| by suyi | No comments

nginx配置

1、登录服务器使用upstream负载均衡

upstream  login-server {
    server 192.168.2.114:8000;
    server 192.168.2.112:8000;
}

server {
    server_name login-server.test.com;
    listen 80;
    location / {
       proxy_pass http://login-server;
       proxy_set_header Host $host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header REMOTE-HOST $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     }

     access_log  /opt/log/nginx/login-server.test.com.log ;
}

server {
     listen 443 ssl;
     server_name login-server.test.com;
     ssl_certificate  /usr/local/nginx/conf/server.com.pem;
     ssl_certificate_key  /usr/local/nginx/conf/server.com.key;
     location / {
         proxy_pass http://login-server;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header REMOTE-HOST $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
     access_log /opt/log/nginx/login-server.test.com.log ;
}

2 、 请求客服端链接配置

server {
    listen  80;
    server_name   client-server.test.com client-server2.test.com ;
    root    /opt/www/client/;
    index  index.html index.htm;

    location ~ .*\.(jpg|png|jpeg)$ {
        add_header 'Access-Control-Allow-Method' POST,GET;
        add_header 'Access-Control-Allow-Origin' "*";
        add_header 'Access-Control-Allow-Credentials' 'true';
        add_header Access-Control-Allow-Headers content-type;
        expires 30d;
    }

    location / {
        add_header 'Access-Control-Allow-Method' POST,GET;
        add_header 'Access-Control-Allow-Origin' "*";
        add_header 'Access-Control-Allow-Credentials' 'true';
        add_header Access-Control-Allow-Headers content-type;
        expires 7d;
    }

    access_log  /opt/log/nginx/client-server.test.com.log;
}

server {
    listen  443 ssl;
    server_name    client-server.test.com client-server2.test.com;
    ssl_certificate  /usr/local/nginx/conf/server.com.pem;
    ssl_certificate_key  /usr/local/nginx/conf/server.com.key;
    root    /opt/www/client/;
    index  index.html index.htm;

    location ~ .*\.(jpg|png|jpeg)$ {
        add_header 'Access-Control-Allow-Method' POST,GET;
        add_header 'Access-Control-Allow-Origin' "*";
        add_header 'Access-Control-Allow-Credentials' 'true';
        add_header Access-Control-Allow-Headers content-type;
        expires 30d;
    }

    location / {
        add_header 'Access-Control-Allow-Method' POST,GET;
        add_header 'Access-Control-Allow-Origin' "*";
        add_header 'Access-Control-Allow-Credentials' 'true';
        add_header Access-Control-Allow-Headers content-type;
        expires 7d;
    }

    access_log  /opt/log/nginx/client-server.test.com.log;
   }

3、客服端请求服务器https转为http

server {
    server_name client-to-server.test.com;
    listen 80;
    location / {
        if ($arg_host = ""){
            return 404;
         }
         proxy_pass http://$arg_host:$arg_port;
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";
         proxy_read_timeout 1800;
     }
    access_log  /opt/log/nginx/client-to-server.com.log;
}

server {
    server_name client-to-server.test.com;
    listen 443 ssl;
    ssl_certificate  /usr/local/nginx/conf/server.com.pem;
    ssl_certificate_key  /usr/local/nginx/conf/server.com.key;
    location / {
          if ($arg_host = ""){
              return 404;
          }
         proxy_pass http://$arg_host:$arg_port;
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";
        proxy_read_timeout 1800;
    }
    access_log  /opt/log/nginx/client-to-server.com.log;
}

发表评论