114 字
1 分钟
Nginx 常用配置速查
安装
apt install -y nginxsystemctl start nginxsystemctl enable nginxnginx -t一、静态站点 / Vue SPA
server { listen 80; server_name example.com; root /opt/app/dist; index index.html;
location / { try_files $uri $uri/ /index.html; }
location /api/ { proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1:8080/; }}二、SSL / HTTPS
server { listen 80; server_name example.com; return 301 https://$host$request_uri;}
server { listen 443 ssl http2; server_name example.com;
ssl_certificate /opt/cert/example.com.pem; ssl_certificate_key /opt/cert/example.com.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:!MD5; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; add_header Strict-Transport-Security "max-age=31536000" always;
root /opt/app/dist; index index.html;
location / { try_files $uri $uri/ /index.html; }
location /api/ { proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1:8080/; }}三、反向代理服务
server { listen 80; server_name app.example.com;
location / { proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_connect_timeout 60s; proxy_send_timeout 600s; proxy_read_timeout 600s; proxy_pass http://127.0.0.1:3000; }}四、WebSocket 代理
map $http_upgrade $connection_upgrade { default upgrade; '' close;}
server { listen 80; server_name ws.example.com;
location / { proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_connect_timeout 60s; proxy_read_timeout 3600s; proxy_pass http://127.0.0.1:3001; }}五、MinIO 反向代理
MinIO 签名验证依赖 Host 头,必须正确透传,否则出现签名不匹配错误:
server { listen 9000; server_name minio.example.com; client_max_body_size 0;
location / { proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://127.0.0.1:9001; }}六、TCP 流量转发(stream 模块)
适用于转发 MySQL、Redis 等 TCP 服务,stream 块与 http 块同级:
stream { server { listen 13306; proxy_connect_timeout 1s; proxy_timeout 300s; proxy_pass 192.168.1.20:3306; }}
http { # ...}NOTE使用 stream 模块前需确认编译时包含了该模块:
分享
如果这篇文章对你有帮助,欢迎分享给更多人!
相关文章 智能推荐
1
Nginx 使用 sub_filter 注入自定义 HTML 标签
服务与应用运维 通过 Nginx 的 ngx_http_sub_module 模块,在反向代理响应中注入自定义 JS、CSS 或 HTML 标签,适用于无法修改源码的第三方页面定制场景。
2
CentOS 安装 Nginx 及生产环境配置指南
服务与应用运维 介绍在 CentOS 上通过 YUM 安装 Nginx,并整理多站点、SSL、反向代理、Stream TCP 代理等常用生产配置模板。
3
Docker 配置私服自签名证书信任
虚拟化与容器 介绍如何在 Linux 和 Windows 客户端上配置 Docker 信任私有镜像仓库的自签名 SSL 证书,解决拉取推送时的证书验证失败问题。
4
跳过登录弹框:实现 Basic Auth 自动授权
技术插曲与避坑 详解如何通过 URL 传参、Nginx 反向代理注入 Header 以及浏览器插件等方式,实现对 Basic Auth 认证站点的免密自动登录。
5
CI/CD 手册:Jenkins 自动化发布全流程
服务与应用运维 详细记录如何通过 Jenkins 搭建自动化流水线,实现 Node.js 前端项目与 Spring Boot 后端项目的打包、上传及一键部署。
