Konfiguration des Nginx Web Reverse Proxy Servers

NGINX-Version

nginx / 1.18.0

Kompilierter Parameter

–Präfix = / usr / local / nginx \
–Benutzer = niemand \
–Gruppe = niemand \
–with-http_stub_status_module \
–with-http_ssl_module \
–with-http_v2_module \
–with-http_gzip_static_module \
–with-http_sub_module \
–With-Stream \
–with-stream_ssl_module \
–with-openssl = / usr / local / openssl-1.1.1c \
–with-openssl-opt = ’enable-tls1_3 enable-schwach-ssl-chiffren’ \
–with-http_flv_module \
–with-http_mp4_module \
–with-http_realip_module \
–with-cc-opt = -DTCP_FASTOPEN = 23 \
–with-file-aio \
–add-module = / usr / local / nginx-ct \
–add-module = / usr / local / ngx_brotli / \
–add-module = / usr / local / nginx_upstream_check \
–http-client-body-temp-path = / var / tmp / nginx / client / \
–http-proxy-temp-path = / var / tmp / nginx / proxy \
–without-mail_pop3_module \
–without-mail_imap_module \
–without-mail_smtp_module \
–without-http_uwsgi_module \
–ohne-http_scgi_module

HTTP-Teil von nginx.conf

http
{
include mime.types;
default_type application / octet-stream;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 5m;
sendfile on;
tcp_nopush ein;
keepalive_timeout 15;
tcp_nodelay on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 256k;
include vhost / *. conf;
Upstream http {
Server IP:80;
Prüfintervall = 3000 Anstieg = 2 Abfall = 4 Zeitüberschreitung = 1000;
}
Upstream https {
Server IP:443;
Prüfintervall = 3000 Anstieg = 2 Abfall = 4 Zeitüberschreitung = 1000;
}
}

HTTP-Protokollparameter

Server {
Hör mal zu 80;
Servername Domain www.domain;
#Zeichensatz koi8-r;
#access_log logs / host.access.log main;
Ort / {
proxy_pass http://http;
proxy_set_header X-Real-IP $ remote_addr;
proxy_set_header X-Forwarded-For $ proxy_add_x_forwarded_for;
proxy_redirect aus;
}
}

HTTPS-Protokollparameter

proxy_cache_path /../path/../domain/static Ebenen = 1:2 keys_zone = local_cache:100m inaktiv = 1d use_temp_path = off max_size = 2g;
Server {
Servername Domain www.domain;
Hör mal zu 443 ssl http2;
ssl_certificate /../path/../nginx/conf/certificate/domain.crt;
ssl_certificate_key /../path/../nginx/conf/certificate/domain.key;
ssl_session_cache freigegeben:SSL:18m;
ssl_session_timeout 20m;
ssl_session_tickets on;
ssl_ciphers “ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:AND-RSA-AES256-GCM-SHA384:AND-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AND-RSA-AES256-SHA256:AND-RSA-AES128-SHA256:AND-RSA-AES256-SHA:AND-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HOCH:!aNULL:!eNULL:!EXPORT:!VON:!MD5:!PSK:!RC4”;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
#Zeichensatz koi8-r;
#access_log logs / host.access.log main;
Ort / {
proxy_pass https://https;
#proxy_set_header Host $ http_host;
proxy_set_header Host $ host;
proxy_set_header X-Real-IP $ remote_addr;
proxy_set_header X-Forwarded-For $ proxy_add_x_forwarded_for;
proxy_redirect aus;
}
Lage ~ .*.(mp3|gif|jpg|JPEG|bmp|png|ico|TXT|js|CSS|woff2|woff|ttf|svg|EOT)$ {
proxy_pass https://https;
proxy_cache local_cache;
proxy_cache_key $ uri $ is_args $ args;
add_header X-Cache $ upstream_cache_status;
proxy_cache_valid 200 30d;
proxy_cache_valid 301 302 30d;
#proxy_cache_valid beliebig 1m;
läuft 30d ab;
}
access_log /../path/../domain.log;
}