nginx常用配置

0

user             nginx;
worker_processes 1;

pid       /var/run/nginx.pid;
error_log /var/log/nginx/error.log warn;

events {
    use                epoll;
    worker_connections 65536;
}

http {
    include      /etc/nginx/mime.types;
    include      /etc/nginx/conf.d/*.conf;
    default_type application/octet-stream;

    gzip            on;
    gzip_types      text/xml image/x-icon text/javascript text/css text/plain image/gif image/jpeg image/png image/jpg application/json application/x-javascript image/svg+xml application/vnd.ms-fontobject application/x-font-ttf font/opentype font/x-woff;
    gzip_min_length 1k;

    log_format main '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for"';
    access_log /var/log/nginx/access.log main buffer=32k flush=10s;

    sendfile                 on;
#   tcp_nopush               on;
    server_tokens            off;
    keepalive_timeout        60;
    client_max_body_size     4m;
    fastcgi_intercept_errors on;

    upstream acgist {
        server localhost:8080;
    }

    server {
#       listen 80  default;
        listen 80  default_server;
        return 301 https://www.acgist.com;
    }

    server {
        listen      80;
        listen      443 ssl;
        server_name www.xiaohuangshu.com;
#       rewrite     (.*) https://www.acgist.com permanent;
        return      301  https://www.acgist.com;
    }
    
    server {
        listen      80;
        listen      443 ssl;
        server_name acgist.com;
        return      301 https://www.acgist.com$request_uri;
    }

    server {
        listen      80;
        server_name www.acgist.com static.acgist.com svn.acgist.com;
#       return     301 https://$server_name$request_uri;
        return     301 https://$host$request_uri;
    }

    server {
#       listen      80;
        listen      443 ssl http2 default_server;
        server_name www.acgist.com;
        root        /data/www/static;
#       charset     utf-8;

        access_log /var/log/nginx/www.acgist.com.log main buffer=32k flush=10s;

        error_page 403 /error;
        error_page 404 /error;
#       error_page 500 /error;
        error_page 502 =503 /maintain.html;

#       ssl on; # 新版废弃
        ssl_certificate /data/ssl/www.acgist.com.pem;
        ssl_certificate_key /data/ssl/www.acgist.com.key;
        ssl_session_timeout 5m;
        ssl_ciphers TLS13-AES-128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-CBC-SHA256:ECDHE-ECDSA-AES128-CBC-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_prefer_server_ciphers on;

        proxy_http_version 1.1;
        proxy_set_header   Connection         close;
#       proxy_set_header   Connection         keep-alive;
        proxy_set_header   Host               $host;
#       proxy_set_header   Host               $host:$server_port;
#       proxy_set_header   X-Scheme           $scheme;
        proxy_set_header   X-Real-IP          $remote_addr;
#       proxy_set_header   X-Http-scheme      $scheme;
        proxy_set_header   X-Forwarded-For    $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Host   $host;
        proxy_set_header   X-Forwarded-Proto  $scheme;
        proxy_set_header   X-Forwarded-Server $host;

        add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";

        location ~* /acgist\.(chat|video)/.* {
            proxy_set_header   Upgrade    $http_upgrade;
            proxy_set_header   Connection "Upgrade";
            keepalive_timeout  1200s;
            proxy_read_timeout 1200s;
            proxy_pass         http://acgist;
        }

        location ~* \.(html)$ {
            expires       30d;
            add_header    Pragma public;
            add_header    Cache-Control "public, must-revalidate, proxy-revalidate";
#           access_log    off;
            tcp_nodelay   off;
            log_not_found off;
            root          /data/www/static;
        }

        location / {
            proxy_pass http://acgist;
        }
    }
    
    server {
        listen      443 ssl http2;
        server_name static.acgist.com;
        root        /data/www/static;
#       charset     utf-8;

        access_log /var/log/nginx/static.acgist.com.log main buffer=32k flush=10s;

        error_page 403 /resources/images/404.png;
        error_page 404 /resources/images/404.png;
            
#       ssl on;
        ssl_certificate /data/ssl/static.acgist.com.pem;
        ssl_certificate_key /data/ssl/static.acgist.com.key;
        ssl_session_timeout 5m;
        ssl_ciphers TLS13-AES-128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-CBC-SHA256:ECDHE-ECDSA-AES128-CBC-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_prefer_server_ciphers on;

        proxy_http_version 1.1;
        proxy_set_header   Connection         close;
#       proxy_set_header   Connection         keep-alive;
        proxy_set_header   Host               $host;
#       proxy_set_header   Host               $host:$server_port;
#       proxy_set_header   X-Scheme           $scheme;
        proxy_set_header   X-Real-IP          $remote_addr;
#       proxy_set_header   X-Http-scheme      $scheme;
        proxy_set_header   X-Forwarded-For    $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Host   $host;
        proxy_set_header   X-Forwarded-Proto  $scheme;
        proxy_set_header   X-Forwarded-Server $host;
        
        add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
        
        location ~* \.(woff|eot|ttf|svg)$ {
            add_header Access-Control-Allow-Origin  *;
            add_header Access-Control-Allow-Headers X-Requested-With;
            add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
        }

        location ~* \.(js|css|ico|png|jpg|gif|jpeg|mp3|mp4|woff|eot|ttf|svg|html)$ {
            expires       30d;
            add_header    Pragma public;
            add_header    Cache-Control "public, must-revalidate, proxy-revalidate";
            tcp_nodelay   off;
            log_not_found off;
            root          /data/www/static;
        }

        location / {
            rewrite "^/$" https://www.acgist.com permanent;
        }
    }

}