Shulou(Shulou.com)06/02 Report--

This article mainly introduces the practical configuration skills of Nginx, which are introduced in great detail and have certain reference value. Friends who are interested must finish reading!

Configure multiple domain names for one site

Server {listen 80; server_name ops-coffee.cn b.opsripty.cn;}

Server_name can be followed by multiple domain names, separated by spaces

One service configures multiple sites

Server {listen 80; server_name a.opsMust.cn; location / {root / home/project/pa; index index.html;}} server {listen 80; server_name ops-coffee.cn b.opsmure.cn; location / {root / home/project/pb; index index.html;}} server {listen 80 Server_name c. Ops talk about ee.cn; location / {root / home/project/pc; index index.html;}}

Based on the implementation of Nginx virtual host configuration, Nginx has three types of virtual hosts

IP-based virtual hosts: you need to have multiple addresses on your server, and each site corresponds to a different address, which is rarely used.

Port-based virtual host: each site corresponds to a different port, which is accessed by ip:port. You can modify the port of listen to use it.

Domain name-based virtual hosting: the most widely used way. In the above example, domain name-based virtual hosts are used. The prerequisite is that you have multiple domain names corresponding to each site, and server_name can fill in different domain names.

Nginx add account password verification

Server {location / {auth_basic "please input user&passwd"; auth_basic_user_file key/auth.key;}}

Many services are accessed through nginx, but they do not provide account authentication, so you can use the authbase account password authentication provided by nginx to achieve this. You can use the following script to generate the account password

# cat pwd.pl #! / usr/bin/perl use strict; my $pw=$ARGV [0]; print crypt ($pw,$pw). "\ n"

How to use it:

# perl pwd.pl ops-coffee.cn opf8BImqCAXww # echo "admin:opf8BImqCAXww" > key/auth.key

Nginx opens the column directory

When you want nginx to exist as a file download server, you need to open the nginx column directory

Server {location download {autoindex on; autoindex_exact_size off; autoindex_localtime on;}}

Autoindex_exact_size: displays the exact size of the file when it is on (default). The unit is changed from byte; to off to show the approximate size of the file, in KB or MB or GB.

Autoindex_localtime: the file time displayed when off (default) is GMT time; when changed to on, the file time displayed is server time

By default, the contents of the files are displayed in the browser when you access the listed files such as txt. If you want the browser to download them directly, add the following configuration

If ($request_filename ~ * ^. *?\. (txt | pdf | jpg | png) $) {add_header Content-Disposition 'attachment';}

Configure the default site

Server {listen 80 default;}

When multiple virtual hosts are created on a nginx service, they will be searched from top to bottom by default. If they do not match, the contents of * virtual hosts will be returned. If you want to specify a default site, you can put the virtual hosts of this site in the location of * virtual hosts in the configuration file, or configure listen default on the virtual hosts of this site.

Access through IP is not allowed

Server {listen 80 default; server_name _; return 404;}

There may be some undocumented domain names or domain names that you do not want to point the server address to your server, which will have a certain impact on your site. You need to prohibit access to IP or unconfigured domain names. We use the default rules mentioned above to transfer the default traffic to 404.

The above method is relatively rough, of course, you can also configure all unconfigured addresses to be redirected to your website directly when visiting 301, and it can also bring some traffic to your website.

Server {rewrite ^ / (. *) $https://ops-coffee.cn/$1 permanent;}

Return directly to the verification file

Location = / XDFyle6tNA.txt {default_type text/plain; return 200d6296a84657eb275c05c31b10924f6eakeeper;}

Many times, programs such as Wechat require us to put a txt file into the project to verify the project ownership. We can modify the nginx directly in this way, without actually putting the file on the server.

Nginx configure upstream reverse proxy

Http {... Upstream tomcats {server 192.168.106.176 weight=1; server 192.168.106.177 weight=1;} server {location / ops-coffee/ {proxy_pass http://tomcats; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for Proxy_set_header X-Forwarded-Proto $scheme;}

If you don't pay attention, you may fall into the trap of adding proxy_pass bars without adding bars. Here's the difference between proxy_pass http://tomcats and proxy_pass http://tomcats/:

Although it is only one / difference, the result is very different. It is divided into the following two situations:

1. There is no uri (proxy_pass http://tomcats)) in the destination address. At this point, in the new target url, the matching uri part remains unchanged and is what it used to be.

Location / ops-coffee/ {proxy_pass http://192.168.106.135:8181;} http://domain/ops-coffee/-- > http://192.168.106.135:8181/ops-coffee/ http://domain/ops-coffee/action/abc-- > http://192.168.106.135:8181/ops-coffee/action/abc

two。 The destination address contains uri (proxy_pass http://tomcats/ url / is also uri), and the matching uri part of the new destination url will be modified to the uri in this parameter.

Location / ops-coffee/ {proxy_pass http://192.168.106.135:8181/;} http://domain/ops-coffee/-- > http://192.168.106.135:8181 http://domain/ops-coffee/action/abc-- > http://192.168.106.135:8181/action/abc

Nginx upstream enables keepalive

Upstream tomcat {server ops-coffee.cn:8080; keepalive 1024;} server {location / {proxy_http_version 1.1; proxy_set_header Connection "; proxy_pass http://tomcat;}}

Nginx is used as a reverse proxy in most cases in the project, such as nginx followed by tomcat,nginx followed by php, etc. When we enable keepalive between nginx and back-end services, we can reduce the resource consumption caused by frequent creation of TCP connections, as above

Keepalive: specifies that the number of * connections that can be maintained by each nginxworker is 1024, which is not set by default, that is, keepalive does not take effect when nginx is used as client.

Proxy_http_version 1.1: enabling keepalive requires the HTTP protocol version to be HTTP 1.1

Proxy_set_header Connection "": in order to be compatible with the old protocols and to prevent keepalive failure caused by Connection close in the http header, the Connection in the HTTP header needs to be cleared in time.

404 automatically jumps to the home page

Server {location / {error_page 404 = @ ops-coffee;} location @ ops-coffee {rewrite. * / permanent;}}

The appearance of 404 pages on the website is not very friendly. Through the above configuration, we can automatically jump to the front page after 404 appears.

These are all the contents of the article "what are the practical configuration techniques for Nginx". Thank you for reading! Hope to share the content to help you, more related knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.