.png)
我一直在努力将 Nginx 配置为反向代理。我已经让大多数机制正常工作,但过去 3 天我一直在努力控制缓存标头,作为 Nginx 新手,这让我抓狂不已……
看起来我不明白如何定位区块链。
我会非常感激你的帮助
我想要的很简单
- 所有内容类型
text/html都有标题Cache-Control: max-age=60, public, must-revalidate - 所有 css/js/images 等...都有标题
Cache-Control: max-age=315360000, public - 404 和所有错误均无缓存控制
谢谢您对如何完成此事的任何建议。
这里我有代理设置(似乎按预期工作)
proxy_cache_path /tmp/example levels=1:2 keys_zone=example:100m max_size=4g inactive=60m;
proxy_temp_path /tmp/example/tmp;
server {
listen 80;
server_name example.com;
# is this realy needed?
# Perhaps it should point to an empty folder
root /var/www/vhosts/example.com/www;
location ~ /\. {
deny all;
}
location ~ /purge(/.*) {
proxy_cache_purge nx_anto "$scheme$request_method$host$1";
}
location / {
proxy_cache example;
proxy_cache_key "$scheme$request_method$host$request_uri";
proxy_connect_timeout 60s;
proxy_cache_methods GET HEAD;
# don't honour cache headers from the app server
# proxy_ignore_headers Cache-Control Set-Cookie Expires Cache-Control;
proxy_cache_lock on;
# proxy_cache_min_uses 3;
# proxy_cache_valid 301 24h;
# keep objects long enough for proxy_cache_use_stale
proxy_cache_valid 200 302 1h;
# 404 errors
proxy_cache_valid any 5m;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
# to pass If-Modified-Since to the origin server
# proxy_cache_revalidate on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# hide cache-related headers
proxy_hide_header X-Powered-By;
# this avoids having duplicate Vary headers sent to final client.
proxy_hide_header Vary;
# proxy_hide_header Pragma;
# proxy_hide_header Expires;
# proxy_hide_header Last-Modified;
# proxy_hide_header Cache-Control;
# proxy_hide_header Set-Cookie;
set $skip_cache 0;
# POST requests and urls with a query string should always go to PHP
if ($request_method = POST) {
set $skip_cache 1;
}
# wordpress adds query strings to css and js that we want to cache
# if ($query_string != "") {
# set $skip_cache 1;
# }
# Don't cache uris containing the following segments
if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
set $skip_cache 1;
}
# Don't use the cache for logged in users or recent commenters
# if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
# wordpress_[a-f0-9]+ was blocking cache on loged out users
if ($http_cookie ~* "comment_author|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
set $skip_cache 1;
}
proxy_cache_bypass $skip_cache;
proxy_no_cache $skip_cache;
# for debugging
add_header "X-Cache-Status" $upstream_cache_status;
add_header "X-Dummy" $sent_http_content_type;
proxy_pass http://example.com:8080;
}
}
现在来了应用程序虚拟主机
server {
listen 8080;
server_name example.com;
root /var/www/vhosts/example.com/www;
index index.php;
server_tokens off;
etag off;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ .php$ {
include fastcgi_params;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_script_name;
fastcgi_pass unix:/run/php/php5.6-fpm_example.sock;
access_log /var/log/nginx/phpfpmonly-access-example.log;
try_files $uri /index.php =404;
## I never got this condition to work
# if ($sent_http_content_type ~* "text/html") {
# add_header "Cache-Control" "public, must-revalidate, proxy-revalidate";
# expires 60s;
# }
}
}
现在我想控制 css/js 等的标题...
location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom||zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|css|js|ico|gif|jpe?g|png|svg|eot|otf|woff|woff2|ttf|ogg) {
expires max;
add_header Cache-Control "public";
}
我尝试将此位置块放入任何服务器块(代理或应用程序),但从未得到我想要的结果。将此位置块放入应用程序服务器块会中断 php(返回 php 源代码)
答案1
您应该使用 fastcgi 缓存,而不是代理缓存,除非您有充分的理由使用代理缓存。我有一个教程可以准确说明您要做什么,您可以点击这里阅读,并且它有可下载的配置文件。
您必须在 Nginx 中内置 mod_headers 来控制标头。我的教程介绍了这一点。
SF 希望答案包含在问题中,以防网站消失。网站将更易于阅读,并且应该会存在一段时间。复制如下以供参考。
Nginx 配置文件
# Caching. Putting the cache into /dev/shm keeps it in RAM, limited to 10MB, for one day.
# You can move to disk if you like, or extend the caching time
fastcgi_cache_path /dev/shm/hr_nginxcache levels=1:2 keys_zone=HR_CACHE:50m inactive=1440m; #RAM
upstream php {
server 127.0.0.1:9001;
}
# http production headphone reviews server
server {
server_name www.example.com;
listen 443 ssl http2;
ssl_certificate /var/lib/acme/certs/***CERT_DIRECTORY/fullchain;
ssl_certificate_key /var/lib/acme/certs/***CERT_DIRECTORY/privkey;
# Set up preferred protocols and ciphers. TLS1.2 is required for HTTP/2
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
# This tells the browser not to bother trying to use http for an hour - it should probably
# be put up to a week or so, and leave it disabled for testing
# add_header Strict-Transport-Security "max-age=3600" always;
# This does the same but for subdomains as well
# add_header Strict-Transport-Security "max-age=3600; includeSubDomains" always;
root /var/www/***folder;
# First line is a cached access log, second logs immediately
access_log /var/log/nginx/hr.access.log main buffer=128k flush=60 if=$log_ua;
# access_log /var/log/nginx/hr.access.log main;
# Rules to work out when cache should/shouldn't be used
set $skip_cache 0;
# POST requests and urls with a query string should always go to PHP
if ($request_method = POST) {
set $skip_cache 1;
}
if ($query_string != "") {
set $skip_cache 1;
}
# Don't cache uris containing the following segments. 'admin' is for one of my websites, it's not required
# for everyone. I've removed index.php as I want pages cached.
#if ($request_uri ~* "/wp-admin/|/admin-*|/purge*|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
if ($request_uri ~* "/wp-admin/|/admin-*|/purge*|/xmlrpc.php|wp-.*.php|/feed/|sitemap(_index)?.xml") {
set $skip_cache 1;
}
# Don't use the cache for logged in users or recent commenters
# if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|code|PHPSESSID") {
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wordpress_logged_in|code") {
set $skip_cache 1;
}
# If we skip the cache it's likely customised for one user. Set the caching headers to match.
# http://www.mobify.com/blog/beginners-guide-to-http-cache-headers/
if ($skip_cache = 1) {
set $cacheControl "private, max-age=0, s-maxage=0, no-cache, no-store";
}
if ($skip_cache = 0) {
set $cacheControl "public, max-age=86400, s-maxage=86400";
}
# Default location to serve
location / {
# If the file can't be found try adding a slash on the end - it might be
# a directory the client is looking for. Then try the Wordpress blog URL
# this might send a few requests to PHP that don't need to go that way
try_files $uri $uri/ /blog/index.php?$args;
more_clear_headers Server; more_clear_headers "Pragma"; more_clear_headers "Expires";
# add_header Z_LOCATION "hr_root"; add_header URI $uri; # DEBUG
}
# Add trailing slash to */wp-admin requests.
rewrite /blog/wp-admin$ $scheme://$host$uri/ permanent;
# HR SEO rewrite rules
location /headphone {
rewrite ^/headphone\/([0-9a-zA-Z_\-\s\+]+)\/([0-9a-zA-Z_\-\s\+\(\)\.]+)$ /headphone.php?action=searchOne&headphoneName=$2&manufacturerName=$1;
# add_header Z_LOCATION "headphone-rewrite"; add_header URI $uri; # DEBUG
}
location /headphones {
rewrite ^/headphones\/([0-9a-zA-Z_\-\s\+]+)$ /headphone.php?action=searchManufacturer&manufacturerName=$1;
# add_header Z_LOCATION "headphoneS-rewrite"; add_header URI $uri; # DEBUG
}
# Don't log robots errors but log access
location = /robots.txt {
allow all; log_not_found off;
# on is the default - access_log on;
more_clear_headers Server; more_clear_headers "Pragma";
}
#Deny public access to wp-config.php
location ~* wp-config.php {
deny all;
}
# Don't log errors finding static resources, and optionally set the expires time to maximum
# NB I removed ICO so I could redirect favicon below - longer string therefore location matched
location ~* \.(jpg|jpeg|png|gif|css|js|ico|svg)$ {
log_not_found off; access_log off;
valid_referers none blocked server_names ~($host) ~(googleusercontent|google|bing|yahoo);
if ($invalid_referer) {
rewrite (.*) /stop-stealing-images.png redirect;
# drop the 'redirect' flag for redirect without URL change (internal rewrite)
}
# Set up caching - 8 days for static resources
# Remove the old unnecessary Pragma and hide the server version
more_clear_headers "Cache-Control";
add_header Cache-Control "public, max-age=691200, s-maxage=691200";
more_clear_headers Server; more_clear_headers "Pragma"; more_clear_headers "Expires";
# Debug remove
# add_header Z_LOCATION "HR STATIC RESOURCES REGEX"; add_header URI $uri;
}
# *** Find yourself a suitable graphic
location = /stop-stealing-images.png { }
# Rate limit wp-login.php to help prevent brute force attacks
location = /blog/wp-login.php {
# Next line applies the rate limit defined above
limit_req zone=login burst=3;
fastcgi_keep_conn on;
fastcgi_intercept_errors on;
fastcgi_pass php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
more_clear_headers "Cache-Control";
more_clear_headers Server; more_clear_headers "Pragma"; more_clear_headers "Expires";
# No caching
more_clear_headers "Cache-Control";
add_header Cache-Control "private, max-age=0, no-cache, no-store";
more_clear_headers "Expires";
# DEBUG remove
# add_header Z_LOCATION "HR-WP-LOGIN"; add_header URI $uri;
# add_header Z_CACHE_CONTROL $cacheControl;
}
# Wordpress admin caching headers are set correctly, for pages and resources. The only reason we define
# this block separately is to avoid messing with the headers in the main php block.
# This is probably unnecessary because of the skip_cache variable and may be removed
location ~* wp-admin {
fastcgi_keep_conn on;
fastcgi_intercept_errors on;
fastcgi_pass php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# add_header Z_LOCATION "WP_ADMIN"; add_header URI $uri; add_header "Z_SKIP_CACHE" $skip_cache; # DEBUG
}
# Send HipHop and PHP requests to HHVM
location ~ \.(hh|php)$ {
fastcgi_keep_conn on;
fastcgi_intercept_errors on;
fastcgi_pass php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# Use the cache defined above. Cache 200 (success) status's, for 24 hours, and cache
# specific other status's for an hour. This helps mitigate DDOS attacks.
# Only cache GET and HEAD requests
fastcgi_cache HR_CACHE;
fastcgi_cache_valid 200 1440m;
fastcgi_cache_valid 403 404 405 410 414 301 302 307 60m;
add_header X-Cache $upstream_cache_status;
fastcgi_cache_methods GET HEAD;
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
# Set the cache control headers we prepared earlier. Remove the old unnecessary Pragma and hide
# the server version. Clearing existing headers seems necessary
more_clear_headers "Cache-Control";
add_header Cache-Control $cacheControl;
more_clear_headers "Pragma"; more_clear_headers Server; more_clear_headers "Expires";
# add_header Z_LOCATION "HR PHP MAIN"; add_header URI $uri;
}
# Deny access to uploads which aren’t images, videos, music, etc.
location ~* ^/wp-content/uploads/.*.(html|htm|shtml|php|js|swf)$ {
deny all;
# add_header Z_LOCATION "DENY WPCONTENT UPLOADS"; add_header URI $uri; # DEBUG
}
# Create a custom error page that gives the user a more useful error message
error_page 400 404 500 502 503 504 /error.html;
location = /error.html {
root /var/www/hr;
internal;
}
# This is for issuing certificates
location /.well-known/acme-challenge/ {
root /var/www/acme-challenge/;
}
}
# Forward non-www requests to www
server {
listen 80;
server_name example.com www.example.com;
access_log /var/log/nginx/hr.access.log main buffer=128k flush=1m if=$log_ua;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl http2;
server_name example.com;
ssl_certificate /var/lib/acme/certs/***CERT_DIRECTORY/fullchain;
ssl_certificate_key /var/lib/acme/certs//***CERT_DIRECTORY/privkey;
# Set up preferred protocols and ciphers. TLS1.2 is required for HTTP/2
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
access_log /var/log/nginx/hr.access.log main buffer=128k flush=1m if=$log_ua;
return 301 https://www.example.com$request_uri;
以下是我构建 Nginx 的方法
cd /home/ec2-user
mkdir nginx-build
cd nginx-build
service nginx stop
yum groupinstall "Development Tools"
yum install pcre-devel zlib-devel openssl-devel
wget http://nginx.org/download/nginx-1.9.11.tar.gz
wget http://labs.frickle.com/files/ngx_cache_purge-2.3.tar.gz
wget https://github.com/openresty/headers-more-nginx-module/archive/v0.29.tar.gz
tar -xzf nginx-1.9.11.tar.gz
tar -xzf ngx_cache_purge-2.3.tar.gz
tar -xzf v0.29.tar.gz
tar -xzf 1.9.32.10.tar.gz # Google Pagespeed, optional
ngx_version=1.9.32.10
wget https://github.com/pagespeed/ngx_pagespeed/archive/release-${ngx_version}-beta.zip # Google Pagespeed, optional
cd ngx_pagespeed-release-1.9.32.10-beta # Google Pagespeed, optional
wget https://dl.google.com/dl/page-speed/psol/${ngx_version}.tar.gz # Google Pagespeed, optional
cd ../nginx-1.9.9
# Note that I have no idea what the next line does but it was in the official guide
PS_NGX_EXTRA_FLAGS="--with-cc=/opt/rh/devtoolset-2/root/usr/bin/gcc"
# Safe option, slower, lots of modules included
#./configure --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-threads --with-stream --with-stream_ssl_module --with-http_slice_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-http_v2_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' --add-module=/tmp/ngx_cache_purge-2.3 --add-module=/tmp/headers-more-nginx-module-0.29 --with-http_realip_module --add-modeule=../ngx_pagespeed-release-1.9.32.10-beta
# Many plugins removed, extra optimisations including some JUST for the machine it's compiled on
./configure --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_gunzip_module --with-http_gzip_static_module --with-threads --with-file-aio --with-ipv6 --with-http_v2_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=native' --add-module=../ngx_cache_purge-2.3 --add-module=../headers-more-nginx-module-0.29 --with-http_realip_module --add-module=../ngx_pagespeed-release-1.9.32.10-beta
make && make install
make clean (NB: optional)
service nginx start