zhouinfo

nginx 配置

发布 : 2022-08-15 分类 : nginx 浏览 :

nginx 配置

禁止使用ip访问项目

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

#禁止ip访问80端口
server {
    listen 80 default;
    server_name _;
    return 500;
}

#禁止ip访问443端口
server {
    listen 443 default_server;
    server_name _;
    ssl_certificate /home/zhou/zhouinfo.site/zhouinfo.site_bundle.crt; #可以是过期的证书 但一定得有
    ssl_certificate_key /home/zhou/zhouinfo.site/zhouinfo.site.key;    #可以是过期的证书 但一定得有
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!3DES:!ADH:!RC4:!DH:!DHE;
    ssl_prefer_server_ciphers on;
    return 500;
}

启用ssl 浏览器在获取js css 如果使用了http协议就会打印错误

1
2
3
4
5
6
7
8
location /test {
    proxy_pass http://127.0.0.1/test;
    proxy_redirect default;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    add_header Content-Security-Policy upgrade-insecure-requests; #http页面请求升级为https
}

nginx自带目录浏览器功能

只需要配置就可以使用

vim nginx.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
#分享根目录下的/zhou文件夹
location /test {
        root /;
        autoindex on;              #开启目录浏览
        autoindex_format html;     #以html风格将目录展示在浏览器中
        autoindex_exact_size off;  #切换为 off 后,以可读的方式显示文件大小,单位为 KB、MB 或者 GB
        autoindex_localtime on;    #以服务器的文件时间作为显示的时间
        charset utf-8,gbk;         #展示中文文件名
        
        auth_basic "Authorized users only";       #需要密码验证
        #使用https://tool.oschina.net/htpasswd 在线htpasswd生成器,用crypt加密密码,得到一串账号密码密文,存到/etc/nginx/htpasswd
        auth_basic_user_file /etc/nginx/htpasswd; #密码文件
}

重启nginx nginx -t nginx -s reload
访问 https://zhouinfo.site/test 输入账号密码就可以访问 根目录下的 /test 文件夹

例子

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 4096;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    include /etc/nginx/conf.d/*.conf;

    server {
        listen       80;
        server_name  zhouinfo.site;
        return  301  https://$server_name$request_uri;
    }
    server {
        listen       80;
        server_name  blog.zhouinfo.site;
        return  301  https://$server_name$request_uri;
    }
    server {
        listen       80;
        server_name  git.zhouinfo.site;
        return  301  https://$server_name$request_uri;
    }
    server {
        listen       80;
        server_name  hook.zhouinfo.site;
        location / {
            proxy_pass  http://localhost:6000;
            proxy_redirect default;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
        }
    }
    server {
        listen       80;
        server_name  license.zhouinfo.site;
        return  301  https://$server_name$request_uri;
    }
    server {
        listen       80;
        server_name  ip.zhouinfo.site;
        location / {
            default_type text/plain;
            return 200 $remote_addr;
        }
    }

   server {
        listen 443 ssl http2;
        server_name zhouinfo.site;

        ssl_certificate /etc/nginx/cert/zhouinfo.site/fullchain.cer;
        ssl_certificate_key /etc/nginx/cert/zhouinfo.site/zhouinfo.site.key;
        ssl_dhparam /etc/nginx/cert/dhparam.pem;

        location / {
            root   /var/www/zhouinfo;
            index  index.html index.htm;
        }
    }

   server {
        listen 443 ssl http2;
        server_name blog.zhouinfo.site;

        ssl_certificate /etc/nginx/cert/zhouinfo.site/fullchain.cer;
        ssl_certificate_key /etc/nginx/cert/zhouinfo.site/zhouinfo.site.key;
        ssl_dhparam /etc/nginx/cert/dhparam.pem;

        location / {
            root   /var/www/blog;
            index  index.html index.htm;
        }
    }

   server {
        listen 443 ssl http2;
        server_name git.zhouinfo.site;

        ssl_certificate /etc/nginx/cert/zhouinfo.site/fullchain.cer;
        ssl_certificate_key /etc/nginx/cert/zhouinfo.site/zhouinfo.site.key;
        ssl_dhparam /etc/nginx/cert/dhparam.pem;

        client_max_body_size 100m;

        location / {
            proxy_pass  http://localhost:3000;
            proxy_redirect default;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
        }
    }

   server {
        listen 443 ssl http2;
        server_name license.zhouinfo.site;

        ssl_certificate /etc/nginx/cert/zhouinfo.site/fullchain.cer;
        ssl_certificate_key /etc/nginx/cert/zhouinfo.site/zhouinfo.site.key;
        ssl_dhparam /etc/nginx/cert/dhparam.pem;

        location / {
            proxy_pass  http://localhost:9000;
            proxy_redirect default;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
        }
    }
}
本文作者 : zhouinfo
原文链接 : http://blog.zhouinfo.site/2022/08/15/nginx-%E9%85%8D%E7%BD%AE/
版权声明 : 本博客所有文章除特别声明外,均采用 CC Apache License 2.0 许可协议。转载请注明出处!
标签: #Linux #nginx
留下足迹