我很难尝试找出如何减少我的 NGinx 配置中的“重复行”,只需更改一个属性:
server {
#listen [::]:443 ipv6only=on; ## listen for ipv6
listen 443;
server_name my.website.com;
access_log /var/log/nginx/my.website.com_access.log;
error_log /var/log/nginx/my.website.com_error.log;
ssl on;
ssl_certificate /etc/nginx/website.com/cert.pem;
ssl_certificate_key /etc/nginx/website.com/cert.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP:!kEDH;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:9010;
client_max_body_size 1m; # I limit all the file upload to 1 Mo
error_page 413 =200 https://my.website.com/errors/413; # I send back a 200 HTTP STATUS because Chrome crashes with a 413 (lol)
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# Now, for the two next locations, I will change the body size to 10Mo
location = /picture/create {
proxy_pass http://127.0.0.1:9010;
client_max_body_size 10m; # Here,
error_page 413 =200 https://my.website.com/errors/413;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ^/picture/([0-9]+)/edit$ {
proxy_pass http://127.0.0.1:9010;
client_max_body_size 10m; # And here
error_page 413 =200 https://my.website.com/errors/413;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
我想知道是否可以:
- 将最后两个“位置”简化为一个(列出可能的位置?)
- 避免指示 3 次 proxy_* 配置。我尝试将其放在 server{} 级别,但不起作用(原因很明显)。我还尝试不在最后两个位置提及它们,但这导致我点击 URL 时出现“页面未找到”的情况。
- (顺便问一下,我的 ssl_ciphers 正确吗?)
感谢您的帮助。
答案1
一种方法是创建一个文件并“包含”它。例如,创建一个名为“standard_include.conf”的新文件,其中包含以下文本。
proxy_pass http://127.0.0.1:9010;
error_page 413 =200 https://my.website.com/errors/413;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
然后将您的标准配置如下:
#listen [::]:443 ipv6only=on; ## listen for ipv6
listen 443;
server_name my.website.com;
access_log /var/log/nginx/my.website.com_access.log;
error_log /var/log/nginx/my.website.com_error.log;
ssl on;
ssl_certificate /etc/nginx/website.com/cert.pem;
ssl_certificate_key /etc/nginx/website.com/cert.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP:!kEDH;
ssl_prefer_server_ciphers on;
location / {
include standard_include.conf;
client_max_body_size 1m; # I limit all the file upload to 1 Mo
}
# Now, for the two next locations, I will change the body size to 10Mo
location = /picture/create {
include standard_include.conf;
client_max_body_size 10m; # Here,
}
location ^/picture/([0-9]+)/edit$ {
include standard_include.conf;
client_max_body_size 10m; # And here
}