/etc/nginx/proxy_params

Question

Nginx 可以做很多事情，包括反向代理、缓存和提供内容，但在大型环境中，各个功能会被拆分，以使它们更易于维护或使用更适合的替代方案进行专门化（例如适用于大容量 https:// 的 stud）。

反向代理只是表示位于客户端和实际应用程序之间的某种东西；它实际上是一个误称，应该被称为“服务器代理”。

要在一个域上通过一个证书提供所有内容，请从以下命令开始：

（在 Ubuntu LTS 12.04 上测试）

/etc/nginx/proxy_params

#proxy_set_header Host            $proxy_host; # instead of standard $host
proxy_set_header  X-Real-IP       $remote_addr;
proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;

/etc/nginx/sites-enabled/global_redirects

# note: must disable the built-in 
#       /etc/nginx/sites-enabled/default by removing it (it's a symlink) 
server {

    # redirects all http:// requests to https://
    # critically, passes the original host the client was trying to connect to.
    rewrite ^ https://$host$request_uri? permanent;

    # combined redirect access and error logs for easier correlation
    error_log  '/var/log/nginx/global_redirects';
    access_log '/var/log/nginx/global_redirects';

}

/etc/nginx/sites-enabled/global_ssl

# This serves all enabled-locations over ssl only.
# If there's no match, it shows the default site.

include /etc/nginx/upstreams-enabled/*; # include enabled upstream proxies

server {

    listen 443 ssl;

    ssl_certificate      /etc/nginx/server.crt;
    ssl_certificate_key  /etc/nginx/server.key;

    keepalive_timeout    70;

    root /usr/share/nginx/www;
    index index.html index.htm;

    access_log '/var/log/nginx/global_ssl';
    error_log  '/var/log/nginx/global_ssl';

    include /etc/nginx/locations-enabled/*;

}

/etc/nginx/locations-enabled/bar

# points to hackernews but
# it could be http://10.2.4.5:401/app495 instead
location ~ ^/bar(/.*)?$ {

    include proxy_params;
    include apps/node;

    proxy_pass       http://news.ycombinator.com/$1;

    access_log '/var/log/nginx/bar';
    error_log  '/var/log/nginx/bar';

}

/etc/nginx/locations-enabled/foo

location ~ ^/foo(/.*)?$ {

    include proxy_params;
    include apps/ruby;

    proxy_pass       http://www.linode.com/$1;

    access_log '/var/log/nginx/foo';
    error_log  '/var/log/nginx/foo';

}

/etc/nginx/upstreams-enabled/news.ycombinator.com

upstream news.ycombinator.com {
  server news.ycombinator.com;
}

/etc/nginx/upstreams-enabled/www.linode.com

upstream www.linode.com {
  server www.linode.com;
}

/etc/nginx/apps/ruby

# Place ruby specific directives here

/etc/nginx/apps/节点

# Place node specific directives here

请记住，这不会重写页面中的 URL，因为这些 URL 是由每个应用程序生成的。相反，每个应用程序都应该知道其外部方案、主机、端口和 URL 基础，并适当地生成链接（大多数实际应用程序都支持此功能）。

参考：

Answer 1

Nginx 可以做很多事情，包括反向代理、缓存和提供内容，但在大型环境中，各个功能会被拆分，以使它们更易于维护或使用更适合的替代方案进行专门化（例如适用于大容量 https:// 的 stud）。

反向代理只是表示位于客户端和实际应用程序之间的某种东西；它实际上是一个误称，应该被称为“服务器代理”。

要在一个域上通过一个证书提供所有内容，请从以下命令开始：

（在 Ubuntu LTS 12.04 上测试）

/etc/nginx/proxy_params

#proxy_set_header Host            $proxy_host; # instead of standard $host
proxy_set_header  X-Real-IP       $remote_addr;
proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;

/etc/nginx/sites-enabled/global_redirects

# note: must disable the built-in 
#       /etc/nginx/sites-enabled/default by removing it (it's a symlink) 
server {

    # redirects all http:// requests to https://
    # critically, passes the original host the client was trying to connect to.
    rewrite ^ https://$host$request_uri? permanent;

    # combined redirect access and error logs for easier correlation
    error_log  '/var/log/nginx/global_redirects';
    access_log '/var/log/nginx/global_redirects';

}

/etc/nginx/sites-enabled/global_ssl

# This serves all enabled-locations over ssl only.
# If there's no match, it shows the default site.

include /etc/nginx/upstreams-enabled/*; # include enabled upstream proxies

server {

    listen 443 ssl;

    ssl_certificate      /etc/nginx/server.crt;
    ssl_certificate_key  /etc/nginx/server.key;

    keepalive_timeout    70;

    root /usr/share/nginx/www;
    index index.html index.htm;

    access_log '/var/log/nginx/global_ssl';
    error_log  '/var/log/nginx/global_ssl';

    include /etc/nginx/locations-enabled/*;

}

/etc/nginx/locations-enabled/bar

# points to hackernews but
# it could be http://10.2.4.5:401/app495 instead
location ~ ^/bar(/.*)?$ {

    include proxy_params;
    include apps/node;

    proxy_pass       http://news.ycombinator.com/$1;

    access_log '/var/log/nginx/bar';
    error_log  '/var/log/nginx/bar';

}

/etc/nginx/locations-enabled/foo

location ~ ^/foo(/.*)?$ {

    include proxy_params;
    include apps/ruby;

    proxy_pass       http://www.linode.com/$1;

    access_log '/var/log/nginx/foo';
    error_log  '/var/log/nginx/foo';

}

/etc/nginx/upstreams-enabled/news.ycombinator.com

upstream news.ycombinator.com {
  server news.ycombinator.com;
}

/etc/nginx/upstreams-enabled/www.linode.com

upstream www.linode.com {
  server www.linode.com;
}

/etc/nginx/apps/ruby

# Place ruby specific directives here

/etc/nginx/apps/节点

# Place node specific directives here

请记住，这不会重写页面中的 URL，因为这些 URL 是由每个应用程序生成的。相反，每个应用程序都应该知道其外部方案、主机、端口和 URL 基础，并适当地生成链接（大多数实际应用程序都支持此功能）。

参考：

/etc/nginx/proxy_params

答案1

/etc/nginx/proxy_params

/etc/nginx/sites-enabled/global_redirects

/etc/nginx/sites-enabled/global_ssl

/etc/nginx/locations-enabled/bar

/etc/nginx/locations-enabled/foo

/etc/nginx/upstreams-enabled/news.ycombinator.com

/etc/nginx/upstreams-enabled/www.linode.com

/etc/nginx/apps/ruby

/etc/nginx/apps/节点

相关内容