Configure multiple domain names for one site

1
2
3
4
server {
listen 80;
server_name ops-coffee.cn b.ops-coffee.cn;
}

server_name can be followed by multiple domain names, and multiple domain names are separated by spaces

Configure multiple sites for one service

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
server {
listen 80;
server_name a.ops-coffee.cn;

location / {
root /home/project/pa;
index index.html;
}
}

server {
listen 80;
server_name ops-coffee.cn b.ops-coffee.cn;

location / {
root /home/project/pb;
index index.html;
}
}

server {
listen 80;
server_name c.ops-coffee.cn;

location / {
root /home/project/pc;
index index.html;
}
}

Based on Nginx virtual host configuration, Nginx has three types of virtual hosts

IP-based virtual host: You need to have multiple addresses on your server. Each site corresponds to different addresses. This method is rarely used

Port-based virtual host: Each site corresponds to a different port. When accessing, use ip: port to access. You can modify the port of listen to use

Domain name based virtual host: The most widely used way is to use domain name based virtual host in the above example. The precondition is that you have multiple domain names corresponding to each site, server_ name Fill in different domain names

Nginx adds account password verification

1
2
3
4
5
6
server {
location / {
auth_basic "please input user&passwd";
auth_basic_user_file key/auth.key;
}
}

Many services are accessed through nginx, but they do not provide account authentication function. They can be implemented through the authbase account password authentication provided by nginx. The following script can be used to generate the account password

1
2
3
4
5
6
# cat pwd.pl 
#!/usr/bin/perl
use strict;

my $pw=$ARGV[0] ;
print crypt($pw,$pw)."\n";

usage method:

1
2
3
# perl pwd.pl ops-coffee.cn
opf8BImqCAXww
# echo "admin:opf8BImqCAXww" > key/auth.key

Nginx Open Column Directory

When you want nginx to exist as a file download server, you need to open the nginx column directory

1
2
3
4
5
6
7
8
server {
location download {
autoindex on;

autoindex_exact_size off;
autoindex_localtime on;
}
}

autoindex_ exact_ size: display the exact size of the file when it is on (default), in bytes; Change to off to display the approximate size of the file, in KB or MB or GB

autoindex_ localtime: When it is off (default), the file time displayed is GMT time; After changing to on, the displayed file time is the server time

By default, when accessing the listed txt and other files, the file content will be displayed on the browser. If you let the browser download directly first, add the following configuration

1
2
3
if ($request_filename ~* ^.*?\.(txt|pdf|jpg|png)$) {
add_header Content-Disposition 'attachment';
}

Configure default site

1
2
3
server {
listen 80 default;
}

When multiple virtual hosts are created on a nginx service, they will be searched from top to bottom by default. If the virtual host cannot be matched, the content of the first virtual host will be returned. If you want to specify a default site, you can put the virtual host of this site in the location of the first virtual host in the configuration file, or configure the listen default on the virtual host of this site

IP access is not allowed

1
2
3
4
5
6
server {
listen 80 default;
server_name _;

return 404;
}

There may be some unregistered domain names or domain names you don’t want to point the server address to your server, which will have a certain impact on your site. You need to prohibit access to IP or unconfigured domain names. We use the default rule mentioned above to transfer the default traffic to 404

The above method is rough. Of course, you can also configure all unconfigured addresses to be redirected to your website directly by 301, which can also bring some traffic to your website

1
2
3
server {
rewrite ^/(.*)$ https://ops-coffee.cn/$1 permanent;
}

Directly return the verification file

1
2
3
4
location = /XDFyle6tNA.txt {
default_type text/plain;
return 200 'd6296a84657eb275c05c31b10924f6ea';
}

Many times, WeChat and other programs require us to put a txt file into the project to verify the project ownership. We can modify nginx directly through the above method without actually putting the file on the server

Nginx configures upstream reverse proxy

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
http {
...
upstream tomcats {
server 192.168.106.176 weight=1;
server 192.168.106.177 weight=1;
}

server {
location /ops-coffee/ {
proxy_pass http://tomcats;

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}

}

You may fall into a proxy if you don’t pay attention_ Pass is the trap of adding bars without adding bars. Let’s talk about proxy in detail_ pass http://tomcats And proxy_ pass http://tomcats/ Difference:

Although it is only a/difference, the results are quite different. There are two situations:

  1. The target address does not contain uri (proxy_pass http://tomcats ). At this time, the matching uri in the new target url will not be modified. It is what it is.
    1
    2
    3
    4
    5
    6
    location /ops-coffee/ {
    proxy_pass http://192.168.106.135:8181;
    }

    http://domain/ops-coffee/ --> http://192.168.106.135:8181/ops-coffee/
    http://domain/ops-coffee/action/abc --> http://192.168.106.135:8181/ops-coffee/action/abc
  2. The target address contains uri (proxy_pass http://tomcats/ ,/is also a uri). At this time, the matching uri part in the new target url will be modified to the uri in this parameter.
    1
    2
    3
    4
    5
    6
    location /ops-coffee/ {
    proxy_pass http://192.168.106.135:8181/;
    }

    http://domain/ops-coffee/ --> http://192.168.106.135:8181
    http://domain/ops-coffee/action/abc --> http://192.168.106.135:8181/action/abc

Nginx upstream enable keepalive

1
2
3
4
5
6
7
8
9
10
11
12
13
upstream tomcat {
server ops-coffee.cn:8080;
keepalive 1024;
}

server {
location / {
proxy_http_version 1.1;
proxy_set_header Connection "";

proxy_pass http://tomcat;
}
}

Nginx will be used as a reverse proxy in most cases in the project, such as nginx followed by tomcat, nginx followed by php, etc. At this time, we can enable keepalive between nginx and back-end services to reduce the resource consumption caused by frequent creation of TCP connections. The configuration is as follows

Keepalive: specifies that the maximum number of connections that each nginx worker can maintain is 1024, which is not set by default, that is, keepalive does not take effect when nginx is used as a client

proxy_ http_ version 1.1: Enabling keepalive requires the HTTP protocol version to be HTTP 1.1

proxy_ set_ header Connection “”: In order to be compatible with the old protocol and prevent keepalive failure caused by the connection close in the http header, it is necessary to clear the connection in the HTTP header in time

404 Automatically jump to the home page

1
2
3
4
5
6
7
8
9
server {
location / {
error_page 404 = @ops-coffee;
}

location @ops-coffee {
rewrite .* / permanent;
}
}

The 404 page on the website is not particularly friendly. We can automatically jump to the home page after the 404 page appears through the above configuration