nginx反代配置
•默认分类
1569
0
反代https站点及内容替换
location / {
proxy_ssl_name 目标域名;
proxy_ssl_server_name on;
proxy_set_header Host 目标域名;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_set_header Accept-Encoding "";
sub_filter "https://目标域名" "https://你的域名";
# 开启内容多次替换
sub_filter_once off;
# 禁用缓存
add_header Cache-Control no-cache;
expires 12h;
proxy_pass https://目标域名;
#proxy_set_header Cookie "xxx" ;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
proxy_pass https://目标域名;
}
location ~ .*\.(js|css)?$
{
expires 12h;
proxy_pass https://目标域名;
}proxy_pass代理配置
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
}如果需要反代国内未备案地址,可以把$host改成已备案的域名,例如 qq.com
proxy_http_version 1.1定义用于代理的HTTP协议版本,默认情况下将其设置为1.0。对于Websocket和keepalive连接,您需要使用1.1版。
proxy_cache_bypass $http_upgrade设置websocket不从缓存中获取响应,而是直接通过应用。
Upgrade $http_upgrade和Connection "upgrade"如果您的应用程序使用Websockets,则这些字段是必填字段。
X-Real-IP $remote_addr将真实的客户端地址转发到应用,如果没有设置,你应用获取到将会是Nginx服务器IP地址。
X-Forwarded-For $proxy_add_x_forwarded_for转发客户端请求头的X-Forwarded-For字段到应用。
如果客户端请求头中不存在X-Forwarded-For字段,则$proxy_add_x_forwarded_for变量等同于$remote_addr变量
X-Forwarded-Proto $scheme这将会转发客户端所使用的HTTP协议或者是HTTPS协议。
X-Forwarded-Host $host转发客户端请求的原始主机到应用。X-Forwarded-Port $server_port定义客户端请求的原始端口。
将域名转发到本地端口
server{
listen 80;
server_name tomcat.shaochenfeng.com;
index index.php index.html index.htm;
location / {
proxy_pass http://127.0.0.1:8080; # 转发规则
proxy_set_header Host $proxy_host; # 修改转发请求头,让8080端口的应用可以受到真实的请求
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}将域名转发到另一个域名
server{
listen 80;
server_name baidu.shaochenfeng.com;
index index.php index.html index.htm;
location / {
proxy_pass http://www.baidu.com;
proxy_set_header Host $proxy_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}本地一个端口转发到另一个端口或另一个域名
server{
listen 80;
server_name 127.0.0.1; # 公网ip
index index.php index.html index.htm;
location / {
proxy_pass http://127.0.0.1:8080; # 或 http://www.baidu.com
proxy_set_header Host $proxy_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}加 / 与不加 /
在配置proxy_pass代理转发时,如果后面的url加/,表示绝对根路径;如果没有/,表示相对路径
多端口多项目
server
{
listen 81;
index index.html index.htm index.php;
root /home/wwwroot/a;
#error_page 404 /404.html;
# Deny access to PHP files in specific directory
#location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }
include enable-php.conf;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /\.
{
deny all;
}
access_log /home/wwwlogs/access.log;
}location目录定向
location /download {
alias /home/download;
sendfile on;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
charset utf-8;
}反代onedrive
location /
{
expires 12h;
if ($request_uri ~* "(php|jsp|cgi|asp|aspx)")
{
expires 0;
}
proxy_pass https://94ish-my.sharepoint.com;
proxy_set_header Host 94ish-my.sharepoint.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_buffering off;
proxy_cache off;
proxy_set_header X-Forwarded-Proto $scheme;
add_header X-Cache $upstream_cache_status;
}反代站点设置
sub_filter "xxx-my.sharepoint.com" "填入反代Onedrive的域名";
sub_filter_once off;最后更新 2023-07-02