如何配置nginx实现http和https代理

如何配置nginx实现http和https代理

安装与使用

nginx官网下载地址:http://nginx.org,发布版本分为 Linux 和 windows 版本。

从源代码编译 Nginx

把源码解压缩之后,在终端里运行如下命令:

# 先执行配置
./configure

# 再执行编译
make

# 最后执行安装
sudo make install

# 也可以一次性执行编译和安装
sudo make & make install

默认情况下,Nginx 会被安装在 /usr/local/nginx。通过设定编译选项,你可以改变这个设定。

使用

常用到的命令如下:

1.快速关闭Nginx,可能不保存相关信息,并迅速终止web服务。

nginx -s stop

2.平稳关闭Nginx,保存相关信息,有安排的结束web服务。

nginx -s quit 

3.因改变了Nginx相关配置,需要重新加载配置而重载。

nginx -s reload

4.重新打开日志文件。

nginx -s reopen

5.为 Nginx 指定一个配置文件,来代替缺省的。

nginx -c filename

6.不运行,而仅仅测试配置文件。nginx 将检查配置文件的语法的正确性,并尝试打开配置文件中所引用到的文件。

nginx -t

7.显示 nginx 的版本。

nginx -v

8.显示 nginx 的版本,编译器版本和配置参数。

nginx -V

如果不想每次都敲命令,可以在nginx安装目录下新添一个启动批处理文件startup.bat,双击即可运行。

配置样例

全局配置

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    tcp_nopush      on;
    tcp_nodelay     on;
    keepalive_timeout  65;

    gzip  on;
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_buffers 16 8k;
    gzip_http_version 1.1;
    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml;

    include /etc/nginx/conf.d/*.conf;
}

default.conf 配置:

http请求的配置样例

upstream gateway_upstream {
  server 127.0.0.1:8760 fail_timeout=0;
}
upstream jenkins_upstream {
  server 127.0.0.1:8080 fail_timeout=0;
}

server {
    listen       80;
    server_name  localhost;    #没有域名就写localhost

    #charset koi8-r;
    #access_log  /var/log/nginx/host.access.log  main;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # proxy the jenkins scripts to Apache listening on 127.0.0.1:8080
    #
    location /jenkins {
        proxy_pass   http://jenkins_upstream/jenkins;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    location ^~ /api/ {
        proxy_pass   http://gateway_upstream/;
        proxy_set_header Host $host;
#       proxy_set_header X-Real-IP $remote_addr;
#       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

}

https请求配置样例

server {
    listen      80;
    listen  [::]:80;
    server_name  abeille.top www.abeille.top;  # 域名

    #charset koi8-r;
    #access_log  /var/log/nginx/host.access.log  main;

    # redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
    return 301 https://$host$request_uri;
}

upstream jenkins_upstream {
  server 127.0.0.1:8080 fail_timeout=0;
}

upstream gateway_upstream {
  server 127.0.0.1:8760 fail_timeout=0;
}

server {
    listen         443 default ssl http2;
    listen         [::]:443 default ssl http2;
    server_name    abeille.top www.abeille.top;  # 域名

    ssl_certificate     3020795_www.abeille.top.pem;   # 证书,放置路径再/etc/nginx下
    ssl_certificate_key 3020795_www.abeille.top.key;   # 证书的密钥
    ssl_session_timeout 5m;

    ssl_session_cache  shared:MozSSL:10m;  # about 40000 sessions

    # modern configuration
    ssl_protocols TLSv1.3;
    ssl_prefer_server_ciphers off;

    add_header Strict-Transport-Security "max-age=63072000" always;  # HSTS策略
    add_header X-Frame-Options DENY;          # 减少点击劫持
    add_header X-Content-Type-Options nosniff;         #禁止服务器自动解析资源类型
    add_header X-Xss-Protection 1;                #防XSS攻击

    # OCSP stapling
    ssl_stapling on;
    ssl_stapling_verify on;

    error_page   500 502 503 504  /50x.html;    # 错误页50x
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    location ^~ /jenkins {
        proxy_pass              http://jenkins_upstream/jenkins;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    location ^~ /api/ {        # 这里的配置/api/前缀会在匹配后忽略掉,但是需要配合proxy_pass设置,在路径后添加"/"后缀
        proxy_pass       http://gateway_upstream/;
        proxy_set_header Host $host;      # 这个配置必须添加,否则会出现nginx 400
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    location / {
        root   /usr/share/nginx/dist;
        index  index.html index.htm;
        try_files $uri $uri/ /index.html last;  # 解决vue路由再刷新404
    }
}

最后推荐一个常用的nginx配置生成的网站:https://www.digitalocean.com/community/tools/nginx?global.app.lang=zhCN