【Nginx】常用配置（路由转发、路径重写、HTTPS等）

[zh-rocco]

Nginx 基础配置说明

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

# 运行用户
user nginx;

# 启动进程,通常设置成和cpu的数量相等
worker_processes auto;

# 全局错误日志
error_log /var/log/nginx/error.log;

# PID文件，记录当前启动的nginx的进程ID
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

# 工作模式及连接数上限
events {
    # 单个后台worker process进程的最大并发链接数
    worker_connections 1024;
}

http {
    # 设定日志
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;

    # 连接超时时间
    keepalive_timeout   65;
    tcp_nodelay         on;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    # gzip压缩开关
    gzip  on;
    # 启用gzip压缩的最小文件，小于设置值的文件将不会压缩
    gzip_min_length  1k;
    # gzip 压缩级别，1-10，数字越大压缩的越好，也越占用CPU时间
    # gzip_comp_level 大于2时效果并不是很明显，所以可以将值设置为1或者2
    gzip_comp_level  2;
    # 进行压缩的文件类型，只需要为 ttf、otf 和 svg 字体启用 gzip，对其他字体格式进行 gzip 压缩时效果不明显
    gzip_types  text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png font/ttf font/otf image/svg+xml;
    # 是否在http header中添加Vary: Accept-Encoding，建议开启
    gzip_vary  on;
    # 禁用IE 6 gzip
    gzip_disable  "MSIE [1-6]\.";
}

路由转发（proxy_pass）

    server {
        listen       5080;
        server_name  localhost;
        client_max_body_size    600m;
        location /api {
            proxy_pass  http://xxx.xxx.xxx.xxx:3000/api; # remote api server
            proxy_set_header  X-Real-IP $remote_addr;
            proxy_set_header  Host $host;
            proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
        }
    }

路径重写（rewrite）

    server {
        listen       5080;
        server_name  localhost;
        client_max_body_size    600m;
        location /api {
            rewrite  ^/api/(.*)$ /$1 break;
            proxy_pass  http://xxx.xxx.xxx.xxx:3000;
            proxy_set_header  X-Real-IP $remote_addr;
            proxy_set_header  Host $host;
            proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
        }
    }

静态资源服务（alias）

    server {
        listen       5080;
        server_name  localhost;
        client_max_body_size    600m;
        location /static/ {
            alias  /path/to/local/direction/;
            autoindex  on;
        }
    }

注意：

alias 后面跟的目录最后一定要加 / 符号，如 /Users/me/code/static/

开启 HTTPS

# 设定实际的服务器列表
upstream blog {
    server 127.0.0.1:3000;
}

server {
    listen       80;
    server_name  singple.com www.singple.com;
    return 301   https://singple.com$request_uri;
}

server {
    listen       443;
    server_name  www.singple.com;
    return 301   https://singple.com$request_uri;
}

server {
    listen 443 ssl http2 default_server;
    server_name  singple.com;

    ssl                        on;
    ssl_certificate            ssl/singple.crt;
    ssl_certificate_key        ssl/singple.key;
    ssl_session_timeout        5m;
    ssl_protocols              TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers                ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers  on;

    location / {
        proxy_pass   http://blog;
    }

    error_page 404 /404.html;
        location = /40x.html {
    }

    error_page 500 502 503 504 /50x.html;
        location = /50x.html {
    }
}

server {
    listen       80 default;
    return       501;
}