代理设置ip限制
location / {
#放开某个主机
allow 127.0.0.2;
allow 127.0.0.3;
#限制所有主机
deny all;
proxy_http_version 1.1;
proxy_set_header Connection "keep-alive";
proxy_set_header X-Real-IP $remote_addr;
if (!-f $request_filename) {
proxy_pass http://127.0.0.1:9999;
}
}
负载均衡
upstream xxxxxxx {
# weight权重
server 127.0.0.1:9911 weight=1;
server 127.0.0.1:9912 weight=2;
server 127.0.0.1:9913 weight=7;
}
server
{
listen 80;
server_name test.xxx.com;
index index.php index.html index.htm default.php default.htm default.html;
root /www/xxx/xxx;
location / {
proxy_pass http://xxxxxxx;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Connection "keep-alive";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
代理到php-fpm
server
{
listen 80;
server_name test.xxx.com;
index index.php index.html index.htm default.php default.htm default.html;
root /www/xxx/xxx;
location / {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
代理指定路由
# /xx/xx url的后缀
location = /xx/xx {
proxy_http_version 1.1;
proxy_set_header Connection "keep-alive";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://api.xxx.com/xx/xx/xx;
break;
}
重写路由
# 重写到其他服务会导致post请求方式变get 可以使用如上代理方式
location / {
rewrite ^/xxx?(.*) /index.php?c=speech&m=index&$1 last;
rewrite ^/xxx http://xxx.com/xxx/xx/index last;
}
代理静态文件
location ^~/dist/{
alias /www/xxx/static/;
}
location ^~/xxx/dist/{
alias /www/xxx/static/;
}
代理指定服务API、websocket
location /api/ {
# 将客户端的 Host 和 IP 信息一并转发到对应节点
proxy_http_version 1.1;
proxy_set_header Connection "keep-alive";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
if (!-f $request_filename) {
proxy_pass http://127.0.0.1:8801;
}
}
location /ws/ {
proxy_redirect off;
proxy_pass http://127.0.0.1:8802/;
proxy_set_header Host $host;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; # 升级协议头
proxy_set_header Connection upgrade;
}
不同前缀 代理到同一个服务
location ~ (/api|/admin) {
# 将客户端的 Host 和 IP 信息一并转发到对应节点
proxy_http_version 1.1;
proxy_set_header Connection "keep-alive";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
if (!-f $request_filename) {
proxy_pass http://127.0.0.1:8801;
}
}
处理跨域
location ~ (/api|/admin) {
if ($request_method = 'OPTIONS') {
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS, DELETE';
add_header Access-Control-Allow-Headers 'DNT,Keep-Alive,User-Agent,Cache-Control,Content-Type,Authorization,X-Token';
return 204;
}
# 将客户端的 Host 和 IP 信息一并转发到对应节点
proxy_http_version 1.1;
proxy_set_header Connection "keep-alive";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
if (!-f $request_filename) {
proxy_pass http://127.0.0.1:8801;
}
}
设置https证书
server
{
listen 80;
listen 443 ssl http2;
server_name xxx.putyy.com;
.....
ssl_certificate /www/cert/fullchain.pem;
ssl_certificate_key /www/cert/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
error_page 497 https://$host$request_uri;
......
}
替换内容
# 比如替换掉响应中指定url
sub_filter 'https://s.xxx.cn/assets/' 'https://s-xxx-cdn.xxx.cn/assets/';
sub_filter_once off;
