NginxWebリバースプロキシサーバーの構成

NGINXバージョン

nginx / 1.18.0

コンパイルされたパラメータ

–プレフィックス= / usr / local / nginx \
–user = nobody \
–group = nobody \
–と-http_stub_status_module \
–と-http_ssl_module \
–と-http_v2_module \
–と-http_gzip_static_module \
–と-http_sub_module \
–with-stream \
–with-stream_ssl_module \
–with-openssl = / usr / local / openssl-1.1.1c \
–with-openssl-opt = ’enable-tls1_3 enable-weak-ssl-ciphers’ \
–と-http_flv_module \
–と-http_mp4_module \
–と-http_realip_module \
–with-cc-opt = -DTCP_FASTOPEN = 23 \
–with-file-aio \
–add-module = / usr / local / nginx-ct \
–add-module = / usr / local / ngx_brotli / \
–add-module = / usr / local / nginx_upstream_check \
–http-client-body-temp-path = / var / tmp / nginx / client / \
–http-proxy-temp-path = / var / tmp / nginx / proxy \
–without-mail_pop3_module \
–without-mail_imap_module \
–without-mail_smtp_module \
–なし-http_uwsgi_module \
–なし-http_scgi_module

nginx.confのHTTP部分

http
{
mime.typesを含める;
default_type application / octet-stream;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 5m;
sendfile on;
tcp_nopush on;
keepalive_timeout 15;
tcp_nodelay on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 256k;
vhost/*。confを含める;
アップストリームhttp {
サーバーIP:80;
チェック間隔= 3000上昇= 2下降= 4タイムアウト= 1000;
}
アップストリームhttps {
サーバーIP:443;
チェック間隔= 3000上昇= 2下降= 4タイムアウト= 1000;
}
}

HTTPプロトコルパラメータ

サーバ {
聴く 80;
server_nameドメインwww.domain;
#文字セットkoi8-r;
#access_log logs / host.access.log main;
ロケーション / {
proxy_pass http://http;
proxy_set_header X-Real-IP $ remote_addr;
proxy_set_header X-Forwarded-For $ proxy_add_x_forwarded_for;
proxy_redirect off;
}
}

HTTPSプロトコルパラメータ

proxy_cache_path /../ path /../ domain / staticlevels = 1:2 keys_zone = local_cache:100m非アクティブ= 1d use_temp_path = off max_size = 2g;
サーバ {
server_nameドメインwww.domain;
聴く 443 ssl http2;
ssl_certificate /../path/../nginx/conf/certificate/domain.crt;
ssl_certificate_key /../path/../nginx/conf/certificate/domain.key;
ssl_session_cache共有:SSL:18m;
ssl_session_timeout 20m;
ssl_session_ticketson;
ssl_ciphers “ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256、SHA256:DHE-RSA-AES128、SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:高い:!aNULL:!eNULL:!書き出す:!の:!MD5:!PSK:!RC4”;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
#文字セットkoi8-r;
#access_log logs / host.access.log main;
ロケーション / {
proxy_pass https://https;
#proxy_set_headerホスト$ http_host;
proxy_set_headerホスト$ host;
proxy_set_header X-Real-IP $ remote_addr;
proxy_set_header X-Forwarded-For $ proxy_add_x_forwarded_for;
proxy_redirect off;
}
場所〜 .*.(mp3|gif|jpg|jpeg|bmp|png|ico|txt|js|css|woff2|woff|ttf|svg|EOT)$ {
proxy_pass https://https;
proxy_cache local_cache;
proxy_cache_key $ uri $ is_args $ args;
add_headerX-キャッシュ$ upstream_cache_status;
proxy_cache_valid 200 30d;
proxy_cache_valid 301 302 30d;
#proxy_cache_valid任意の1m;
30日で期限切れ;
}
access_log /../ path /../ domain.log;
}