Easy Nginx configuration code artifact!
Cross-domain Proxy Proxy
Server {# listening in9099Port to listen9099;
# 域名是localhost
server_name localhost;
#凡是localhost:9099/ API like this, all forward to the real server address HTTP://localhost:9871
location ^~ /api {
proxy_pass http://localhost:9871;}}Copy the code
Load balancing
Upstream: / / add HTTP to server:// Forward the webcanteen request to the upstream pool
upstream webcanteen {
server 127.0. 01.:66 weight=10;
server 127.0. 01.:77 weight=1;
server 127.0. 01.:88 weight=1;
}
server {
location / {
proxy_pass http://webcanteen}}Copy the code
Dynamic and static separation
Dynamic and static separation is to make dynamic web pages in the dynamic website according to certain rules to differentiate between constant resources and often changed resources. After dynamic and static resources are split, we can do cache operation according to the characteristics of static resources. This is the core idea of static site processing.
upstream eap_website {
server eapwebsite;
}
server {
listen 80; Location / {# static resource root /usr/share/nginx/html; index index.html index.htm; try_files $uri /index.html; } location ^~/api/{# proxy_pass HTTP://eap_website/api/;
}
location ^~ /swagger/{# proxy_pass HTTP://eap_website/swagger/;}}Copy the code
✨
HTTP redirects to HTTPS
server {
listen 80;
server_name domain.com;
rewrite ^(.*) https://$server_name$1 permanent;
}
server {
listen 443 ssl;
server_name domain.com;
ssl on;
ssl_certificate /etc/nginx/ssl/domain.com.crt;
ssl_certificate_key /etc/nginx/ssl/domain.com.crt;
# other
}
Copy the code
Add CORS response headers and enable GZIP compression for static resources
location / {
gzip on;
gzip_types application/javascript text/css image/jpeg;
root /usr/share/nginx/html;
index index.html index.htm;
try_files $uri /index.html;
add_header 'Access-Control-Allow-Origin' The '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
add_header 'Access-Control-Allow-Headers' 'Content-Type';
add_header 'Access-Control-Allow-Credentials' 'true';
}
Copy the code
Redirection configuration
In the website development, there are too many application scenarios of redirection. For example, when a user does not log in, the url he enters will automatically jump to the login page. When users visit the old version of the website, it automatically redirects to the new version of the web page
server {
listen 80; # gzip config gzip on; . root /usr/share/nginx/html; include /etc/nginx/mime.types; Add weighting directionif ($http_host ~ "^code-nav.cn") {
rewrite ^(.*) https://www.code-nav.cn permanent;}}Copy the code
Preventing hotlinking
The principle of anti-theft chain is to obtain the source of web page according to the referer in the request header, so as to achieve access control. This can prevent website resources from being illegally embezzled, thus ensuring information security, reducing bandwidth loss and reducing server pressure.
The location ~. *. (JPG | PNG | GIF) ${matching hotlinking prevention resource file type # # by valid_referers define legal address white list $invalid_referer illegal to return403
valid_referers none blocked 127.0. 01.;
if ($invalid_referer) {
return 403; }}Copy the code
Access control
There are two main types of access control:
- -http_access_module Indicates IP – based access control
- -http_auth_basic_module Logs in based on the user’s trust
(Login based on user trust is not very secure, this article will not do configuration introduction)
The following is ip-based access control:
Server {location ~ ^/index.html {# matches the index.html page except127.0. 01.All other users can access deny127.0. 01.; allow all; }}Copy the code