常用nginx虚拟主机配置

摘要

待续。。。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
[root@ecs vhosts]# cat c.isme.pub.conf
server {
listen 80;
server_name c.isme.pub;
location ~ ^/product/xxx/.+\.php$ {
access_log /data/logs/nginx_log/xxx_access.log moss;
error_log /data/logs/nginx_log/xxx_error.log;
if ($fastcgi_script_name ~ /product/xxx/(.*)) {
root /data/web_data/web/app/xxx/www/;
set $valid_fastcgi_script_name $1;
}
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root/$valid_fastcgi_script_name;
include fastcgi_params;
}
location /product/xxx/ {
access_log /data/logs/nginx_log/xxx_access.log moss;
error_log /data/logs/nginx_log/xxx_error.log;
alias /data/web_data/web/app/cat_elock/www/;
index index.htm;
}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
server {
listen 80;
server_name c.isme.pub;
access_log /data/logs/nginx_log/xxx_access.log moss;
error_log /data/logs/nginx_log/xxx_error.log error;
location / {
proxy_pass http://0.0.0.0/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 80;
server_name c.isme.pub;
access_log /data/logs/nginx_log/xxx_access.log moss;
error_log /data/logs/nginx_log/xxx_error.log error;
return 301 https://$server_name/$1;
}
server {
listen 443;
server_name c.isme.pub;
access_log /data/logs/nginx_log/xxx_access.log moss;
error_log /data/logs/nginx_log/xxx_error.log error;
ssl on;
ssl_certificate /usr/local/nginx/conf/ssl/wildcard-g7-20170629.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl/wildcard-g7-20170629.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:demo-pay:4m;
location / {
proxy_pass http://0.0.0.0:80/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
#proxy_set_header Host $host;
#proxy_set_header X-Real-IP $remote_addr;
}
}
upstream zabbix{
server 172.16.1.4:80;
}
server {
listen 80;
server_name zabbix.xxx.com;
access_log /data/logs/zabbix/zabbix_access.log ksformat;
error_log /data/logs/zabbix/zabbix_error.log;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header remote_addr $remote_addr;
proxy_pass http://zabbix;
}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
server {
listen 80;
server_name c.isme.pub;
access_log /data/logs/nginx_log/xxx_access.log moss;
error_log /data/logs/nginx_log/xxx_error.log error;
location ~ ^/xxx/.+\.php {
if ($fastcgi_script_name ~ /xxx/(.*)) {
root /data/web_data/web/app/xxx/app/zeus/public/;
set $valid_fastcgi_script_name $1;
}
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9001;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root/$valid_fastcgi_script_name;
include fastcgi_params;
}
location ~ ^/xxx/(.*)$ {
alias /data/web_data/web/app/xxx/app/zeus/public/;
try_files $uri $uri/ /index.php?$query_string;
index index.php index.html index.htm;
}
location / {
root /data/web_data/web/app/xxx/www/;
index index.php index.html index.htm;
}
location ~ \.php$ {
root /data/web_data/web/app/xxx/www/;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.html;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
include fastcgi_params;
}
location /php-fpm_status {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
include fastcgi_params;
}
}
server {
listen 443;
server_name c.isme.pub;
error_log off;
ssl on;
ssl_certificate /usr/local/nginx/conf/ssl/wildcard-g7-20170629.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl/wildcard-g7-20170629.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:demo-pay:4m;
location / {
proxy_pass http://127.0.0.1:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}

通过url中不同参数定位到不同项目和不同环境

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
location /www/ {
if ( $query_string ~* ^(.*)p=(.*?)&(.*)e=gt(.*)$ ) {
root /www/html/;
set $location $2;
set $env "gtest";
}
if ( $query_string ~* ^(.*)p=(.*?)&(.*)e=mt(.*)$ ) {
root /www/html/;
set $location $2;
set $env "mtest";
}
rewrite ^/www/(.*) /$location/$env/index.html?$query_string break;
try_files $uri /$location/$env/index.html?$query_string;
index index.html;
}

rewrite

1
2
3
4
5
6
7
8
9
10
11
location /xxx/
{
alias /www/html/xxx/;
try_files $uri /xxx/index.html;
if ( $uri ~ 'users' ){
rewrite ^/xxx/users /xxx/index.html;
}
if ( $uri ~ '' ) {
rewrite ^/xxx/$ https://xxxxxx
}
}

http转https

rewrite

1
2
3
4
5
6
7
8
9
10
11
12
13
server {
listen 80;
server_name domain.com;
rewrite ^(.*) https://$server_name$1 permanent;
}
server {
listen 443 ssl;
server_name domain.com;
ssl on;
ssl_certificate /etc/nginx/ssl/domain.com.crt;
ssl_certificate_key /etc/nginx/ssl/domain.com.crt;
# other
}

return

1
2
3
4
5
6
7
8
9
10
11
12
13
server {
listen 80;
server_name domain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name domain.com;
ssl on;
ssl_certificate /etc/nginx/ssl/domain.com.crt;
ssl_certificate_key /etc/nginx/ssl/domain.com.crt;
# other
}

error_page

1
2
3
4
5
6
7
8
9
10
server {
listen 80;
listen 443 ssl;
server_name domain.com;
ssl on;
ssl_certificate /etc/nginx/ssl/domain.com.crt;
ssl_certificate_key /etc/nginx/ssl/domain.com.crt;
# other
error_page 497 https://$server_name$request_uri;
}