Nginx配置-2
1、更新Openssl
[root@rocky8 ~]# nginx -V #檢視現在nginx的OpenSSL版本和編譯情況
nginx version: nginx/1.22.0
built by gcc 8.5.0 20210514 (Red Hat 8.5.0-10) (GCC)
built with OpenSSL 1.1.1k FIPS 25 Mar 2021
TLS SNI support enabled
configure arguments: --prefix=/apps/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module
[root@rocky8 ~]# tar xf openssl-3.0.5.tar.gz -C /usr/local
[root@rocky8 ~]# cd /usr/local/nginx-1.22.0/
[root@rocky8 nginx-1.22.0]# ./configure --prefix=/apps/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module --with-openssl=/usr/local/openssl-3.0.5
[root@rocky8 nginx-1.22.0]# make && make install
###提示以下錯誤:需要安裝perl-IPC-Cmd包
Can't locate IPC/Cmd.pm in @INC (you may need to install the IPC::Cmd module)
[root@rocky8 nginx-1.22.0]# dnf install perl-IPC-Cmd
[root@rocky8 nginx-1.22.0]# make && make install #再次編譯 2、if指令
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
charset utf8;
server_name www.wang.org;
root /data/nginx/html/pc;
location /if {
index index.html;
root /data/nginx/test;
default_type text/html;
echo "if----> $scheme";
if (!-e $request_filename) {
echo "$request_filename is not exist";
}
}
}
[root@rocky8 conf.d]# mkdir /data/nginx/test/if -p
[root@rocky8 conf.d]# echo /data/nginx/test/if > /data/nginx/test/if/index.html
[root@rocky8 conf.d]# nginx -s reload
===========================================================
[root@rocky8 conf.d]# rm -f /data/nginx/test/if/index.html #删除後再測試
[root@rocky8 conf.d]# nginx -s reload 3、set指令
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
charset utf8;
server_name www.wang.org;
root /data/nginx/html/pc;
location /set {
root /data/nginx/html/pc;
index index.html;
default_type text/html;
set $name wang; #定義$name的值是wang
echo $name; #輸出$name
set $my_port $server_port; #定義$my_port的值是$server_port的值
echo $my_port;
}
}
[root@rocky8 conf.d]# nginx -s reload 4、break指令
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
charset utf8;
server_name www.wang.org;
root /data/nginx/html/pc;
location /break {
root /data/nginx/html/pc;
index index.html;
default_type text/html;
set $name wang;
echo "break_before:name=$name";
break; #location塊中break後面指令還會執行
set $my_port $server_port;
echo "break_after:my_port=$my_port";
echo "break_after:name=$name";
}
}
[root@rocky8 conf.d]# nginx -s reload 5、return 指令
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
charset utf8;
server_name www.wang.org;
root /data/nginx/html/pc;
location / {
root /data/nginx/html/pc;
index index.html;
default_type text/html;
if ( $scheme = http ) {
return 500 "service error";
echo "if-----> $scheme";
}
if ( $scheme = https ) {
echo "if---> $scheme";
}
}
}
[root@rocky8 conf.d]# nginx -s reload http跳轉到https
## 方法1
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
charset utf8;
server_name www.wang.org;
return 302 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name www.wang.org;
charset utf8;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
location / {
root /data/nginx/html/pc;
}
}
[root@rocky8 conf.d]# nginx -s reload
==========================================================
#方法2
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
if ( $scheme = http ) {
return https://www.wang.org/;
}
}
[root@rocky8 conf.d]# nginx -s reload 6、rewrite 指令
# break
[root@rocky8 conf.d]# echo test1 > /data/nginx/html/pc/test1.html
[root@rocky8 conf.d]# echo test2 > /data/nginx/html/pc/test2.html
[root@rocky8 conf.d]# echo test4 > /data/nginx/html/pc/test4.html
[root@rocky8 conf.d]# echo test3 > /data/nginx/html/pc/test3.html
[root@rocky8 conf.d]# echo testa > /data/nginx/html/pc/testa.html
[root@rocky8 conf.d]# echo testb > /data/nginx/html/pc/testb.html
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
if ( $scheme = http ) {
return https://www.wang.org/;
}
location /test {
rewrite /test1.html /test2.html break;
rewrite /test2.html /test3.html;
}
location /test2.html {
rewrite /test2.html /testa.html;
}
location /test3.html {
rewrite /test3.html /testb.html;
}
}
[root@rocky8 conf.d]# nginx -s reload # last
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
if ( $scheme = http ) {
return https://www.wang.org/;
}
location /test {
rewrite /test1.html /test2.html last;
rewrite /test2.html /test3.html;
}
location /test2.html {
rewrite /test2.html /testa.html;
}
location /test3.html {
rewrite /test3.html /testb.html;
}
}
[root@rocky8 conf.d]# nginx -s reload # permanent 永久跳轉
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
if ( $scheme = http ) {
return https://www.wang.org/;
}
location /test {
rewrite /test1.html /test2.html last;
rewrite /test2.html /test3.html;
}
location /test2.html {
rewrite /test2.html /testa.html;
}
location /test3.html {
rewrite /test3.html /testb.html;
}
location /permanent {
rewrite /permanent https://blog.51cto.com/dayu permanent; #通路/permanent永久跳轉至https://blog.51cto.com/dayu
}
}
[root@rocky8 conf.d]# nginx -s reload # redirect
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
if ( $scheme = http ) {
return https://www.wang.org/;
}
location /test {
rewrite /test1.html /test2.html last;
rewrite /test2.html /test3.html;
}
location /test2.html {
rewrite /test2.html /testa.html;
}
location /test3.html {
rewrite /test3.html /testb.html;
}
location /redirect {
rewrite /redirect https://blog.51cto.com/dayu redirect; #通路/permanent臨時跳轉至https://blog.51cto.com/dayu
}
}
[root@rocky8 conf.d]# nginx -s reload 自動跳轉 https
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
charset utf8;
server_name www.wang.org;
root /data/nginx/html/pc;
return 302 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
location / {
root /data/nginx/html/pc;
}
}
[root@rocky8 conf.d]# nginx -s reload [root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
location / { #針對全站跳轉
root /data/nginx/html/pc;
index index.html;
if ( $scheme = http ) { #如果沒有加條件判斷,會導緻死循環
rewrite ^/(.*) https://$host/$1 redirect;
}
location /login { #針對特定的URL進行跳轉https
if ( $scheme = http ) { #如果沒有加條件判斷,會導緻死循環
rewrite / https://$host/login redirect;
}
}
}
[root@rocky8 conf.d]# mkdir /data/nginx/html/pc/login
[root@rocky8 conf.d]# echo /data/nginx/html/pc/login > /data/nginx/html/pc/login/index.html
[root@rocky8 conf.d]# nginx -s reload 當使用者通路到公司網站的時輸入了一個錯誤的URL,可以将使用者重定向至官網首頁
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
location / {
root /data/nginx/html/pc;
index index.html;
if ( !-e $request_filename ) {
rewrite .* https://www.wang.org/index.html; #實作用戶端浏覽器的302跳轉
}
}
[root@rocky8 conf.d]# nginx -s reload 指定用戶端類型跳轉新的域名
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
if ( $http_user_agent ~* "android|iphone|ipad" ) { #判斷用戶端浏覽器類型如果是android或者iphone或者ipad就執行下邊指令
rewrite ^/(.*) http://m.wang.org/$1 redirect;
}
[root@rocky8 conf.d]# nginx -s reload 網站維護跳轉
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
set $ip 0; #在server層下設定ip變量值為0
if ( $remote_addr = 10.0.0.101 ) {
set $ip 1; #如果來源IP是10.0.0.101則設定變量為ip變量為1。
}
if ( $ip = 0 ) { #如果來源IP不是10.0.0.101則跳轉maintain.html這個頁面,否則不做任何處理
rewrite ^/(.*)$ /maintain.html break;
}
}
[root@rocky8 conf.d]# echo maintain > /data/nginx/html/pc/maintain.html
[root@rocky8 conf.d]# nginx -s reload 7、防盜鍊
實作盜鍊
#實作盜鍊
## 被盜網站設定
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main; #開啟被盜網站的日志功能,main是主配置檔案日志名稱;
location /images {
root /data/nginx/html/pc;
}
}
[root@rocky8 conf.d]# nginx -s reload
===================================================
## 盜鍊伺服器設定
server {
listen 80;
# listen 443 ssl http2; #如果開啟https功能,被盜網站日志無法記錄referer
charset utf8;
server_name www.da.org;
root /data/nginx/html/da;
# ssl_certificate /apps/nginx/cert/www.wang.org.pem;
# ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
access_log /apps/nginx/logs/www.da.org_access.log main;
# if ( $scheme = http ) {
# rewrite ^/(.*) https://$server_name$request_uri;
# }
}
[root@rocky8 conf.d]# nginx -s reload
## 浏覽器測試:注意:最好選用火狐,edge浏覽器最新版預設會檢測到盜鍊而阻止 實作防盜鍊
#實作防盜鍊
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location /images {
root /data/nginx/html/pc;
valid_referers none blocked server names *.wang.org ~\.baidu\. ; # 有效referer包含的域名
if ( $invalid_referer ) { #無效referer轉到403
return 403;
}
}
[root@rocky8 conf.d]# nginx -s reload 8、反向代理單台 web 伺服器
# nginx代理伺服器:
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location / {
proxy_pass http://www.yu.org; #通路本機域名轉至www.yu.org
}
}
[root@rocky8 conf.d]# vim /etc/hosts #添加www.yu.org解析
10.0.0.101 www.yu.org
[root@rocky8 conf.d]# nginx -s reload
=========================================================
#nginx伺服器:
[root@ubuntu2004 ~]#vim /etc/nginx/conf.d/www.yu.org.conf
server {
listen 80;
server_name www.yu.org;
root /data/nginx/html/yu;
}
[root@ubuntu2004 ~]#mkdir /data/nginx/html/yu -p
[root@ubuntu2004 ~]#echo /data/nginx/html/yu > /data/nginx/html/yu/index.html
[root@ubuntu2004 ~]#nginx -s reload
#用戶端通路www.wang.org測試 # 反向代理伺服器:(要關閉proxy_set_header功能,不然多個網站,隻會一直通路一個網站)
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location / {
proxy_pass http://www.b.org;
# proxy_set_header Host $http_host;
#proxy_connect_timeout 10s;
}
[root@rocky8 conf.d]# vim /etc/hosts
10.0.0.18 www.a.org www.b.org
[root@rocky8 conf.d]# nginx -s reload # nginx伺服器
[root@rocky8 ~]# vim /etc/nginx/conf.d/www.a.org.conf
server {
listen 80;
server_name www.a.org;
root /data/nginx/a;
}
server {
listen 80;
server_name www.b.org;
root /data/nginx/b;
}
[root@rocky8 ~]# systemctl restart nginx.service
# 用戶端測試
[root@ubuntu2004 ~]#curl www.wang.org
www.b.org 9、指定 location 實作反向代理
# 反向代理:
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location /static {
proxy_pass http://www.b.org; #如果通路www.wang.org/static轉到www.b.org/static
}
}
[root@rocky8 conf.d]# nginx -s reload
===================
# nignx伺服器
[root@rocky8 ~]# vim /etc/nginx/conf.d/www.a.org.conf
server {
listen 80;
server_name www.a.org;
root /data/nginx/a;
}
server {
listen 80;
server_name www.b.org;
root /data/nginx/b;
}
[root@rocky8 ~]# systemctl restart nginx.service
[root@rocky8 ~]# mkdir /data/nginx/b/static
[root@rocky8 ~]# echo /data/nginx/b/static > /data/nginx/b/static/index.html
# 用戶端測試 10、針對特定的資源實作代理
# 動靜分離
# 代理伺服器:
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location /api {
proxy_pass http://10.0.0.18:8080/hello; 通路www.wang.org轉至10.0.0.18:8080/hello(hello是go語言web_demo生成的一個頁面)
proxy_set_header Host $http_host;
}
}
[root@rocky8 conf.d]# nginx -s reload
# nginx伺服器
[root@rocky8 ~]# chmod +x web_demo
[root@rocky8 ~]# ./web_demo
# 用戶端測試 11、開啟代理伺服器緩存功能(加速用戶端通路)
#代理伺服器:
[root@rocky8 conf.d]# vim /apps/nginx/conf/nginx.conf #主配置定義proxy_cache_path 緩存路徑
proxy_cache_path /data/nginx/proxycache levels=1:2:2 keys_zone=proxycache:20m inactive=120s max_size=1g;
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location /static {
proxy_pass http://www.b.org; #www.b.org(nginx伺服器)下邊要有static
proxy_cache proxycache;
proxy_cache_key $request_uri;
proxy_cache_valid 200 302 301 10m;
proxy_cache_valid any 5m;
}
}
# 用戶端測試:
[root@ubuntu2004 ~]#curl http://www.wang.org/static -L
/data/nginx/b/static
[root@ubuntu2004 ~]#ab -n 2000 -c 200 http://www.wang.org/static
# 代理伺服器檢視緩存目錄 12、添加響應封包頭部資訊
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location /static {
proxy_pass http://www.b.org;
proxy_cache proxycache;
proxy_cache_key $request_uri;
proxy_cache_valid 200 302 301 10m;
proxy_cache_valid any 5m;
add_header X-Via $server_addr; #目前nginx主機的IP
add_header X-Cache $upstream_cache_status; #緩存HIT,不是緩存MISS
add_header X-Accel $server_name; #客戶通路的FQDN
}
[root@rocky8 conf.d]# nginx -s reload
#用戶端驗證: 13、實作反向代理用戶端 IP 透傳
一級代理實作用戶端IP透傳
# 代理伺服器(10.0.0.8):
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location / {
proxy_pass http://10.0.0.18;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #添加用戶端IP和反向代理伺服器IP到請求封包頭部
}
}
[root@rocky8 conf.d]# nginx -s reload
# Web Server(10.0.0.18) Apache:
[root@rocky8 ~]# yum install -y httpd
[root@rocky8 ~]# vim /etc/httpd/conf/httpd.conf
#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined #注釋原有行,添加新行如下:
LogFormat "%{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
[root@rocky8 ~]# systemctl restart httpd 多級代理實作用戶端 IP 透傳
# 第一台porxy(10.0.0.8):
[root@rocky8 conf.d]# vim /apps/nginx/conf/nginx.conf #開啟日志格式,記錄x_forwarded_for
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
include /apps/nginx/conf/conf.d/*.conf;
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location / {
proxy_pass http://10.0.0.28;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #開啟日志格式,記錄x_forwarded_for
}
}
[root@rocky8 conf.d]# nginx -s reload
======================================
# 第二台porxy(10.0.0.28):
[root@rocky8 nginx]# vim /apps/nginx/conf/nginx.conf
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
server {
........
location / {
proxy_pass http://10.0.0.18;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
......
}
# 10.0.0.18的apache和一級IP透傳日志設定一樣
# 用戶端測試 14、使用 Nginx 反向代理功能解決跨域問題案例
# web伺服器啟動動态測試服務頁面(10.0.0.18)
[root@rocky8 ~]# ./web_demo 預設開啟一個hello頁面8080端口
===========================
#反向代理伺服器(10.0.0.8)
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location /hello { #設定通路hello轉至www.dayu.org:8080
proxy_pass http://www.dayu.org:8080; #這裡如果寫域名的話需要解析,如果寫IP位址就不需要
}
}
[root@rocky8 conf.d]# vim /etc/hosts #加上解析至www.dayu.org
10.0.0.18 www.dayu.org
[root@rocky8 conf.d]# vim /data/nginx/html/pc/cors.html #編輯需要有跨域資源的頁面
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Cross-origin resource sharing</title>
</head>
<body>
<script src="https://code.jquery.com/jquery-2.2.4.min.js"></script>
<script>
$.ajax({
url:'http://www.wang.org/hello', #指向自己
type:'get',
data:{},
success:function(res){
//res = JSON.parse(res);
console.log('請求成功',res)
},
error:function(er){
console.log('請求錯誤')
}
})
</script>
</body>
</html>
[root@rocky8 conf.d]# nginx -s reload
#用戶端測試 ![(Nginx)03_Nginx原理與優化一、Nginx原理二、master-workers機制三、面試題:[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)