This article lists several common, useful, and interesting configurations of Nginx. I hope you can say: Learned!
Multiple domain names are configured for one site
server {
listen 80;
server_name ops-coffee.cn b.ops-coffee.cn;
}
Copy the codeServer_name is followed by multiple domain names separated by Spaces
Multiple sites are configured for a service
server { listen 80; server_name a.ops-coffee.cn; location / { root /home/project/pa; index index.html; } } server { listen 80; server_name ops-coffee.cn b.ops-coffee.cn; location / { root /home/project/pb; index index.html; } } server { listen 80; server_name c.ops-coffee.cn; location / { root /home/project/pc; index index.html; }}Copy the codeBased on Nginx virtual host configuration implementation, Nginx has three types of virtual hosts
IP based virtual host: you need to have multiple addresses on the server, each site corresponds to a different address, this way to use less
Port-based virtual hosts: Each site has a different port. IP :port is used to access virtual hosts. You can change the port of LISTEN to use the port
Domain-based hosting: the most widely used method, in this example, is domain-based hosting, provided that you have multiple domain names for each site, server_name is a different domain name
Nginx added account password authentication
server {
location / {
auth_basic "please input user&passwd"; auth_basic_user_file key/auth.key; }}Copy the codeThere are many services that can be accessed through nginx, but they do not provide the function of account authentication. You can use nginx to provide authBase account password authentication, which can be used to generate account passwords
# cat pwd.pl
#! /usr/bin/perl
use strict;
my $pw=$ARGV[0].print crypt($pw.$pw)."\n";
Copy the codeUsage:
# perl pwd.pl ops-coffee.cn
opf8BImqCAXww
# echo "admin:opf8BImqCAXww" > key/auth.key
Copy the codeNginx opens the column directory
When you want nginx to exist as a file download server, you need to open the nginx column directory
server { location download { autoindex on; autoindex_exact_size off; autoindex_localtime on; }}Copy the codeAutoindex_exact_size: Specifies the exact size of the file displayed when the value is on(the default value), in bytes. Change to off to show the approximate size of the file in KB or MB or GB
Autoindex_localtime: The GMT time is displayed when off(the default). After the file time is changed to ON, the file time is the server time
By default, when accessing the listed TXT files, the contents of the file will be displayed in the browser. If you let the browser download directly first, add the following configuration
if ($request_filename^ ~ *. *? \.(txt|pdf|jpg|png)$) { add_header Content-Disposition'attachment';
}
Copy the codeConfiguring the Default Site
server {
listen 80 default;
}
Copy the codeIf you want to specify a default site, you can put the site’s virtual host in the configuration file at the location of the first virtual host. If you want to specify a default site, you can put the site’s virtual host in the configuration file. Or configure Listen Default on the site’s virtual host
IP access is not allowed
server {
listen 80 default;
server_name _;
return 404;
}
Copy the codeThere may be some unregistered domain name or undesired domain name pointing to your server address, this will cause some impact on your site, you need to disable IP or unconfigured domain name access, we use the above mentioned default rule, the default traffic to 404
The above method is rather rough, of course, you can also configure all the unconfigured address access directly 301 redirect to your site, but also for your site to bring a certain amount of traffic
server {
rewrite ^/(.*)$ https://ops-coffee.cn/The $1 permanent;
}
Copy the codeReturn directly to the validation file
location = /XDFyle6tNA.txt {
default_type text/plain;
return 200 'd6296a84657eb275c05c31b10924f6ea';
}
Copy the codeMany times wechat and other programs need us to put a TXT file into the project to verify the project ownership, we can directly through the above way to modify nginx, without really putting the file to the server
Upstream: configure the upstream reverse proxy
http { ... Upstream tomcats {server 192.168.106.176 weight=1; Server 192.168.106.177 weight = 1; } server { location /ops-coffee/ { proxy_pass http://tomcats; proxy_set_header Host$host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; }}}Copy the codeProxy_pass http://tomcats and proxy_pass http://tomcats/
It’s only a/difference, but the results vary widely. It is divided into the following two situations:
- The destination address does not contain a URI (
proxy_pass http://tomcats). In this case, the matching URI part of the new destination URL is not modified, and the original is the same.
The location/ops - coffee / {proxy_pass http://192.168.106.135:8181; } -- -- -- - > > http://192.168.106.135:8181/ops-coffee/ http://domain/ops-coffee/action/abc http://domain/ops-coffee/ http://192.168.106.135:8181/ops-coffee/action/abcCopy the code- Destination address with URI (
proxy_pass http://tomcats/, / is also the URI), in this case, the matching URI part of the new destination URL will be changed to the URI of this parameter.
The location/ops - coffee / {proxy_pass http://192.168.106.135:8181/; } -- -- -- - > > http://192.168.106.135:8181 http://domain/ops-coffee/action/abc http://domain/ops-coffee/ http://192.168.106.135:8181/action/abcCopy the code“Nginx upstream opens Keepalive”
upstream tomcat { server ops-coffee.cn:8080; keepalive 1024; } server {location / {proxy_http_version 1.1; proxy_set_header Connection""; proxy_pass http://tomcat; }}Copy the codeIn most cases, nginx will be used as a reverse proxy in the project, such as nginx followed by Tomcat, nginx followed by PHP, etc. In this case, we can enable keepalive between nginx and the backend service to reduce the resource consumption caused by frequently creating TCP connections
Keepalive: specifies the maximum number of connections that each Nginxworker can keep. This parameter is not set by default. That is, keepalive does not take effect when Nginx serves as a client
Proxy_http_version 1.1: The keepalive protocol version must be HTTP 1.1
Proxy_set_header Connection “” : In order to be compatible with older protocols and prevent keepalive failures caused by Connection close in HTTP headers, it is necessary to clear the HTTP header Connection in time
404 The page is automatically displayed
server { location / { error_page 404 = @ops-coffee; } location @ops-coffee { rewrite .* / permanent; }}Copy the codeA 404 page is not particularly friendly, we can through the above configuration in the occurrence of 404 to automatically jump to the home page
Related articles recommended reading:
- Remember a weird troubleshooting experience
- Introduction and use of SVN Hooks