1、升级Openssl
[root@rocky8 ~]# nginx -V #查看现在nginx的OpenSSL版本和编译情况
nginx version: nginx/1.22.0
built by gcc 8.5.0 20210514 (Red Hat 8.5.0-10) (GCC)
built with OpenSSL 1.1.1k FIPS 25 Mar 2021
TLS SNI support enabled
configure arguments: --prefix=/apps/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module
[root@rocky8 ~]# tar xf openssl-3.0.5.tar.gz -C /usr/local
[root@rocky8 ~]# cd /usr/local/nginx-1.22.0/
[root@rocky8 nginx-1.22.0]# ./configure --prefix=/apps/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module --with-openssl=/usr/local/openssl-3.0.5
[root@rocky8 nginx-1.22.0]# make && make install
###提示以下错误:需要安装perl-IPC-Cmd包
Can't locate IPC/Cmd.pm in @INC (you may need to install the IPC::Cmd module)
[root@rocky8 nginx-1.22.0]# dnf install perl-IPC-Cmd
[root@rocky8 nginx-1.22.0]# make && make install #再次编译
2、if指令
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
charset utf8;
server_name www.wang.org;
root /data/nginx/html/pc;
location /if {
index index.html;
root /data/nginx/test;
default_type text/html;
echo "if----> $scheme";
if (!-e $request_filename) {
echo "$request_filename is not exist";
}
}
}
[root@rocky8 conf.d]# mkdir /data/nginx/test/if -p
[root@rocky8 conf.d]# echo /data/nginx/test/if > /data/nginx/test/if/index.html
[root@rocky8 conf.d]# nginx -s reload
===========================================================
[root@rocky8 conf.d]# rm -f /data/nginx/test/if/index.html #删除后再测试
[root@rocky8 conf.d]# nginx -s reload
3、set指令
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
charset utf8;
server_name www.wang.org;
root /data/nginx/html/pc;
location /set {
root /data/nginx/html/pc;
index index.html;
default_type text/html;
set $name wang; #定义$name的值是wang
echo $name; #输出$name
set $my_port $server_port; #定义$my_port的值是$server_port的值
echo $my_port;
}
}
[root@rocky8 conf.d]# nginx -s reload
4、break指令
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
charset utf8;
server_name www.wang.org;
root /data/nginx/html/pc;
location /break {
root /data/nginx/html/pc;
index index.html;
default_type text/html;
set $name wang;
echo "break_before:name=$name";
break; #location块中break后面指令还会执行
set $my_port $server_port;
echo "break_after:my_port=$my_port";
echo "break_after:name=$name";
}
}
[root@rocky8 conf.d]# nginx -s reload
5、return 指令
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
charset utf8;
server_name www.wang.org;
root /data/nginx/html/pc;
location / {
root /data/nginx/html/pc;
index index.html;
default_type text/html;
if ( $scheme = http ) {
return 500 "service error";
echo "if-----> $scheme";
}
if ( $scheme = https ) {
echo "if---> $scheme";
}
}
}
[root@rocky8 conf.d]# nginx -s reload
http跳转到https
## 方法1
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
charset utf8;
server_name www.wang.org;
return 302 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name www.wang.org;
charset utf8;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
location / {
root /data/nginx/html/pc;
}
}
[root@rocky8 conf.d]# nginx -s reload
==========================================================
#方法2
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
if ( $scheme = http ) {
return https://www.wang.org/;
}
}
[root@rocky8 conf.d]# nginx -s reload
6、rewrite 指令
# break
[root@rocky8 conf.d]# echo test1 > /data/nginx/html/pc/test1.html
[root@rocky8 conf.d]# echo test2 > /data/nginx/html/pc/test2.html
[root@rocky8 conf.d]# echo test4 > /data/nginx/html/pc/test4.html
[root@rocky8 conf.d]# echo test3 > /data/nginx/html/pc/test3.html
[root@rocky8 conf.d]# echo testa > /data/nginx/html/pc/testa.html
[root@rocky8 conf.d]# echo testb > /data/nginx/html/pc/testb.html
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
if ( $scheme = http ) {
return https://www.wang.org/;
}
location /test {
rewrite /test1.html /test2.html break;
rewrite /test2.html /test3.html;
}
location /test2.html {
rewrite /test2.html /testa.html;
}
location /test3.html {
rewrite /test3.html /testb.html;
}
}
[root@rocky8 conf.d]# nginx -s reload
# last
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
if ( $scheme = http ) {
return https://www.wang.org/;
}
location /test {
rewrite /test1.html /test2.html last;
rewrite /test2.html /test3.html;
}
location /test2.html {
rewrite /test2.html /testa.html;
}
location /test3.html {
rewrite /test3.html /testb.html;
}
}
[root@rocky8 conf.d]# nginx -s reload
# permanent 永久跳转
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
if ( $scheme = http ) {
return https://www.wang.org/;
}
location /test {
rewrite /test1.html /test2.html last;
rewrite /test2.html /test3.html;
}
location /test2.html {
rewrite /test2.html /testa.html;
}
location /test3.html {
rewrite /test3.html /testb.html;
}
location /permanent {
rewrite /permanent https://blog.51cto.com/dayu permanent; #访问/permanent永久跳转至https://blog.51cto.com/dayu
}
}
[root@rocky8 conf.d]# nginx -s reload
# redirect
[root@rocky8 conf.d]# vim /apps/nginx/conf/conf.d/www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
if ( $scheme = http ) {
return https://www.wang.org/;
}
location /test {
rewrite /test1.html /test2.html last;
rewrite /test2.html /test3.html;
}
location /test2.html {
rewrite /test2.html /testa.html;
}
location /test3.html {
rewrite /test3.html /testb.html;
}
location /redirect {
rewrite /redirect https://blog.51cto.com/dayu redirect; #访问/permanent临时跳转至https://blog.51cto.com/dayu
}
}
[root@rocky8 conf.d]# nginx -s reload
自动跳转 https
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
charset utf8;
server_name www.wang.org;
root /data/nginx/html/pc;
return 302 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
location / {
root /data/nginx/html/pc;
}
}
[root@rocky8 conf.d]# nginx -s reload
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
location / { #针对全站跳转
root /data/nginx/html/pc;
index index.html;
if ( $scheme = http ) { #如果没有加条件判断,会导致死循环
rewrite ^/(.*) https://$host/$1 redirect;
}
location /login { #针对特定的URL进行跳转https
if ( $scheme = http ) { #如果没有加条件判断,会导致死循环
rewrite / https://$host/login redirect;
}
}
}
[root@rocky8 conf.d]# mkdir /data/nginx/html/pc/login
[root@rocky8 conf.d]# echo /data/nginx/html/pc/login > /data/nginx/html/pc/login/index.html
[root@rocky8 conf.d]# nginx -s reload
当用户访问到公司网站的时输入了一个错误的URL,可以将用户重定向至官网首页
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
location / {
root /data/nginx/html/pc;
index index.html;
if ( !-e $request_filename ) {
rewrite .* https://www.wang.org/index.html; #实现客户端浏览器的302跳转
}
}
[root@rocky8 conf.d]# nginx -s reload
指定客户端类型跳转新的域名
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
if ( $http_user_agent ~* "android|iphone|ipad" ) { #判断客户端浏览器类型如果是android或者iphone或者ipad就执行下边指令
rewrite ^/(.*) http://m.wang.org/$1 redirect;
}
[root@rocky8 conf.d]# nginx -s reload
网站维护跳转
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
set $ip 0; #在server层下设定ip变量值为0
if ( $remote_addr = 10.0.0.101 ) {
set $ip 1; #如果来源IP是10.0.0.101则设定变量为ip变量为1。
}
if ( $ip = 0 ) { #如果来源IP不是10.0.0.101则跳转maintain.html这个页面,否则不做任何处理
rewrite ^/(.*)$ /maintain.html break;
}
}
[root@rocky8 conf.d]# echo maintain > /data/nginx/html/pc/maintain.html
[root@rocky8 conf.d]# nginx -s reload
7、防盗链
实现盗链
#实现盗链
## 被盗网站设置
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main; #开启被盗网站的日志功能,main是主配置文件日志名称;
location /images {
root /data/nginx/html/pc;
}
}
[root@rocky8 conf.d]# nginx -s reload
===================================================
## 盗链服务器设置
server {
listen 80;
# listen 443 ssl http2; #如果开启https功能,被盗网站日志无法记录referer
charset utf8;
server_name www.da.org;
root /data/nginx/html/da;
# ssl_certificate /apps/nginx/cert/www.wang.org.pem;
# ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
access_log /apps/nginx/logs/www.da.org_access.log main;
# if ( $scheme = http ) {
# rewrite ^/(.*) https://$server_name$request_uri;
# }
}
[root@rocky8 conf.d]# nginx -s reload
## 浏览器测试:注意:最好选用火狐,edge浏览器最新版默认会检测到盗链而阻止
实现防盗链
#实现防盗链
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location /images {
root /data/nginx/html/pc;
valid_referers none blocked server names *.wang.org ~\.baidu\. ; # 有效referer包含的域名
if ( $invalid_referer ) { #无效referer转到403
return 403;
}
}
[root@rocky8 conf.d]# nginx -s reload
8、反向代理单台 web 服务器
# nginx代理服务器:
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location / {
proxy_pass http://www.yu.org; #访问本机域名转至www.yu.org
}
}
[root@rocky8 conf.d]# vim /etc/hosts #添加www.yu.org解析
10.0.0.101 www.yu.org
[root@rocky8 conf.d]# nginx -s reload
=========================================================
#nginx服务器:
[root@ubuntu2004 ~]#vim /etc/nginx/conf.d/www.yu.org.conf
server {
listen 80;
server_name www.yu.org;
root /data/nginx/html/yu;
}
[root@ubuntu2004 ~]#mkdir /data/nginx/html/yu -p
[root@ubuntu2004 ~]#echo /data/nginx/html/yu > /data/nginx/html/yu/index.html
[root@ubuntu2004 ~]#nginx -s reload
#客户端访问www.wang.org测试
# 反向代理服务器:(要关闭proxy_set_header功能,不然多个网站,只会一直访问一个网站)
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location / {
proxy_pass http://www.b.org;
# proxy_set_header Host $http_host;
#proxy_connect_timeout 10s;
}
[root@rocky8 conf.d]# vim /etc/hosts
10.0.0.18 www.a.org www.b.org
[root@rocky8 conf.d]# nginx -s reload
# nginx服务器
[root@rocky8 ~]# vim /etc/nginx/conf.d/www.a.org.conf
server {
listen 80;
server_name www.a.org;
root /data/nginx/a;
}
server {
listen 80;
server_name www.b.org;
root /data/nginx/b;
}
[root@rocky8 ~]# systemctl restart nginx.service
# 客户端测试
[root@ubuntu2004 ~]#curl www.wang.org
www.b.org
9、指定 location 实现反向代理
# 反向代理:
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location /static {
proxy_pass http://www.b.org; #如果访问www.wang.org/static转到www.b.org/static
}
}
[root@rocky8 conf.d]# nginx -s reload
===================
# nignx服务器
[root@rocky8 ~]# vim /etc/nginx/conf.d/www.a.org.conf
server {
listen 80;
server_name www.a.org;
root /data/nginx/a;
}
server {
listen 80;
server_name www.b.org;
root /data/nginx/b;
}
[root@rocky8 ~]# systemctl restart nginx.service
[root@rocky8 ~]# mkdir /data/nginx/b/static
[root@rocky8 ~]# echo /data/nginx/b/static > /data/nginx/b/static/index.html
# 客户端测试
10、针对特定的资源实现代理
# 动静分离
# 代理服务器:
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location /api {
proxy_pass http://10.0.0.18:8080/hello; 访问www.wang.org转至10.0.0.18:8080/hello(hello是go语言web_demo生成的一个页面)
proxy_set_header Host $http_host;
}
}
[root@rocky8 conf.d]# nginx -s reload
# nginx服务器
[root@rocky8 ~]# chmod +x web_demo
[root@rocky8 ~]# ./web_demo
# 客户端测试
11、开启代理服务器缓存功能(加速客户端访问)
#代理服务器:
[root@rocky8 conf.d]# vim /apps/nginx/conf/nginx.conf #主配置定义proxy_cache_path 缓存路径
proxy_cache_path /data/nginx/proxycache levels=1:2:2 keys_zone=proxycache:20m inactive=120s max_size=1g;
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location /static {
proxy_pass http://www.b.org; #www.b.org(nginx服务器)下边要有static
proxy_cache proxycache;
proxy_cache_key $request_uri;
proxy_cache_valid 200 302 301 10m;
proxy_cache_valid any 5m;
}
}
# 客户端测试:
[root@ubuntu2004 ~]#curl http://www.wang.org/static -L
/data/nginx/b/static
[root@ubuntu2004 ~]#ab -n 2000 -c 200 http://www.wang.org/static
# 代理服务器查看缓存目录
12、添加响应报文头部信息
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location /static {
proxy_pass http://www.b.org;
proxy_cache proxycache;
proxy_cache_key $request_uri;
proxy_cache_valid 200 302 301 10m;
proxy_cache_valid any 5m;
add_header X-Via $server_addr; #当前nginx主机的IP
add_header X-Cache $upstream_cache_status; #缓存HIT,不是缓存MISS
add_header X-Accel $server_name; #客户访问的FQDN
}
[root@rocky8 conf.d]# nginx -s reload
#客户端验证:
13、实现反向代理客户端 IP 透传
一级代理实现客户端IP透传
# 代理服务器(10.0.0.8):
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location / {
proxy_pass http://10.0.0.18;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #添加客户端IP和反向代理服务器IP到请求报文头部
}
}
[root@rocky8 conf.d]# nginx -s reload
# Web Server(10.0.0.18) Apache:
[root@rocky8 ~]# yum install -y httpd
[root@rocky8 ~]# vim /etc/httpd/conf/httpd.conf
#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined #注释原有行,添加新行如下:
LogFormat "%{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
[root@rocky8 ~]# systemctl restart httpd
多级代理实现客户端 IP 透传
# 第一台porxy(10.0.0.8):
[root@rocky8 conf.d]# vim /apps/nginx/conf/nginx.conf #开启日志格式,记录x_forwarded_for
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
include /apps/nginx/conf/conf.d/*.conf;
[root@rocky8 conf.d]# vim www.wang.org.conf
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location / {
proxy_pass http://10.0.0.28;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #开启日志格式,记录x_forwarded_for
}
}
[root@rocky8 conf.d]# nginx -s reload
======================================
# 第二台porxy(10.0.0.28):
[root@rocky8 nginx]# vim /apps/nginx/conf/nginx.conf
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
server {
........
location / {
proxy_pass http://10.0.0.18;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
......
}
# 10.0.0.18的apache和一级IP透传日志设置一样
# 客户端测试
14、使用 Nginx 反向代理功能解决跨域问题案例
# web服务器启动动态测试服务页面(10.0.0.18)
[root@rocky8 ~]# ./web_demo 默认开启一个hello页面8080端口
===========================
#反向代理服务器(10.0.0.8)
server {
listen 80;
listen 443 ssl http2;
charset utf8;
server_name www.wang.org;
ssl_certificate /apps/nginx/cert/www.wang.org.pem;
ssl_certificate_key /apps/nginx/cert/www.wang.org.key;
ssl_session_timeout 10m;
root /data/nginx/html/pc;
access_log /apps/nginx/logs/www.wang.org_access.log main;
location /hello { #设置访问hello转至www.dayu.org:8080
proxy_pass http://www.dayu.org:8080; #这里如果写域名的话需要解析,如果写IP地址就不需要
}
}
[root@rocky8 conf.d]# vim /etc/hosts #加上解析至www.dayu.org
10.0.0.18 www.dayu.org
[root@rocky8 conf.d]# vim /data/nginx/html/pc/cors.html #编辑需要有跨域资源的页面
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Cross-origin resource sharing</title>
</head>
<body>
<script src="https://code.jquery.com/jquery-2.2.4.min.js"></script>
<script>
$.ajax({
url:'http://www.wang.org/hello', #指向自己
type:'get',
data:{},
success:function(res){
//res = JSON.parse(res);
console.log('请求成功',res)
},
error:function(er){
console.log('请求错误')
}
})
</script>
</body>
</html>
[root@rocky8 conf.d]# nginx -s reload
#客户端测试
Nginx实用配置-2的相关教程结束。
