Home | 簡體中文 | 繁體中文 | 雜文 | 打賞(Donations) | ITEYE 博客 | OSChina 博客 | Facebook | Linkedin | 知乎專欄 | Search | Email

45.8. Example

45.8.1. Nginx + Tomcat

例 45.4. Nginx + Tomcat

server {
    listen       80;
    server_name  www.example.com;

    charset utf-8;
    access_log  /var/log/nginx/www.example.com.access.log;

    location / {
	    proxy_pass http://127.0.0.1:8080;
        proxy_set_header    Host    $host;
        proxy_set_header    X-Real-IP   $remote_addr;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    location ~ ^/WEB-INF/ {
        deny  all;
    }
	
    location ~ \.(html|js|css|jpg|png|gif|swf)$ {
        root /www/example.com/www.example.com;
        expires 1d;
    } 
    location ~ \.(ico|fla|flv|mp3|mp4|wma|wmv|exe)$ {
        root /www/example.com/www.example.com;
        expires 7d;
    }
    location ~ \.flv {
        flv;
    }

    location ~ \.mp4$ {
        mp4;
    }

}
			

45.8.2. 攔截index.html

背景:網站推廣審核需要隱藏或不現實首頁,其他頁面正常

需求:要求訪問首頁事顯示指定頁面

server {
    listen       80;
    server_name any.netkiller.cn;

    charset utf-8;
    access_log  /var/log/nginx/any.netkiller.cn.access.log;
    error_log  /var/log/nginx/any.netkiller.cn.error.log;

    location /index.html {
		ssi on;
		proxy_set_header Accept-Encoding "";
        proxy_pass http://172.16.0.1/www/temp.html;
        proxy_set_header Host www.netkiller.cn;

    }

    location / {
		ssi on;
		rewrite ^/$ /zt/your.html; 
		
		proxy_set_header Accept-Encoding "";
		proxy_pass http://127.0.0.1:8080;
        proxy_set_header    Host    $host;
        proxy_set_header    X-Real-IP   $remote_addr;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    error_page  404              /error/404.html;
    error_page  403              /error/403.html;
    error_page  502              /error/502.html;
    error_page  500 502 503 504  /error/500.html;

    location ~ ^/WEB-INF/ {
        deny  all;
    }
	
    location ~ \.(html|js|css|jpg|png|gif|swf)$ {
        root /www/netkiller.cn/www.netkiller.cn;
        expires 1d;
    } 
    location ~ \.(ico|fla|flv|mp3|mp4|wma|wmv|exe)$ {
        root /www/netkiller.cn/www.netkiller.cn;
        flv;
        mp4;
        expires 7d;
    }
    location /zt {
		root /www/netkiller.cn/www.netkiller.cn;
		rewrite ^(.*)\;jsessionid=(.*)$ $1 break;
		expires 1d;
    }
    location ^~ /zt/other/ {
		ssi on;
        proxy_set_header Accept-Encoding "";
        proxy_pass http://172.16.0.1/www/;
        proxy_set_header Host www.netkiller.cn;
		proxy_cache www;
		proxy_cache_valid  200 302  1m;
    }

    location /module {
        root /www/netkiller.cn/www.netkiller.cn;
    }
}
		

45.8.3. Nginx -> Nginx -> Tomcat

背景各種原因需要再Nginx前面再增加一層Nginx雖然需求很變態,本着學習的目的試了試。

這裡還使用了 http2 加速 nginx ssl http2 -> nginx ssl http2 -> Tomcat 8080

    server {
        listen       443 ssl http2;
        server_name  www.netkiller.cn;

        ssl_certificate      ssl/netkiller.cn.crt;
        ssl_certificate_key  ssl/netkiller.cn.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;
    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

        location / {

	        proxy_buffers 16 4k;
	        proxy_buffer_size 2k;
	
	        proxy_pass https://www.netkiller.cn;
	        proxy_pass_header   Set-Cookie;
	        add_header From     www.netkiller.cn;
	        proxy_set_header    Cookie $http_cookie;
	        proxy_set_header    Host    $host;
	        proxy_set_header    X-Real-IP   $remote_addr;
	        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
	        proxy_cookie_domain www.netkiller.cn netkiller.cn;
	        #proxy_cookie_path / "/; secure; HttpOnly";
	        proxy_set_header Accept-Encoding "";
	        proxy_ignore_client_abort  on;

        }
    }
		
		

有幾點需要注意:

如果是443你需要掛在證書,需要透傳cookie給目的主機,否則你將無法支持Session,應用程序需要從 X-Forwarded-For 獲取IP地址。