1. HTTP 服务器
静态资源处理
server {
listen 80;
server_name example.com;
root /var/www/html;
location / {
try_files $uri $uri/ /index.html;
}
}
虚拟主机
- 基于域名的虚拟主机
nginx
server {
listen 80;
server_name site1.com;
root /var/www/site1;
}
server {
listen 80;
server_name site2.com;
root /var/www/site2;
}
- 基于 IP 的虚拟主机
nginx
server {
listen 192.168.1.100:80;
root /var/www/ip_site1;
}
server {
listen 192.168.1.101:80;
root /var/www/ip_site2;
}
2. 反向代理
基本原理
配置示例
nginx
server {
listen 80;
server_name example.com;
location / {
proxy_pass http://backend_server;
}
}
高级配置
nginx
server {
listen 80;
server_name example.com;
location / {
proxy_pass http://backend_server;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
3. 负载均衡
负载均衡算法
- 轮询:按顺序依次将请求分配到后端服务器。
nginx
upstream backend {
server backend1.example.com;
server backend2.example.com;
}
server {
listen 80;
server_name example.com;
location / {
proxy_pass http://backend;
}
}
- 加权轮询:为不同的后端服务器分配不同的权重,权重越高,分配到的请求就越多。
nginx
upstream backend {
server backend1.example.com weight=3;
server backend2.example.com weight=1;
}
- IP 哈希:依据客户端的 IP 地址进行哈希计算,将同一客户端的请求始终分配到同一台后端服务器。
nginx
upstream backend {
ip_hash;
server backend1.example.com;
server backend2.example.com;
}
健康检查
nginx
upstream backend {
server backend1.example.com max_fails=3 fail_timeout=30s;
server backend2.example.com max_fails=3 fail_timeout=30s;
}
4. SSL/TLS 加密
配置 HTTPS
nginx
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /path/to/cert.pem;
ssl_certificate_key /path/to/key.pem;
root /var/www/html;
location / {
try_files $uri $uri/ /index.html;
}
}
优化 SSL 配置
nginx
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
5. HTTP 缓存
静态资源缓存
nginx
server {
listen 80;
server_name example.com;
root /var/www/html;
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
expires 30d;
}
}
反向代理缓存
nginx
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=my_cache:10m inactive=60m;
server {
listen 80;
server_name example.com;
location / {
proxy_cache my_cache;
proxy_pass http://backend_server;
}
}
6. 邮件代理
支持的协议
配置示例
nginx
mail {
server {
listen 25;
protocol smtp;
smtp_auth login plain;
proxy on;
}
server {
listen 110;
protocol pop3;
proxy on;
}
server {
listen 143;
protocol imap;
proxy on;
}
}