What is the

This section introduces Nginx and common configurations

Speak what

  1. Introduce Nginx –
  2. Nginx- Forward proxy
  3. Nginx- Reverse proxy
  4. Nginx- Cross-domain configuration
  5. Nginx – Https is enabled
  6. Nginx – hotlinking prevention
  7. Nginx – gzip enabled

Introduce Nginx –

Nginx is a lightweight web server and reverse proxy server. Compared with Apache and LighttPD, it has the advantages of less memory and higher stability.

It can be used to:

  1. Static resource service – Provides services through the local file system
  2. Reverse proxy services – Caching and load balancing
  3. API service

Nginx- Forward proxy

Forward proxy: A proxy server is configured in the browser of the client. The proxy server is used to access the Internet and return the accessed web content to the client. This proxy service is called forward proxy.

  1. Can be used as a cache, accelerated access to resources;
  2. You can set Intranet restrictions
  3. Client access authorization, Internet access authentication;
  4. The agent can record user access records
# vi/root/nginx 1.17.0 / conf/nginx. ConfServer {resolver 192.168.1.1Nginx server IP address
	listen       80;
	location / {
			proxy_pass http://$http_host$request_uri; Set proxy server protocol and address}}Copy the code

Nginx- Reverse proxy

Reverse proxy: no need to configure the client to access, we just need to send the request to the reverse proxy server, and then the reverse proxy server to select the target server to access the data, and then return to the client.

  1. To ensure Intranet security, the reverse proxy is used as the public network access address and the Web server is used as the Intranet.
  2. Load balancing, through the reverse proxy server to optimize the site load;

Use the Nginx reverse proxy to jump to a service on a different port based on the access path.

The listening port of Nginx is 9001

Visit http://192.168.1.1:9001/abc to jump directly to the 192.168.1.1:8080 http://192.168.1.1:9001/def jump straight to 192.168.1.1:8081

  1. Configure the reverse proxy to the nginx.conf configuration file of the Nginx server.
# vim /usr/local/nginx/conf/nginx.confserver { listen 9001; Server_name 192.168.1.10. Location ~ /special/ {proxy_pass http://192.168.1.1:8080; } location ~ /home/ {proxy_pass http://192.168.1.1:8081; }}Copy the code
  1. Edit the firewall configuration file to add ports 8080, 8081, and 9001.
# vim /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8081 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 9001 -j ACCEPT
Copy the code
  1. Restarting the Firewall
/etc/init.d/iptables restart
service iptables status
Copy the code
  1. Restart the Nginx service
# fuser -k 80/tcp
# cd /usr/local/nginx/
# cd sbin/
# ls
nginx
# ./nginx -s stop
# ./nginx 
Copy the code

Nginx- Cross-domain configuration

http {
    # Domains that allow cross-domain requests, * for all
    add_header 'Access-Control-Allow-Origin' *;
    # Allow requests with cookies
    add_header 'Access-Control-Allow-Credentials' 'true'; 
    Methods that allow requests, such as GET/POST/PUT/DELETE
    add_header 'Access-Control-Allow-Methods' *;
    # Allow headers for requests
    add_header 'Access-Control-Allow-Headers' *;
}
Copy the code

Nginx – Https is enabled

  1. To configure HTTPS in nginx, you must install the SSL module, namely: http_SSL_modul
  2. Copy the SSL certificate *. CRT and private key *. Key to the /usr/local/nginx/conf directory
  3. Added server listening on port 443
server {
    listen  443;
    # your domain name
    server_name dsying.cn; 
    # open SSL
    ssl on;

    Configure the SSL certificate
    ssl_certificate dsying.cn.crt;
    Configure the SSL key
    ssl_certificate_key dsying.cn.key;

    # SSL session cache
    ssl_session_cache shared:SSL:1m;
    # SSL session timeoutssl_session_timeout 5m; Location / {proxy_pass http://public IP address: project port number; }}Copy the code

Nginx – hotlinking prevention

http {
	valid_referers baidu.com;
	if ($invalid_referer) {
			return404}}Copy the code

Nginx – gzip enabled

gzip  on;
gzip_min_length  1k;
gzip_buffers     4 16k;
gzip_http_version 1.1;
gzip_comp_level 9;
gzip_types       text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php application/javascript application/json;
gzip_disable "MSIE [1-6]\.";
gzip_vary on;
Copy the code