server {
listen 80;
server_name example.com;
location / {
proxy_pass http://backend_server_ip:port;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /path/to/cert.pem;
ssl_certificate_key /path/to/key.pem;
location / {
proxy_pass http://backend_server_ip:port;
# 其他代理头设置...
}
}
# HTTP重定向到HTTPS
server {
listen 80;
server_name example.com;
return 301 https://$host$request_uri;
}
server {
listen 80;
server_name example.com api.example.com;
location / {
if ($host = "api.example.com") {
proxy_pass http://api_server_ip:port;
}
if ($host = "example.com") {
proxy_pass http://web_server_ip:port;
}
# 其他代理头设置...
}
}
location /ws/ {
proxy_pass http://websocket_server;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
}
upstream backend {
server backend1.example.com;
server backend2.example.com;
server backend3.example.com;
# 可选负载均衡算法
# least_conn; # 最少连接
# ip_hash; # IP哈希
}
server {
location / {
proxy_pass http://backend;
# 其他代理头设置...
}
}
nginx
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;client_max_body_size 100M; # 设置允许的最大请求体大小
proxy_cache_path /path/to/cache levels=1:2 keys_zone=my_cache:10m inactive=60m;
server {
location / {
proxy_cache my_cache;
proxy_cache_valid 200 302 10m;
proxy_cache_valid 404 1m;
# 其他代理设置...
}
}
安全头设置:
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
日志记录:
access_log /var/log/nginx/example.com.access.log;
error_log /var/log/nginx/example.com.error.log;
性能优化:
proxy_buffering on;
proxy_buffer_size 4k;
proxy_buffers 8 16k;
proxy_busy_buffers_size 32k;
健康检查(商业版):
upstream backend {
zone backend 64k;
server backend1.example.com slow_start=30s;
server backend2.example.com;
health_check interval=5s fails=3 passes=2 uri=/health;
}
通过以上配置,您可以实现一个高效、安全且功能丰富的Nginx反向代理服务。