nginx常用配置

最简洁配置

user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
	worker_connections 768;
	# multi_accept on;
}
http {
# Basic Settings
# 做了最简单的一个静态代理
	server {
		  listen       80;
		  server_name  www.azhangbaobao.cn;
		  location / {
		      root   /home/ubuntu/课件/爬虫课件;
		      index  index.html;
		    }
	    }
	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
	# server_tokens off;
	# server_names_hash_bucket_size 64;
	# server_name_in_redirect off;
	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	##
	# Gzip Settings
	##

	gzip on;
	gzip_disable "msie6";

	# gzip_vary on;
	# gzip_proxied any;
	# gzip_comp_level 6;
	# gzip_buffers 16 8k;
	# gzip_http_version 1.1;
	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

	##
	# Virtual Host Configs
	##
	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;
}
    
#mail {
#	# See sample authentication script at:
#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
#	# auth_http localhost/auth.php;
#	# pop3_capabilities "TOP" "USER";
#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
#
#	server {
#		listen     localhost:110;
#		protocol   pop3;
#		proxy      on;
#	}
#
#	server {
#		listen     localhost:143;
#		protocol   imap;
#		proxy      on;
#	}
#}

静态文件代理

# 在http下面
	server {
		  listen       80;
		  server_name  www.azhangbaobao.cn;
		  location / {
		      root   /home/ubuntu/课件/爬虫课件;
		      index  index.html;
		    }
	    }

端口转发

 server {
        listen 80;
        server_name wx.cheungchan.cc;
        location / {
            proxy_pass http://127.0.0.1:8001;
        }
   }

配置https, 并把http自动重定向到https

http {
  server {
  listen 80;
  server_name www.azhangbaobao.cn;
  rewrite ^/(.*) https://$server_name$1 permanent;    #跳转到Https
  }
  server {
        listen       443;
        server_name  www.azhangbaobao.cn;
        ssl on;
        ssl_certificate /home/ubuntu/证书/1_www.azhangbaobao.cn_bundle.crt;
        ssl_certificate_key /home/ubuntu/证书/2_www.azhangbaobao.cn.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
        ssl_prefer_server_ciphers on;
        location / {
            root   /home/ubuntu/scrapy-master;
            index  index.html;
        }
     }
}

##
# SSL Settings
##

ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;

配置允许跨域

server {
		  listen       8087;
		  server_name  www.azhangbaobao.cn;
		  location / {
		      root   /home/ubuntu/课件/DRF框架讲义;
		      index  index.html;
		  }
   		add_header Access-Control-Allow-Origin *;
      add_header Access-Control-Allow-Headers X-Requested-With;
      add_header Access-Control-Allow-Methods GET,POST;
	  }

代理特定文件

  location /.well-known/pki-validation/ {
        proxy_pass http://127.0.0.1:7999;
   }

防止应用里面获取的服务端地址是127.0.0.1:8000

 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;

上篇ssh端口转发

下篇go语言实现视频上传下载