nginx基础配置及反向代理配置

一个完整示例:

server {
    listen 8080;
    server_name 123.123.123.123;
    root /home/myname/work/business/dist;

    index index.html index.php;
    access_log   /var/log/nginx/access_erp.log;
    error_log   /var/log/nginx/error_erp.log;
    client_max_body_size 8M;
    client_body_buffer_size 128k;
    
    ssl on;
    ssl_certificate   /etc/nginx/cert/4242434_abc.cn.pem;
    ssl_certificate_key  /etc/nginx/cert/532q432543_abc.cn.key;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;

    location ^~ /m/ {
        alias /home/myname/work/business/dist/;
        try_files $uri $uri/ /index.html =404;
        index index.html;
    }

    location /express/ {
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';

        proxy_pass http://tpdoc.cn:3001/;
    }
}

1.server_name:

可以是域名,如:abc.com;也可以是ip,如:123.123.123.123

2.listen:

监听端口,如8080;(注:阿里云上使用端口前需要在阿里云后太安全组中添加要使用的端口,之后才可以在配置中使用,否则端口不可用)

3.root:

访问ip+端口 所指向的本机的文件夹地址,如: /home/myname/work/business/dist

4.location:

配置反向代理的当前位置,具体如下,一般常用的有两种反向代理模式,如下;

1.反向代理到本机器上的文件夹中:

上面示例, 访问http://123.123.123.123:8080/m 就会指向 /home/myname/work/business/dist/ 本机文件夹,包括文件夹下的静态资源;如下:
location ^~ /m/ {
         alias /home/myname/work/business/dist/;
         try_files $uri $uri/ /index.html =404;
         index index.html;

}
但是如果将前面的 ^~ 去掉,就不能访问文件夹下的静态资源,会出现404的问题。这是个坑,如下:
location /m/ {
     alias /home/myname/work/business/dist/;
     try_files $uri $uri/ /index.html =404;
     index index.html;

}

2.反向代理到其他服务器上:

location /snowApi/ {
    proxy_pass http://abchaha.cn:8080/;
}
此配置意义为:http://123.123.123.123:8080/snowApi 访问的是 http://abchaha.cn:8080 下的文件

5.增加接口允许跨域访问配置

location /express/ {
    add_header 'Access-Control-Allow-Origin' '*';
    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
    add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';

    proxy_pass http://tpdoc.cn:3001/;
}

8.https证书配置(需先申请免费的活购买花钱的ssl正式)

申请后会得到一个.pem后缀的文件和一个.key后缀的文件,将这两个文件上传到服务器上,之后如下方ssl开头的一些列配置那样配置到nginx配置文件中;如:

server {
    listen 8080;
    server_name 123.123.123.123;
    root /home/caofanghui/work/business/dist;

    index index.html index.php;
    access_log   /var/log/nginx/access_erp.log;
    error_log   /var/log/nginx/error_erp.log;
    client_max_body_size 8M;
    client_body_buffer_size 128k;

    ssl on;
    ssl_certificate   /etc/nginx/cert/4242434_abc.cn.pem;
    ssl_certificate_key   /etc/nginx/cert/532q432543_abc.cn.key;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;

    location ^~ /m/ {
         alias /home/myname/work/business/dist/;
         try_files $uri $uri/ /index.html =404;
         index index.html;

    }
}

结束!

你可能感兴趣的:(nginx基础配置及反向代理配置)