Nginx

Nginx 是一款高效的 Web 服务器和反向代理服务器,常用于负载均衡、HTTP 缓存、静态资源托管等任务。它主要使用配置文件 + nginx 命令的方式进行工作。

配置文件:

  • /etc/nginx/nginx.conf​、/etc/nginx/conf.d/​。
  • /usr/local/nginx/nginx.conf​、/usr/local/nginx/conf/​。

日志文件:

  • /var/log/nginx/access.log​、/var/log/nginx/error.log​。

常用命令

启动

sudo nginx [-c /path/to/nginx.conf]

停止

sudo nginx -s stop

重加载

sudo nginx -s reload

检查配置

sudo nginx -t

退出

sudo nginx -s quit

常规配置

静态文件

用 Nginx 来服务静态文件,如 HTML、CSS、JavaScript 和图片文件。

server {
listen 80; # 监听80端口
server_name example.com; # 服务器名称(可以是域名或IP)

location / {
root /var/www/html; # 静态文件的根目录
index index.html index.htm; # 默认文件
}

# 错误页面配置
error_page 404 /404.html;
location = /404.html {
root /var/www/html;
}
}

反向代理

server {
listen 80;
server_name example.com;

location / {
proxy_pass http://127.0.0.1:8080;

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Cookie $http_cookie;
}
}

负载均衡

http {
upstream flask-server {
server 192.168.1.2:5000;
server 192.168.1.3:5000;
}

server {
listen 80;
server_name example.com;

location / {
proxy_pass http://flask-server; # 转发请求到负载均衡后端

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Cookie $http_cookie;
}
}
}

SSL

server {
listen 443 ssl;
server_name example.com;

ssl_certificate /etc/nginx/ssl/example.com.crt; # SSL 证书路径
ssl_certificate_key /etc/nginx/ssl/example.com.key; # SSL 私钥路径
ssl_protocols TLSv1.2 TLSv1.3; # 支持的 SSL 协议
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; # 加密套件

location / {
root /var/www/html;
index index.html;
}

# 重定向 HTTP 请求到 HTTPS
error_page 497 https://$host$request_uri;
}

缓存

http {
server {
listen 80;
server_name example.com;

location /images/ {
root /var/www/html;
expires 30d; # 设置缓存时间为 30 天
add_header Cache-Control "public";
}

location / {
root /var/www/html;
index index.html;
}
}
}

防止 DDOS 攻击

http {
# 定义请求频率的限制
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;

server {
listen 80;
server_name example.com;

location / {
limit_req zone=one burst=5; # 允许每秒 1 个请求,最多允许 5 个突发请求
root /var/www/html;
index index.html;
}
}
}

Gzip 压缩

http {
gzip on; # 启用 Gzip 压缩
gzip_disable "msie6"; # 禁用针对旧版 IE 浏览器的压缩

gzip_vary on; # 开启 Vary: Accept-Encoding 头
gzip_proxied any; # 启用代理服务器时的 Gzip 压缩
gzip_comp_level 6; # 设置压缩等级(1-9,数字越大,压缩率越高)
gzip_types text/plain text/css application/javascript application/json application/xml application/xml+rss text/javascript; # 启用 Gzip 压缩的 MIME 类型
}

跨域共享

server {
listen 80;
server_name example.com;

location / {
add_header 'Access-Control-Allow-Origin' '*'; # 允许所有来源的跨域请求
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS, PATCH'; # 允许的请求方法
add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept'; # 允许的请求头
root /var/www/html;
index index.html;
}
}