外观
nginx 配置
ssl + http2
nginx
http: {
ssl_certificate 证书目录;
ssl_certificate_key 私钥目录;
server {
listen 443 ssl;
http2 on;
}
}IPv4 + IPv6
nginx
server {
listen 80;
listen [::]:80;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
}http 跳转 https
nginx
server {
listen 80 default_server;
listen [::]:80 default_server;
return 301 https://$host$request_uri;
}497
nginx
server {
error_page 497 301 https://$host:$server_port$request_uri;
}ssl_reject_handshake
nginx
server {
listen 443 default_server;
listen [::]:443 default_server;
ssl_reject_handshake on;
}Gzip
nginx
http {
gzip_static on;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types
text/plain
text/css
application/json
application/javascript
text/xml
application/xml
application/xml+rss
text/javascript;
}Cache-Control
nginx
location /assets/ {
add_header Cache-Control "public, max-age=31536000, immutable";
}
location / {
add_header Cache-Control "no-cache";
}SPA
nginx
location / {
try_files $uri $uri/ $uri.html /index.html;
}反代
nginx
location / {
proxy_pass http://127.0.0.1:端口;
}autoindex
nginx
location / {
auth_basic on;
auth_basic_user_file htpasswd路径;
root 目录;
autoindex on;
charset utf-8;
autoindex_exact_size off;
}include
引入 /etc/nginx/sites-enabled/ 下的所有配置
nginx
include /etc/nginx/sites-enabled/*默认样例
nginx
# ssl 证书
ssl_certificate 证书目录;
ssl_certificate_key 私钥目录;
# http跳转https
server {
listen 80 default_server;
listen [::]:80 default_server;
return 301 https://$host$request_uri;
}
# 默认ssl拒绝握手
server {
listen 443 default_server;
listen [::]:443 default_server;
# listen 4000 default_server;
# listen [::]:4000 default_server;
ssl_reject_handshake on;
}网站样例
nginx
# 网站
server {
listen 443 ssl;
listen [::]:443 ssl;
# listen 4000 ssl;
# listen [::]:4000 ssl;
http2 on;
server_name 域名;
root 网站目录;
index index.html index.htm;
error_page 497 301 https://$host:$server_port$request_uri;
location /assets/ {
try_files $uri $uri/ $uri.html /index.html;
add_header Cache-Control "public, max-age=31536000, immutable";
}
location / {
try_files $uri $uri/ $uri.html /index.html;
add_header Cache-Control "no-cache";
}
}反代样例
nginx
# 反代
server {
listen 443 ssl;
listen [::]:443 ssl;
# listen 4000 ssl;
# listen [::]:4000 ssl;
http2 on;
server_name 域名;
error_page 497 301 https://$host:$server_port$request_uri;
location / {
proxy_pass http://127.0.0.1:端口;
proxy_ssl_server_name on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# client_max_body_size 20000m;
}
}完整样例 (Windows)
nginx
#user nobody;
# 进程数
worker_processes 1;
events {
# 每个进程的最大连接数
worker_connections 1024;
}
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
# 显示nginx版本号
server_tokens off;
sendfile on;
tcp_nopush on;
# keepalive_timeout 0;
keepalive_timeout 65;
# gzip压缩
gzip_static on;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types
text/plain
text/css
application/json
application/javascript
text/xml
application/xml
application/xml+rss
text/javascript;
# ssl 证书
ssl_certificate 证书目录;
ssl_certificate_key 私钥目录;
# http跳转https
server {
listen 80 default_server;
listen [::]:80 default_server;
return 301 https://$host$request_uri;
}
# 默认ssl拒绝握手
server {
listen 443 default_server;
listen [::]:443 default_server;
# listen 4000 default_server;
# listen [::]:4000 default_server;
ssl_reject_handshake on;
}
# 网站
server {
listen 443 ssl;
listen [::]:443 ssl;
# listen 4000 ssl;
# listen [::]:4000 ssl;
http2 on;
server_name 域名;
root 网站目录;
index index.html index.htm;
error_page 497 301 https://$host:$server_port$request_uri;
location /assets/ {
try_files $uri $uri/ $uri.html /index.html;
add_header Cache-Control "public, max-age=31536000, immutable";
}
location / {
try_files $uri $uri/ $uri.html /index.html;
add_header Cache-Control "no-cache";
}
}
# 反代
server {
listen 443 ssl;
listen [::]:443 ssl;
# listen 4000 ssl;
# listen [::]:4000 ssl;
http2 on;
server_name 域名;
error_page 497 301 https://$host:$server_port$request_uri;
location / {
proxy_pass http://127.0.0.1:端口;
proxy_ssl_server_name on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# client_max_body_size 20000m;
}
}
}