今天跟我一起折腾一下nginx服务器,首先简单介绍一下nginx服务器
NGINX
nginx作为web服务器,可以使用反向代理、负载均衡、邮件代理;大多数使用nginx的场景是反向代理和负载均衡
背景介绍
vue+springboot项目
http转变https
有一个端口做转接,反向代理不同后段端口
完整的nginx.conf配置文件如下,添加注释的地方基本都需要根据自己的场景相对应的修改
user www-data; worker_processes auto; pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf; events { worker_connections 768; # multi_accept on; } http { # 关闭服务器版本信息 server_tokens off; # 负载,此处做的不同服务器8081的负载 upstream upserver { server tomcat1:8081; server tomcat2:8081; } ## # Basic Settings ## sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; # server_tokens off; # server_names_hash_bucket_size 64; # server_name_in_redirect off; include /etc/nginx/mime.types; default_type application/octet-stream; ## # SSL Settings ## ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE ssl_prefer_server_ciphers on; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; ## # Gzip Settings ## gzip on; include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; server { listen 80; server_name 域名; #此处做if判断,拦截所有非域名访问的url,返回403;此处配置方式是拦截所有url放行域名的配置方式之一 if ($host != '域名'){ return 403; } ssl on; root /www; index index.nginx-debian.html index.html index.htm; ssl_certificate test.com.pem;# 生成的ssl.pem ssl_certificate_key test.com.key;# 生成的ssl.key ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location /{ index index.html; try_files $uri $uri/ /index.html; } } server { listen 8230; server_name 域名; if ($host != '域名'){ return 403; } # 开启ssl ssl on; root /www; index index.nginx-debian.html index.html index.htm; ssl_certificate test.com.pem; # ssl.pem ssl_certificate_key test.com.key;# ssl.pem ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location /{ index index.html; # 防止vue 项目history模式下刷新页面404 try_files $uri $uri/ /index.html; } # 针对/ws url开头的做特殊处理 location /ws { proxy_pass http://upserver; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Port $Server_port; proxy_set_header X-Forwarded-Proto $scheme; proxy_http_version 1.1; # 配置websocket使用的请求头 proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } # 针对/api开头的url做特殊处理 location /api { proxy_pass http://apiserver; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Port $Server_port; proxy_set_header X-Forwarded-Proto $scheme; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } } }
技术点
反向代理
location /ws { #反向代理地址 此处ddupserver是上方配置的负载均衡服务器 proxy_pass http://upserver; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Port $Server_port; proxy_set_header X-Forwarded-Proto $scheme; proxy_http_version 1.1; # 配置websocket使用的请求头 proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; }
ssl证书
server节点中配置我们生成证书的路径,可以是绝对路径
ssl_certificate test.com.pem; # ssl.pem ssl_certificate_key test.com.key;# ssl.pem
websocket链接nginx配置
# 配置websocket使用的请求头 proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade";
websocket链接,https
前端链接websocket要使用wss:// 不能使用ws://
vue项目history模式使用nginx部署404
location /{ index index.html; try_files $uri $uri/ /index.html; }
