Nginx 是一个高性能的 HTTP 和反向代理 web 服务器,同时也提供了 IMAP/POP3/SMTP 服务
因其丰富的功能集、稳定性、示例配置文件和低系统资源的消耗受到了开发者的欢迎
本文总结了一些常用的 Nginx 配置代码,希望对大家有所帮助
侦听端口
server {
# HTTP
listen 80;
# HTTPS
listen 443 ssl;
# HTTP2
listen 443 ssl http2;
# IPv6监听80端口
listen [::]:80;
# 只使用IPv6监听80端口
listen [::]:80 ipv6only=on;
}
访问日志
server {
# 日志文件
access_log /path/to/file.log;
# 开启/关闭 日志
access_log on;
}
域名
server {
# 监听指定域名
server_name yourdomain.com;
# 监听多个域名
server_name yourdomain.com www.yourdomain.com;
# 监听所有域名
server_name *.yourdomain.com;
# 监听所有顶级域名
server_name yourdomain.*;
# 监听未指定的主机名(IP地址本身)
server_name "";
}
静态资源
server {
listen 80;
server_name yourdomain.com;
location / {
root /path/to/website;
}
}
重定向
server {
listen 80;
server_name www.yourdomain.com;
return 301 http://yourdomain.com$request_uri;
}
server {
listen 80;
server_name www.yourdomain.com;
location /redirect-url {
return 301 http://otherdomain.com;
}
}
反向代理
server {
listen 80;
server_name yourdomain.com;
location / {
# 项目启动的IP-Port
proxy_pass http://0.0.0.0:3000;
}
}
负载均衡
upstream node_js {
server 0.0.0.0:3000;
server 0.0.0.0:4000;
server 123.131.121.122;
}
server {
listen 80;
server_name yourdomain.com;
location / {
proxy_pass http://node_js;
}
}
SSL 协议
server {
listen 443 ssl;
server_name yourdomain.com;
ssl on;
ssl_certificate /path/to/cert.pem;
ssl_certificate_key /path/to/privatekey.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /path/to/fullchain.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_timeout 1h;
ssl_session_cache shared:SSL:50m;
add_header Strict-Transport-Security max-age=15768000;
}
# 永久重定向 HTTP --> HTTPS
server {
listen 80;
server_name yourdomain.com;
return 301 https://$host$request_uri;
}
评论区