1、
upstream test_1633_pool {
server 10.160.51.75:8200 weight=10 max_fails=2 fail_timeout=600s;
server 10.168.246.204:8200 weight=10 max_fails=2 fail_timeout=600s backup;
}
upstream i_1633_pool {
ip_hash;
server 10.160.12.61:8001 weight=10 max_fails=2 fail_timeout=300s;
server 10.160.12.62:8001 weight=10 max_fails=2 fail_timeout=300s;
}
upstream tag_1633_pool {
server 10.160.51.75:8022 weight=10 max_fails=2 fail_timeout=30s;
server 10.168.246.204:8022 weight=10 max_fails=2 fail_timeout=600s down;
}
2、#stub_status开启状态查看
server {
listen 9001;
location ~ /nginx_status {
stub_status on;
access_log off;
allow 117.25.164.2;
allow 117.25.172.106;
allow 127.0.0.1;
deny all;
}
}
3、#负载均衡,重写
server {
listen 80;
charset utf-8;
server_name xxxx.com;
access_log /usr/local/wwwroot/xxx.log;
if ( $request_uri = "/" ) {
rewrite "/" /index/home/ break;
}
location / {
proxy_set_header Host $host;
proxy_set_header x-real-IP $remote_addr;
proxy_pass http://hr_1633_pool;
}
include drop_sql.conf;
}
4、#permanent重写
location / {
rewrite ^/(.*)$ http://www.1633.com/jimei/ permanent;
proxy_set_header x-real-IP $remote_addr;
}
5、#图片文件缓存7天
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|js|apk)$
{
proxy_pass http://10.165.12.250:8002;
expires 7d;
}
6、#rewrite
rewrite ^/service/(.*) /$1 break;
7、#proxy_next_upstream 设置出现500错误后,跳转到另外的服务器
location / {
proxy_next_upstream http_500 http_502 http_503 http_504 error timeout invalid_header;
proxy_set_header Host $host;
rewrite ^/about.shtml http://xxx/bbs/html/mobile/about.html break;
proxy_pass http://10.160.12.63:8007;
proxy_set_header x-real-IP $remote_addr;
if ($request_uri ~ ^/about.shtml) {
rewrite ^/about.shtml /bbs/html/mobile/about.html break;
proxy_pass http://bbs_xx_pool;
}
}
8、#break后继续执行
location / {
proxy_set_header Host $host;
rewrite ^/$ /web/login.do break;
proxy_pass http://10.132.83.149:8088;
proxy_set_header x-real-IP $remote_addr;
}
9、#ssl配置,监听443
server {
listen 80;
listen 443 ssl;
listen [::]:80 ipv6only=on;
charset utf-8;
server_name xxx;
server_name xxxxxx;
ssl_certificate /usr/local/nginx/key/lsfwebos.pem;
ssl_certificate_key /usr/local/nginx/key/lsfwebos.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
ssl_prefer_server_ciphers on;
location / {
proxy_next_upstream http_500 http_502 http_503 http_504 error timeout invalid_header;
proxy_set_header Host $host;
proxy_pass http://xxxx_pool;
proxy_set_header x-real-IP $remote_addr;
}
include drop_sql.conf;
}
10、#query_string 判断查询字符串
if ( $query_string ~ "fak=5649380bd13b4701c4099287" ){
rewrite ^/review/ /review/?$query_string last;
}
11、#valid_referers 只允许某些域名的请求
location /upload/ {
valid_referers blocked certify.keyibao.com admin.keyibao.com *.hn51js.gov.cn *.haixia.gov.cn *.xmdxy.gov.cn *.1633.com *.sztat.gov.cn *.tky.gov.cn *.qh1633.com *.ztkj.gov.cn *.lgttc.com *.gctt.gov.cn *.xa1633.com *.hncd1633.com *.xmbio.gov.cn *.jjky.gov.cn *.k8008.com *.xctrm.com *.vtitt.com *.scsttc.com *.pszj.pxkc.com.cn *.zjk.jjkjw.gov.cn *.xmsme.gov.cn *.lnjssc.gov.cn *.xyskj.gov.cn *.hhkc.gov.cn *.fjcctt.cn *.dgiptts.com *.kjzbsc.com *.xmdxy.net.cn *.xmhc-bio.com *.fky.gov.cn *.lystis.cn *.ysqkjy.gov.cn *.gljkfhq.com *.226.34 *.226.34:8003;
if ($invalid_referer) {
return 404;
break;
}
proxy_pass http://10.160.12.66:805;
}
12、#!~ ~
location !^/html/build\.html$ {
rewrite (.*) /html/build.html permanent;
}
13、#host参数
location / {
#proxy_set_header Host $host;
if ($host ~ ^policy.test.gov.cn) {
rewrite ^/(.*) /hn51js_G20.shtml break;
proxy_pass http://10.132.61.215:8005;
}
proxy_pass http://10.160.12.65:809;
proxy_set_header x-real-IP $remote_addr;
}
14、#host 防止爬虫
if ($host = 'xxxx.com') {
rewrite ^(.*)$ http://www.xxxx.com$1 permanent;
}
location = /robots.txt {
if ($http_user_agent !~* "spider|bot|Python-urllib|pycurl") {
return 403;
}
}
15、#开启目录列表
#nginx开启目录列表
autoindex on;//自动显示目录
autoindex_exact_size off;//人性化方式显示文件大小否则以byte显示
autoindex_localtime on;//按服务器时间显示,否则以gmt时间显示
