Summary of some common configurations and techniques of Nginx

Preface

This article lists several common, practical and interesting configurations of Nginx. I hope that after reading it, you can say: I have learned something!

Configure multiple domain names for one site

server {
 listen 80;
 server_name ops-coffee.cn b.ops-coffee.cn;
}

server_name followed by multiple domain names, separated by spaces

One service configures multiple sites

server {
 listen 80;
 server_name a.ops-coffee.cn;

 location / {
 root /home/project/pa;
 index index.html;
 }
}

server {
 listen 80;
 server_name ops-coffee.cn b.ops-coffee.cn;

 location / {
 root /home/project/pb;
 index index.html;
 }
}

server {
 listen 80;
 server_name c.ops-coffee.cn;

 location / {
 root /home/project/pc;
 index index.html;
 }
}

Based on the Nginx virtual host configuration, Nginx has three types of virtual hosts

IP-based virtual hosting: You need to have multiple addresses on your server, and each site corresponds to a different address. This method is less used.

Port-based virtual hosts: Each site corresponds to a different port. When accessing, use the ip:port method to access. You can modify the listen port to use

Domain name-based virtual hosting: The most widely used method. The example above uses a domain name-based virtual hosting. The prerequisite is that you have multiple domain names corresponding to each site. Just fill in different domain names in server_name

nginx adds account and password verification

server {
 location / {
 auth_basic "please input user&passwd";
 auth_basic_user_file key/auth.key;
 }
}

There are many services accessed through nginx, but it does not provide account authentication function. You can use the authbase account and password authentication provided by nginx to achieve this. You can use the following script to generate the account password

# cat pwd.pl 
#!/usr/bin/perl
use strict;

my $pw=$ARGV[0] ;
print crypt($pw,$pw)."\n";

Directions:

# perl pwd.pl ops-coffee.cn
opf8BImqCAXww
# echo "admin:opf8BImqCAXww" > key/auth.key

nginx opens the directory column

When you want nginx to exist as a file download server, you need to enable nginx directory listing

server {
 location download {
  autoindex on;

  autoindex_exact_size off;
  autoindex_localtime on;
 }
}

autoindex_exact_size: When on (default), the exact size of the file is displayed in bytes; when off, the approximate size of the file is displayed in KB, MB, or GB

autoindex_localtime: When it is off (default), the file time displayed is GMT time; when it is changed to on, the file time displayed is the server time

By default, when you access the listed txt files, the contents of the file will be displayed on the browser. If you want the browser to download directly, add the following configuration

if ($request_filename ~* ^.*?\.(txt|pdf|jpg|png)$) {
 add_header Content-Disposition 'attachment';
}

Configuring the Default Site

server {
 listen 80 default;
}

When multiple virtual hosts are created on an nginx service, the default search is from top to bottom. If no virtual host is matched, the content of the first virtual host is returned. If you want to specify a default site, you can put the virtual host of this site in the position of the first virtual host in the configuration file, or configure listen default on the virtual host of this site.

Do not allow access by IP

server {
 listen 80 default;
 server_name _;

 return 404;
}

There may be some unregistered domain names or domain names you don't want that point the server address to your server. This will have a certain impact on your site and you need to prohibit access to IP or unconfigured domain names. We use the default rule mentioned above to redirect all default traffic to 404.

The above method is relatively crude. Of course, you can also configure all unconfigured addresses to directly redirect to your website when accessed by 301, which can also bring certain traffic to your website.

server {
 rewrite ^/(.*)$ https://ops-coffee.cn/$1 permanent;
}

Return verification file directly

location = /XDFyle6tNA.txt {
 default_type text/plain;
 return 200 'd6296a84657eb275c05c31b10924f6ea';
}

Many times, WeChat and other programs require us to put a txt file into the project to verify the project ownership. We can directly modify nginx in the above way without actually putting the file on the server.

Nginx configures upstream reverse proxy

http {
 ...
 upstream tomcats {
  server 192.168.106.176 weight=1;
  server 192.168.106.177 weight=1;
 }

 server {
  location /ops-coffee/ { 
   proxy_pass http://tomcats;

   proxy_set_header Host $host;
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   proxy_set_header X-Forwarded-Proto $scheme;
  }
 }

}

If you are not careful, you may fall into the trap of proxy_pass with or without a bar. Here is a detailed description of the difference between proxy_pass http://tomcats and proxy_pass http://tomcats/:

Although it is only a difference of /, the results are very different. There are two cases:

1. The target address does not contain URI (proxy_pass http://tomcats). At this time, in the new target URL, the matching URI part does not change and remains the same as before.

location /ops-coffee/ {
 proxy_pass http://192.168.106.135:8181;
}

http://domain/ops-coffee/ --> http://192.168.106.135:8181/ops-coffee/
http://domain/ops-coffee/action/abc --> http://192.168.106.135:8181/ops-coffee/action/abc

2. The target address contains URI (proxy_pass http://tomcats/, / is also URI). In this case, the matching URI part of the new target URL will be modified to the URI in this parameter.

location /ops-coffee/ {
 proxy_pass http://192.168.106.135:8181/;
}

http://domain/ops-coffee/ --> http://192.168.106.135:8181
http://domain/ops-coffee/action/abc --> http://192.168.106.135:8181/action/abc

nginx upstream turns on keepalive

upstream tomcat {
 server ops-coffee.cn:8080;
 keepalive 1024;
}

server {
 location / {
  proxy_http_version 1.1;
  proxy_set_header Connection "";

  proxy_pass http://tomcat;
 }
}

In most cases, nginx is used as a reverse proxy in a project. For example, nginx is connected to tomcat, nginx is connected to php, etc. At this time, we turn on keepalive between nginx and the backend service to reduce the resource consumption caused by frequent creation of TCP connections. The configuration is as follows

keepalive: Specifies the maximum number of connections that each nginxworker can maintain to 1024. By default, it is not set, that is, keepalive is not effective when nginx is used as a client.

proxy_http_version 1.1: Enabling keepalive requires the HTTP protocol version to be HTTP 1.1

proxy_set_header Connection "": In order to be compatible with the old protocol and prevent the keepalive from being invalid due to Connection close in the http header, it is necessary to clear the Connection in the HTTP header in time.

404 automatically jumps to the home page

server {
 location / {
  error_page 404 = @ops-coffee;
 }

 location @ops-coffee {
  rewrite .* / permanent;
 }
}

The 404 page on the website is not very friendly. We can use the above configuration to automatically jump to the home page after the 404 page appears.

Summarize

The above is the full content of this article. I hope that the content of this article will have certain reference learning value for your study or work. Thank you for your support of 123WORDPRESS.COM.