Nginx配置规范

11-14 PYTHON DavideyLee 20 views

Nginx配置规范

11-14 20 views

主配置文件和各域名配置文件分开

http强行跳转到https

代理header设置

ssl免费证书申请及配置

访问日志json化，及正则取http_cookie的相关字段

后续将介绍:python操作etcd实现服务自动注册，etcd+confd实现服务自动发现, elk实现logsearch功能

主配置文件

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format grafana   '{"@timestamp":"$time_iso8601",'
                     '"@version":"1",'
                        '"@source":"$server_addr",'
                        '"hostname":"$hostname",'
                        '"ip":"$http_x_forwarded_for",'
                        '"client":"$remote_addr",'
                        '"request_method":"$request_method",'
                        '"request_body":"$request_body",'
                        '"scheme":"$scheme",'
                        '"domain":"$server_name",'
                        '"referer":"$http_referer",'
                        '"request":"$request_uri",'
                        '"args":"$args",'
                        '"size":$body_bytes_sent,'
                        '"status": $status,'
                        '"responsetime":$request_time,'
                        '"upstreamtime":"$upstream_response_time",'
                        '"upstreamaddr":"$upstream_addr",'
                        '"http_user_agent":"$http_user_agent",'
                        '"https":"$https",'
                        '"cookie_grafana_user":"$grafana_user",'
                        '"cookie_grafana_remember":"$grafana_remember",'
                        '"cookie_grafana_sess":"$grafana_sess",'
                        '"cookie":"$http_cookie"'
                        '}';

    log_format kibana   '{"@timestamp":"$time_iso8601",'
                     '"@version":"1",'
                        '"@source":"$server_addr",'
                        '"hostname":"$hostname",'
                        '"ip":"$http_x_forwarded_for",'
                        '"client":"$remote_addr",'
                        '"request_method":"$request_method",'
                        '"request_body":"$request_body",'
                        '"scheme":"$scheme",'
                        '"domain":"$server_name",'
                        '"referer":"$http_referer",'
                        '"request":"$request_uri",'
                        '"args":"$args",'
                        '"size":$body_bytes_sent,'
                        '"status": $status,'
                        '"responsetime":$request_time,'
                        '"upstreamtime":"$upstream_response_time",'
                        '"upstreamaddr":"$upstream_addr",'
                        '"http_user_agent":"$http_user_agent",'
                        '"https":"$https",'
                        '"cookie":"$http_cookie"'
                        '}';

    log_format main   '{"@timestamp":"$time_iso8601",'
                     '"@version":"1",'
                        '"@source":"$server_addr",'
                        '"hostname":"$hostname",'
                        '"ip":"$http_x_forwarded_for",'
                        '"client":"$remote_addr",'
                        '"request_method":"$request_method",'
                        '"request_body":"$request_body",'
                        '"scheme":"$scheme",'
                        '"domain":"$server_name",'
                        '"referer":"$http_referer",'
                        '"request":"$request_uri",'
                        '"args":"$args",'
                        '"size":$body_bytes_sent,'
                        '"status": $status,'
                        '"responsetime":$request_time,'
                        '"upstreamtime":"$upstream_response_time",'
                        '"upstreamaddr":"$upstream_addr",'
                        '"http_user_agent":"$http_user_agent",'
                        '"https":"$https",'
                        '"cookie":"$http_cookie"'
                        '}';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}

user nginx;

worker_processes 1;

error_log /var/log/nginx/error.log warn;

pid /var/run/nginx.pid;

events {

worker_connections 1024;

}

http {

include /etc/nginx/mime.types;

default_type application/octet-stream;

log_format grafana '{"@timestamp":"$time_iso8601",'

'"@version":"1",'

'"@source":"$server_addr",'

'"hostname":"$hostname",'

'"ip":"$http_x_forwarded_for",'

'"client":"$remote_addr",'

'"request_method":"$request_method",'

'"request_body":"$request_body",'

'"scheme":"$scheme",'

'"domain":"$server_name",'

'"referer":"$http_referer",'

'"request":"$request_uri",'

'"args":"$args",'

'"size":$body_bytes_sent,'

'"status": $status,'

'"responsetime":$request_time,'

'"upstreamtime":"$upstream_response_time",'

'"upstreamaddr":"$upstream_addr",'

'"http_user_agent":"$http_user_agent",'

'"https":"$https",'

'"cookie_grafana_user":"$grafana_user",'

'"cookie_grafana_remember":"$grafana_remember",'

'"cookie_grafana_sess":"$grafana_sess",'

'"cookie":"$http_cookie"'

'}';

log_format kibana '{"@timestamp":"$time_iso8601",'

'"@version":"1",'

'"@source":"$server_addr",'

'"hostname":"$hostname",'

'"ip":"$http_x_forwarded_for",'

'"client":"$remote_addr",'

'"request_method":"$request_method",'

'"request_body":"$request_body",'

'"scheme":"$scheme",'

'"domain":"$server_name",'

'"referer":"$http_referer",'

'"request":"$request_uri",'

'"args":"$args",'

'"size":$body_bytes_sent,'

'"status": $status,'

'"responsetime":$request_time,'

'"upstreamtime":"$upstream_response_time",'

'"upstreamaddr":"$upstream_addr",'

'"http_user_agent":"$http_user_agent",'

'"https":"$https",'

'"cookie":"$http_cookie"'

'}';

log_format main '{"@timestamp":"$time_iso8601",'

'"@version":"1",'

'"@source":"$server_addr",'

'"hostname":"$hostname",'

'"ip":"$http_x_forwarded_for",'

'"client":"$remote_addr",'

'"request_method":"$request_method",'

'"request_body":"$request_body",'

'"scheme":"$scheme",'

'"domain":"$server_name",'

'"referer":"$http_referer",'

'"request":"$request_uri",'

'"args":"$args",'

'"size":$body_bytes_sent,'

'"status": $status,'

'"responsetime":$request_time,'

'"upstreamtime":"$upstream_response_time",'

'"upstreamaddr":"$upstream_addr",'

'"http_user_agent":"$http_user_agent",'

'"https":"$https",'

'"cookie":"$http_cookie"'

'}';

access_log /var/log/nginx/access.log main;

sendfile on;

#tcp_nopush on;

keepalive_timeout 65;

#gzip on;

include /etc/nginx/conf.d/*.conf;

}

域名配置文件

upstream pool_grafana {
        server grafana:3000 ;
    }
server { 
    listen 80;
    server_name www.coinlab.online;
    rewrite ^(.*)$ https://${server_name}$1 permanent;
}
server {
    listen 443;
    server_name www.coinlab.online;
    proxy_intercept_errors on;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header REMOTE-HOST $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    add_header X-Frame-Options SAMEOIGIN;
    ssl on;
    ssl_certificate /etc/nginx/ssl/coinlab.online/www.pem;
    ssl_certificate_key /etc/nginx/ssl/coinlab.online/www.key;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    if ( $http_cookie ~* "grafana_remember=([A-Z0-9]*)"){
                set $grafana_remember $1;
        }
    if ( $http_cookie ~* "grafana_user=([A-Z0-9]*)"){
                set $grafana_user $1;
        }
    if ( $http_cookie ~* "grafana_sess=([A-Z0-9]*)"){
                set $grafana_sess $1;
        }

    access_log    /var/log/nginx/grafana_access.log  grafana;

    location / {
        proxy_pass http://pool_grafana;
    }
}

upstream pool_grafana {

server grafana:3000 ;

}

server {

listen 80;

server_name www.coinlab.online;

rewrite ^(.*)$ https://${server_name}$1 permanent;

}

server {

listen 443;

server_name www.coinlab.online;

proxy_intercept_errors on;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header REMOTE-HOST $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

add_header X-Frame-Options SAMEOIGIN;

ssl on;

ssl_certificate /etc/nginx/ssl/coinlab.online/www.pem;

ssl_certificate_key /etc/nginx/ssl/coinlab.online/www.key;

ssl_session_timeout 5m;

ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_prefer_server_ciphers on;

if ( $http_cookie ~* "grafana_remember=([A-Z0-9]*)"){

set $grafana_remember $1;

}

if ( $http_cookie ~* "grafana_user=([A-Z0-9]*)"){

set $grafana_user $1;

}

if ( $http_cookie ~* "grafana_sess=([A-Z0-9]*)"){

set $grafana_sess $1;

}

access_log /var/log/nginx/grafana_access.log grafana;

location / {

proxy_pass http://pool_grafana;

}

ssl免费证书

参考如下文章
letsencrypt证书安装及使用，并自动续期

如果想赏钱，可以用微信扫描下面的二维码，一来能刺激我写博客的欲望，二来好维护云主机的费用；另外再次标注博客原地址 itnotebooks.com 感谢！

版权属于: Eric

原文地址: https://www.itnotebooks.com/?p=685

转载时必须以链接形式注明原始出处及本声明。

Nginx配置规范

Nginx配置规范

主配置文件

域名配置文件

ssl免费证书

欢迎留言 取消回复

欢迎留言取消回复