1、nginx強制跳轉https配置,通過http狀態嗎實現,http狀態嗎地址:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/307
301 It is therefore recommended to use the 301 code only as a response for GET or HEAD methods and to use the 308 Permanent Redirect for POSTmethods instead, as the method change is explicitly prohibited with this status.
#cat conf.d/test.conf
server {
listen 80;
server_name cul.xget.com;
location / {
auth_basic "it's protected";
auth_basic_user_file /data/.htpasswd;
proxy_pass http://10.10.17.31:8500;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header Access-Control-Allow-Origin *;
proxy_next_upstream http_502 http_504 error timeout invalid_header;
}
listen 443 ssl;
ssl_certificate /root/USSL_TBDmkIc7/Nginx/public.pem;
ssl_certificate_key /root/USSL_TBDmkIc7/Nginx/private.key;
ssl_session_cache shared:le_nginx_SSL:1m; # managed by Certbot
ssl_session_timeout 1440m; # managed by Certbot
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # managed by Certbot
ssl_prefer_server_ciphers on; # managed by Certbot
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES256-SHA256 EDH-RSA-DES-CBC3-SHA"; # managed by Certbot
if ($scheme != "https"){
return 301 https://$host$request_uri;
}
}
2、根據remote_addr轉發流量及if的或匹配
location / { if ( $remote_addr = "183.18.16.69" ){ rewrite ^/(.*) /saturn-api-canary/$1 break; proxy_pass http://10.42.7.12:32080; break; } if ( $remote_addr = "115.25.5.107" ){ rewrite ^/(.*) /saturn-admin-canary/$1 break; proxy_pass http://10.42.7.12:32080; break; } proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_max_temp_file_size 0; proxy_pass http://api; client_max_body_size 100m; proxy_read_timeout 150; access_log /var/log/nginx/share.log hehe; error_log /var/log/nginx/api_error.log warn; add_header X-Upstream $upstream_addr always; proxy_redirect off; }
或匹配:
location / { if ( $remote_addr ~ "183.18.16.69|115.25.5.107" ){ rewrite ^/(.*) /saturn-api-canary/$1 break; proxy_pass http://10.42.7.12:32080; break; } proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_max_temp_file_size 0; proxy_pass http://api; client_max_body_size 100m; proxy_read_timeout 150; access_log /var/log/nginx/share.log hehe; error_log /var/log/nginx/api_error.log warn; add_header X-Upstream $upstream_addr always; proxy_redirect off; }
3、根據header轉發流量
location / { if ( $http_yfflag = 2 ){ rewrite ^/(.*) /saturn-api-canary/$1 break; proxy_pass http://10.42.7.12:32080; break; } proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_max_temp_file_size 0; proxy_pass http://api; client_max_body_size 100m; proxy_read_timeout 150; access_log /var/log/nginx/share.log hehe; error_log /var/log/nginx/api_error.log warn; add_header X-Upstream $upstream_addr always; proxy_redirect off; }
4、if實現“與”操作
nginx不支持shell的and、&&實現,也不支持if嵌套,所以采用設置變量的方式實現。首先設置一個變量置為空 set $flag 0;然后根據條件追加值,在最終的if塊中根據$flag的值進行判斷,實現與和或。切記要在最終的if塊中添加break,
否則proxy_pass也會被執行。
AND:
location / { if ( $remote_addr !~ "183.128.16.69|115.205.5.107" ){ proxy_pass http://10.4.8.77; break; } set $foo ""; if ( $http_fflag = 2 ){ set $foo "${foo}1"; } if ( $http_dflag = 1 ){ set $foo "${foo}1"; } if ( $foo ~* "11" ){ rewrite ^ http://zipkin.xet.com/zipkin/ break; break; } proxy_pass http://api; }
5、nginx訪問靜態資源
這里使用兩種方式都可以實現:
兩者都是在server段的location下使用
1)使用alias
server{ listen *80; server_name test.eee.com; location /getQQCode/ { alias /etc/nginx/qq/; } }
提前將靜態文件放到alias的目錄下面,這樣訪問http://test.eee.com/getQQCode/index.html,實際服務器的訪問路徑是/etc/nginx/qq/index.heml。
2)使用root
server{ listen *80; server_name test.eee.com; location /getQQCode/ { root /etc/nginx/qq/; } }
這樣訪問http://test.eee.com/getQQCode/index.html,實際服務器的訪問路徑是/etc/nginx/qq/getQQCode/index.heml。root會將路徑進行拼接。例如使用root的時候會將uri /getQQCode/拼接到root的路徑后面
即/etc/nginx/qq/getQQCode/index.heml。