Nginx中间件配置

概要

• 用于Linux服务器，Nginx中间件搭建。

相关内容

• 配置涵盖域名配置，TLS配置，及配置安全的加密算法，处理跨域问题，请求头问题等

技术细节

nginx.conf 配置文件

user  root;
worker_processes  2;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
    worker_connections 10000;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    server_tokens off;
    server_names_hash_bucket_size 128;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 64k;
    client_max_body_size 50m;
    sendfile on;
    tcp_nopush  on;
    tcp_nodelay on;
    keepalive_timeout 80;
    fastcgi_connect_timeout 300;
    fastcgi_send_timeout 300;
    fastcgi_read_timeout 300;
    fastcgi_buffer_size 64k;
    fastcgi_buffers 4 64k;
    fastcgi_busy_buffers_size 128k;
    fastcgi_temp_file_write_size 256k;
	proxy_buffer_size 64k;
	proxy_buffers   4 32k;
	proxy_busy_buffers_size 64k;
    gzip on;
    gzip_min_length  1k;
    gzip_buffers     4 16k;
    gzip_http_version 1.0;
    gzip_comp_level 2;
    gzip_types       text/plain application/x-javascript text/css application/xml;
    gzip_vary on;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

	upstream business_server {
		#ip_hash;
		server localhost:8080 weight=10 max_conns=10000 max_fails=3 fail_timeout=15;
		server localhost:8081 weight=10 max_conns=10000 max_fails=3 fail_timeout=15;
		server localhost:8082 weight=10 max_conns=10000 max_fails=3 fail_timeout=15;
	}

    server {
        add_header X-XSS-Protection 1;
		add_header Set-Cookie "Path=/; HttpOnly; Secure";
        listen 443 ssl;   #SSL协议访问端口号为443。此处如未添加ssl，可能会造成Nginx无法启动。
		server_name www.business.com;  #将localhost修改为您证书绑定的域名，例如：www.business.com。
		root html;
		index index.html index.htm;
        ssl_certificate      /app/business/www.business.com.pem;
        ssl_certificate_key  /app/business/www.business.com.key;
		ssl_session_timeout 5m;
		ssl_protocols TLSv1.2;
		ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA;
		ssl_prefer_server_ciphers on;

		client_max_body_size 1024M;

		location / {
			root html;
			index index.html index.htm;
		}
		error_page   500 502 503 504  /50x.html;
		location = /50x.html {
        	root   /usr/share/nginx/html;
		}

		#访问地址方式一
		location  /business-pc/ {
			add_header Access-Control-Allow-Origin *;
			alias   /app/business-pc/;
        }
		#访问地址方式二
		location  /business-pc/ {
			add_header Access-Control-Allow-Origin http://192.168.0.1;
			add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
			add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
			if ($request_method = 'OPTIONS') {
				return 204;
			}
			add_header X-Frame-Options SAMEORIGIN;
			add_header Content-Security-Policy "worker-src 'self'";
			add_header X-Content-Type-Options nosniff;
			alias   /app/business-pc/;
		}
		
		#访问接口
		location /business-web{
        	access_log /etc/nginx/logs/business-web.log;
	        proxy_pass             http://business_server/business-web;
	        proxy_set_header   Host             $host;
	        proxy_set_header   X-Real-IP        $remote_addr;
	        proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
		}

    }

}

链接

下载链接：https://download.csdn.net/download/qq_38254635/89532087

OK，就这些吧。
有什么不对的还望指正，书写不易，觉得有帮助就点个赞吧！☺☺☺