nginx常用配置
0
user nginx;
worker_processes 1;
pid /var/run/nginx.pid;
error_log /var/log/nginx/error.log warn;
events {
use epoll;
worker_connections 65536;
}
http {
include /etc/nginx/mime.types;
include /etc/nginx/conf.d/*.conf;
default_type application/octet-stream;
gzip on;
gzip_types text/xml image/x-icon text/javascript text/css text/plain image/gif image/jpeg image/png image/jpg application/json application/x-javascript image/svg+xml application/vnd.ms-fontobject application/x-font-ttf font/opentype font/x-woff;
gzip_min_length 1k;
log_format main '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main buffer=32k flush=10s;
sendfile on;
# tcp_nopush on;
server_tokens off;
keepalive_timeout 60;
client_max_body_size 4m;
fastcgi_intercept_errors on;
upstream acgist {
server localhost:8080;
}
server {
# listen 80 default;
listen 80 default_server;
return 301 https://www.acgist.com;
}
server {
listen 80;
listen 443 ssl;
server_name www.xiaohuangshu.com;
# rewrite (.*) https://www.acgist.com permanent;
return 301 https://www.acgist.com;
}
server {
listen 80;
listen 443 ssl;
server_name acgist.com;
return 301 https://www.acgist.com$request_uri;
}
server {
listen 80;
server_name www.acgist.com static.acgist.com svn.acgist.com;
# return 301 https://$server_name$request_uri;
return 301 https://$host$request_uri;
}
server {
# listen 80;
listen 443 ssl http2 default_server;
server_name www.acgist.com;
root /data/www/static;
# charset utf-8;
access_log /var/log/nginx/www.acgist.com.log main buffer=32k flush=10s;
error_page 403 /error;
error_page 404 /error;
# error_page 500 /error;
error_page 502 =503 /maintain.html;
# ssl on; # 新版废弃
ssl_certificate /data/ssl/www.acgist.com.pem;
ssl_certificate_key /data/ssl/www.acgist.com.key;
ssl_session_timeout 5m;
ssl_ciphers TLS13-AES-128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-CBC-SHA256:ECDHE-ECDSA-AES128-CBC-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
proxy_http_version 1.1;
proxy_set_header Connection close;
# proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
# proxy_set_header Host $host:$server_port;
# proxy_set_header X-Scheme $scheme;
proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Http-scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Server $host;
add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
location ~* /acgist\.(chat|video)/.* {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
keepalive_timeout 1200s;
proxy_read_timeout 1200s;
proxy_pass http://acgist;
}
location ~* \.(html)$ {
expires 30d;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
# access_log off;
tcp_nodelay off;
log_not_found off;
root /data/www/static;
}
location / {
proxy_pass http://acgist;
}
}
server {
listen 443 ssl http2;
server_name static.acgist.com;
root /data/www/static;
# charset utf-8;
access_log /var/log/nginx/static.acgist.com.log main buffer=32k flush=10s;
error_page 403 /resources/images/404.png;
error_page 404 /resources/images/404.png;
# ssl on;
ssl_certificate /data/ssl/static.acgist.com.pem;
ssl_certificate_key /data/ssl/static.acgist.com.key;
ssl_session_timeout 5m;
ssl_ciphers TLS13-AES-128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-CBC-SHA256:ECDHE-ECDSA-AES128-CBC-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
proxy_http_version 1.1;
proxy_set_header Connection close;
# proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
# proxy_set_header Host $host:$server_port;
# proxy_set_header X-Scheme $scheme;
proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Http-scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Server $host;
add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
location ~* \.(woff|eot|ttf|svg)$ {
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Headers X-Requested-With;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
}
location ~* \.(js|css|ico|png|jpg|gif|jpeg|mp3|mp4|woff|eot|ttf|svg|html)$ {
expires 30d;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
tcp_nodelay off;
log_not_found off;
root /data/www/static;
}
location / {
rewrite "^/$" https://www.acgist.com permanent;
}
}
}
server_name_in_redirect
目录自动添加斜杠结尾