分定义了50x.html的访问位置,以保证找到自定义的50x页面
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
| server {
listen 80;
server_name jkdev.cn www.jkdev.cn;
root /usr/share/nginx/html/php/www/public;
index index.php index.html index.htm;
if ( $host != 'www.jkdev.cn' ) {
rewrite ^(.*)$ https://www.jkdev.cn$1 permanent;
}
location / {
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?s=/$1 last;
}
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
|
1.5 fastcgi配置
当访问php文件时,转发给127.0.0.1:9000
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
| server {
listen 80;
server_name jkdev.cn www.jkdev.cn;
root /var/www/html;
index index.php index.html index.htm;
if ( $host != 'www.jkdev.cn' ) {
rewrite ^(.*)$ https://www.jkdev.cn$1 permanent;
}
location / {
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?s=/$1 last;
}
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php(.*)$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/html/$fastcgi_script_name;
include fastcgi_params;
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
}
}
|
1.6 反向代理-端口转发
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
| server {
listen 443 ssl;
server_name api.jkdev.cn;
ssl_certificate /etc/ssl/jkdev.cn/cert.pem;
ssl_certificate_key /etc/ssl/jkdev.cn/key.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location /v2/ {
proxy_pass http://127.0.0.1:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
|
- proxy_pass:代理地址
- proxy_set_header:设置代理请求头
二、实际应用
根据1中的基础介绍,我们对Nginx的server配置参数有了基本了解,接下来我们模拟实际场景,编写Nginx的server配置
2.1 将所有http请求重定向到https
1
2
3
4
| server {
listen 80;
rewrite ^(.*) https://$host permanent;
}
|
2.2 部署php博客(如wordpress、typecho)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
| server {
listen 443 ssl;
server_name blog.jkdev.cn;
root /usr/share/nginx/html/php/blog;
index index.php index.html index.htm;
ssl_certificate /etc/ssl/jkdev.cn/cert.pem;
ssl_certificate_key /etc/ssl/jkdev.cn/key.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php?s=/$1 last;
}
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php(.*)$ {
fastcgi_pass php-fpm:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/html/blog/$fastcgi_script_name;
include fastcgi_params;
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
}
location ~* ^/(css|img|js|flv|swf|download)/(.+)$ {
root /usr/share/nginx/html/php/blog;
}
location ~* \.(eot|ttf|woff|svg|otf)$ {
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Headers X-Requested-With;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
}
location ~ /\.ht {
deny all;
}
}
|
2.3 在一个域名之下部署多个服务
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
| server {
listen 443 ssl;
server_name api.jkdev.cn;
ssl_certificate /etc/ssl/jkdev.cn/cert.pem;
ssl_certificate_key /etc/ssl/jkdev.cn/key.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location /v1/ {
proxy_pass http://127.0.0.1:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /v2/ {
proxy_pass http://127.0.0.1:8081/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
|
- location /v1/ :配置v1项目转发
- location /v2/ :配置v2项目转发
2.4 部署前端项目(如vue)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
| server {
listen 443 ssl;
server_name www.jkdev.cn;
root /usr/share/nginx/html/php/www/dist;
index index.php index.html index.htm;
ssl_certificate /etc/ssl/jkdev.cn/cert.pem;
ssl_certificate_key /etc/ssl/jkdev.cn/key.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
try_files $uri $uri/ /index.html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~* ^/(css|img|js|flv|swf|download)/(.+)$ {
root /usr/share/nginx/html/php/www/dist;
}
location ~* \.(eot|ttf|woff|svg|otf)$ {
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Headers X-Requested-With;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
}
location ~ /\.ht {
deny all;
}
}
|
