外观
nginx 配置
ssl + http2
nginx
http: {
ssl_certificate 证书目录;
ssl_certificate_key 私钥目录;
server {
listen 443 ssl;
http2 on;
}
}quic + http3
nginx
server {
# 每个 quic端口 只能有一个 reuseport
# 其他 server 相同的 quic端口 需要省略 reuseport
listen 443 quic reuseport;
location / {
add_header Alt-Svc 'h3=":443"; ma=86400' always;
}
}IPv4 + IPv6
nginx
server {
listen 80;
listen [::]:80;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
}http 跳转 https
nginx
server {
listen 80 default_server;
listen [::]:80 default_server;
return 301 https://$host$request_uri;
}497
nginx
server {
error_page 497 301 https://$host:$server_port$request_uri;
}ssl_reject_handshake
nginx
server {
listen 443 default_server;
listen [::]:443 default_server;
ssl_reject_handshake on;
}Gzip
nginx
http {
gzip_static on;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types
text/plain
text/css
application/json
application/javascript
text/xml
application/xml
application/xml+rss
text/javascript;
}Cache-Control
nginx
location /assets/ {
add_header Cache-Control "public, max-age=31536000, immutable";
}
location / {
add_header Cache-Control "no-cache";
}SPA
nginx
location / {
try_files $uri $uri/ $uri.html /index.html;
}反代
nginx
location / {
proxy_pass http://127.0.0.1:端口;
}autoindex
nginx
location / {
auth_basic on;
auth_basic_user_file htpasswd路径;
root 目录;
autoindex on;
charset utf-8;
autoindex_exact_size off;
}include
引入 /etc/nginx/sites-enabled/ 下的所有配置
nginx
include /etc/nginx/sites-enabled/*默认样例
nginx
# ssl 证书
ssl_certificate 证书目录;
ssl_certificate_key 私钥目录;
# http跳转https
server {
listen 80 default_server;
listen [::]:80 default_server;
return 301 https://$host$request_uri;
}
# 默认ssl拒绝握手
server {
# listen 443 default_server;
# listen [::]:443 default_server;
listen 8443 default_server;
listen [::]:8443 default_server;
ssl_reject_handshake on;
}网站样例
nginx
# 网站
server {
# 每个 quic端口 只能有一个 reuseport
# 其他 server 相同的 quic端口 需要省略 reuseport
# listen 443 ssl;
# listen [::]:443 ssl;
# listen 443 quic reuseport;
# listen [::]:443 quic reuseport;
listen 8443 ssl;
listen [::]:8443 ssl;
listen 8443 quic reuseport;
listen [::]:8443 quic reuseport;
http2 on;
server_name 域名;
root 网站目录;
index index.html index.htm;
error_page 497 301 https://$host:$server_port$request_uri;
location /assets/ {
# add_header Alt-Svc 'h3=":443"; ma=86400' always;
add_header Alt-Svc 'h3=":8443"; ma=86400' always;
add_header Cache-Control "public, max-age=31536000, immutable";
}
location / {
# add_header Alt-Svc 'h3=":443"; ma=86400' always;
add_header Alt-Svc 'h3=":8443"; ma=86400' always;
add_header Cache-Control "no-cache";
try_files $uri $uri/ $uri.html /index.html;
}
}反代样例
nginx
# 反代
server {
# 每个 quic端口 只能有一个 reuseport
# 其他 server 相同的 quic端口 需要省略 reuseport
# listen 443 ssl;
# listen [::]:443 ssl;
# listen 443 quic reuseport;
# listen [::]:443 quic reuseport;
listen 8443 ssl;
listen [::]:8443 ssl;
listen 8443 quic reuseport;
listen [::]:8443 quic reuseport;
http2 on;
server_name 域名;
error_page 497 301 https://$host:$server_port$request_uri;
location / {
# add_header Alt-Svc 'h3=":443"; ma=86400' always;
add_header Alt-Svc 'h3=":8443"; ma=86400' always;
proxy_pass http://127.0.0.1:端口;
proxy_ssl_server_name on;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# client_max_body_size 20000m;
}
}