Nginx笔记
Nginx开发从入门到精通 — Nginx开发从入门到精通
NGINXConfig | DigitalOcean
The easiest way to configure a performant, secure, and stable nginx server.
相关文档
贡献导引 | Nginx中文文档
一键安装shell
基础安装
apt-get update
sudo apt install nginx
开启自启动/启动
systemctl enable nginx
systemctl start nginx
配置
自动文件夹 autoindex on; 路径/etc/nginx可视化配置NGINXConfig | DigitalOcean
代理会携带路径一起转发,如果不需要携带,需要配置rewirte
server {
listen 80;
server_name domain.com;
location / {
proxy_set_header Host $http_host;
proxy_pass <http://127.0.0.1:8080>;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /api {
proxy_pass <http://127.0.0.1:8088>;
rewrite "^/api/(.*)$" /$1 break;
}
}
控制body大小
在http作用域下
client_max_body_size 20m;
静态文件服务
这里可以结合CDN进行加速,或者使用CDN的图片压缩,裁剪工具
这里最后会访问到/data/upload
location /upload/ {
root /data/;
}
OPENAI 代理配置
server {
listen 80;
server_name openai.xxx.com;
#开启openai接口的gzip压缩,大量重复文本的压缩率高,节省服务端流量
gzip on;
gzip_min_length 1k;
gzip_types text/event-stream;
access_log /var/log/nginx/openai.log;
error_log /var/log/nginx/openai.error.log;
#如需部署在网站子路径,如"example.com/chatgpt",配置如下
#location ^~ /chatgpt/v1 {
location ^~ /v1 {
proxy_ssl_server_name on;
proxy_pass <https://api.openai.com/v1>;
proxy_set_header Host api.openai.com;
#注意Bearer 后改为正确的token。如需用户自定义API key,可注释掉下一行
#proxy_set_header Authorization "Bearer sk-xxxx";
proxy_pass_header Authorization;
#流式传输,不关闭buffering缓存会卡顿卡死,必须配置!!!
proxy_buffering off;
}
}
之后配置即可使用
OPENAI_PROXY=https://openai.xxx.com/v1
前端History模式处理
# index.html fallbacklocation / {try_files $uri $uri/ /index.html;}
泛域名解析
参考 https://github.com/acmesh-official/acme.sh/wiki/说明https://gaojiajun.cn/2018/03/centos-config-extensive-domain-https/
dns验证
# 这里的id和key是dns的开放
export DP_Id="356986" # 你刚才生成的Id
export DP_Key="9c07a43e36e741107aaa2846ae75de8d" # 你刚才生成的token
acme.sh --issue --dns dns_dp -d *.abfree.com # dns_dp表示以dnspod解析,-d后面的为你的主域名
添加域名
acme.sh --installcert -d *.abfree.com --key-file /home/ssl/*.abfree.com.key --fullchain-file /home/ssl/*.abfree.com.cer --reloadcmd "service nginx force-reload"
单域名设置
# subdomains redirect
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name *.example.com;
# SSL
ssl_certificate /etc/nginx/ssl/example.com.crt;
ssl_certificate_key /etc/nginx/ssl/example.com.key;
}
# HTTP redirect
server {
listen 80;
listen [::]:80;
server_name .example.com;
return 301 https://example.com$request_uri;
}
鉴权网关
参考
https://blog.gtwang.org/linux/nginxs-auth-request-module-tutorial-examples/
location /auth {
internal; # 只允许内部调用,外部调用报404
proxy_pass <http://localhost:8088>;
proxy_pass_request_body off; # 不向上游发送包体
proxy_set_header Content-Length ""; # 同上,看情况加或不加
proxy_set_header X-Original-URI $request_uri; # 传递真实请求路径
proxy_set_header X-Original-Remote-Addr $remote_addr; # 传递真实访问者地址
proxy_set_header X-Original-Host $host; # 传递真实请求地址
}
location /directus {
auth_request /auth;
auth_request_set $user $upstream_http_x_forwarded_user;
# 当认证结束后,将上游的信息存储在变量中
auth_request_set $auth $upstream_http_authorization;
proxy_set_header X-User $user; # 可以传递Header
proxy_set_header Authorization $auth; # 可以传递Header
add_header Set-Cookie $user; # 可以传递Cookie
proxy_pass <http://localhost:8055>;
rewrite "^/directus/(.*)$" /$1 break;
}
跨域问题
server {
listen 80;
server_name b.com a.com;
location / {
set $origin '*';
if ($http_origin) {
set $origin "$http_origin";
}
proxy_set_header Host $http_host;
proxy_pass <http://127.0.0.1:8088>;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header 'Access-Control-Allow-Origin' "$origin";
add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'content-type, authorization, x-requested-with, token, userType';
add_header Access-Control-Allow-Credentials 'true';
if ($request_method = 'OPTIONS') {
return 204;
}
}
}
