Nginx搭建反向代理服务器

sunfujian 2020-03-16 原文

default.conf配置

外部访问支持http和https，但是nginx内部统一把请求转换成https转发出去

server { 
    listen 80; 
    server_name sunfj.cn; 
    ## root www/mimvp_proxy; 
    rewrite ^(.*)host$1 permanent;##强制http转https请求 
}
server { 
    listen 443 ssl http2; 
    server_name xxx.cn; 
    ## root www/mimvp_proxy; 
    ssl on;
    
    ssl_certificate /etc/ssl/certs/xxx.crt;
    ssl_certificate_key /etc/ssl/certs/xxx.key;
    
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout 10m;
    
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    
    location / { 
    　　　　proxy_pass  /*proxy address*/; 
    }
    
    location ~ .do$ { 
    　　　　proxy_pass /*proxy address*/; 
    }
    
    location ~* ^/(images|img|javascript|js|css|blog|flash|media|static)/ {
        proxy_pass /*proxy address*/;
    }
    
    location ~* ^/favicon\.ico {
        proxy_pass /*proxy address*/;
    }
    
    location ~* ^/img/logo\.png {
        proxy_pass /*proxy address*/;
    }
    
    location ~ /\.ht {
        deny all;
    }
}

nginx.conf配置

转发请求对应的header参数：underscores_in_headers on;
超时时间配置(全局)：

fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;

docker操作

启动Nginx命令：

docker run --name some-nginx -v /some/content:/usr/share/nginx/html:ro -d nginx

反向代理启动命令：

docker run --name nginx -p 80:80 -p 443:443 -v /home/data/nginx/nginx.conf:/etc/nginx/nginx.conf -v /home/data/nginx/conf.d:/etc/nginx/conf.d -v /etc/ssl/certs:/etc/ssl/certs -d nginx