1.nginx防跨域配置
add_header Access-Control-Allow-Origin $http_Origin;
add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
add_header Access-Control-Allow-Headers '*';
if ($request_method = 'OPTIONS') { return 204;}
2.nginx缓存配置
2.1 http下先定义缓存空间
proxy_temp_path /dev/shm/nginx_cache/proxy_temp_dir;
proxy_cache_path /dev/shm/nginx_cache/proxy_cache_dir levels=1:2 keys_zone=cache_html:500m inactive=1d max_size=1g;
2.2 在需要进行缓存的location 下配置
proxy_cache cache_html; #引用第一步设置的缓存空间
proxy_cache_valid 200 304 15m; #将200 304状态码缓存15分钟
proxy_cache_key $host$uri$is_args$args; #定义完整需要缓存的URL
proxy_set_header Host $host; #定义传到后端的host
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_504; #当后端返回超时或502时,下一跳请求
proxy_ignore_headers Set-Cookie; #忽略cookie提高命中率
proxy_ignore_headers X-Accel-Expires Expires Cache-Control; #忽略缓存头提高命中率
add_header Nginx-Cache "$upstream_cache_status"; #响应头里显示命中状态
2.3 配置清理nginx缓存,前提是nginx需要安装purage模块,清理缓存时,将URL放到/purge/后边去请求
location ~ ^/purge(/.*) {
allow 127.0.0.1;
allow 192.168.0.0/16;
deny all;
add_header X-Purge 'cache_html'; #注意缓存空间要一致
proxy_cache_purge cache_tuangou $host$1$is_args$args;
}
3.nginx配置websocket反向代理
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Origin "";
4.nginx配置json日志格式
log_format lognormal '{"@timestamp":"$time_iso8601","remote_addr":"$remote_addr","host":"$host","request_method":"$request_method","uri":"$uri","request_uri":"$request_uri",'
'"status":$status,"body_bytes_sent":$body_bytes_sent,"http_referer":"$http_referer",'
'"http_user_agent":"$http_user_agent","http_x_forwarded_for":"$http_x_forwarded_for",'
'"upstream_addr":"$upstream_addr","upstream_status":"$upstream_status","upstream_response_time":"$upstream_response_time",'
'"server_addr":"$server_addr","request_time":$request_time,"scheme":"$scheme",'
'"remote_port":"$remote_port"}';
5.nginx https的标准设置
listen 443 ssl http2; #需安装httpv2模块
#hsts enable
#add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
#ssl on;
ssl_certificate cert/xx.crt;
ssl_certificate_key cert/xx.key;
ssl_prefer_server_ciphers on;
# self define
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AE
S256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA2
56:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
6.nginx通过map定义变量
6.1通过定义变量获取真实的网友IP,先取x-forward-for,为空时去remoteAddress,
map $http_x_forwarded_for $clientRealIp {
"" $remote_addr;
~^(?P<firstAddr>[0-9\.]+),?.*$ $firstAddr;
}
6.2 获取网友真实IP的C段配置
map $http_x_forwarded_for $cRealIp {
~^(?P<cfirstAddr>[\d]+\.[\d]+\.[\d]+),?.*$ $cfirstAddr;
}
6.3 区分爬虫和真实网友的useragent
map $http_user_agent $useragent {
default "";
~*spider "spider";
~*bot "spider";
}
7.nginx通过useragent进行爬虫或手机端判断
7.1通过useragent判断爬虫
if ( $http_user_agent ~* (spider|bot|Yahoo\!|dita|crawl) ) {
rewrite (.*) /SPIDER$1 last;
}
7.2 通过useragent判断手机端
if ( $http_user_agent ~* (mobile|nokia|iphone|ipad|ipod|android|samsung|htc|blackberry) ) {
rewrite (.*) /WAP$1 last;
}
8.nginx通过404下一跳访问另外一组机器
8.1通过404状态码可以实现相同入口下,两组机器资源不一致的情况
upstream WEB_APP { #第一组机器
server 172.16.1.1:6020 fail_timeout=2s max_fails=0;
}
upstream WEB_HTML { #第二组机器
server 172.16.1.2:6060 fail_timeout=2s max_fails=0;
}
location ~ ^/aa {
proxy_intercept_errors on; #该配置会将后端的错误状态码专递回来
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect off;
proxy_pass http://WEB_APP; #正常请求第一组机器
recursive_error_pages on; #该配置会将第二跳后端的错误状态码传递回来
error_page 404 = @WEB_APP_fallback; #404后通过WEB_APP_fallback请求第二组机器
}
location @WEB_APP_fallback {
internal;
include nginx_proto.conf;
proxy_pass http://WEB_HTML;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_intercept_errors on;
}