Nginx常用配置

头像  YANGWW

2022-03-19 15:04:04

阅读 23

反向代理配置

server {
    listen 443 ssl http2;
    server_name test.com;
    charset utf-8;

    # SSL证书配置
    ssl_certificate /var/www/ssl/test.com;
    ssl_certificate_key /var/www/ssl/test.com.key;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;


    location / {

        # 跨域设置
        # 当HTTP请求状态码为40X、50X等时,Nginx默认不会设置跨域请求头;如下,在响应头字段后添加关键字always,用于告诉Nginx任何情况下都要添加响应头字段;
        add_header Access-Control-Allow-Origin * always;  # 动态跨域 
        add_header Access-Control-Allow-Methods * always;
        add_header Access-Control-Allow-Headers * always; # 允许所有请求头
        add_header Access-Control-Max-Age 3600 always;    # 预检命令的缓存,如果不缓存每次会发送两次请求
        # 请求为OPTIONS预检时,直接返回
        if ($request_method = OPTIONS ) {
            return 204;
        }
        
        # 安全相关 header
        # 禁止网站被嵌入到其它网页中,如:iframe、embed等,SAMEORIGIN表示该页面仅能在相同域名页面的iframe中展示
        add_header X-Frame-Options "SAMEORIGIN" always; 
        # 当检测到XSS攻击时阻止页面加载
        add_header X-XSS-Protection "1; mode=block" always;
        # 禁止请求类型为style和script时,但MIME类型却不为text/css和JavaScript的请求
        add_header X-Content-Type-Options "nosniff" always;

        proxy_pass http://127.0.0.1:8002;

        # 重新定义请求头,详见:https://www.cnblogs.com/kevingrace/p/8269955.html
        # 设置主机头和客户端真实地址,以便服务器获取客户端真实IP
        proxy_set_header Host $host; 
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        # 转发请求协议,如:http或https
        # 用来确定客户端与代理服务器或者负载均衡服务器之间的连接所采用的传输协议
        # 如果被代理的服务是http协议,此处若使用https协议也能访问,但速度会非常慢 
        # proxy_set_header X-Forwarded-Proto  $scheme;
    }

     # 防止爬虫抓取 
     if ($http_user_agent ~* "360Spider|JikeSpider|Spider|spider|bot|Bot|2345Explorer|curl|wget|webZIP|qihoobot|Baiduspider|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot|NSPlayer|bingbot") { 
          return 403; 
     }
}
server {
    listen 80;
    server_name test.com;
    return 301 https://$host$request_uri;
}


Vue项目配置(Linux)

server {
   listen 443 ssl http2;
   server_name test.com;
   charset utf-8;

   ssl_certificate /var/www/ssl/sidoc.cn;
   ssl_certificate_key /var/www/ssl/sidoc.cn.key;
   ssl_session_timeout 5m;
   ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_prefer_server_ciphers on;

   # 0.0> Vue项目1
   location / {        
      # 此处必须使用root
      root /var/www/html/common-statics/0-common-statics/dist;
      try_files $uri $uri/ /index.html last;
      index index.html;
   }

   # 0.0> Vue项目2
   location /vue-cli-study {        
      alias /var/www/html/common-statics/1-vue-cli-study/dist;
      try_files $uri $uri/ /index.html last;
      index index.html;
   }

   # 0.0> Vue项目3
   location /vue-quick-start-pc {        
      alias /var/www/html/common-statics/2-vue-quick-start-pc/dist;
      try_files $uri $uri/ /index.html last;
      index index.html;
   }

   # ....

}


Vue项目配置(Windows)





举报

© 著作权归作者所有

1