Loading...
Loading...
Compare original and translation side by side
sudo apt update && sudo apt install nginx -y
sudo systemctl enable nginx
sudo systemctl start nginxsudo dnf install nginx -y
sudo systemctl enable nginx
sudo systemctl start nginxdocker run -d -p 80:80 -v /path/to/config:/etc/nginx/conf.d nginx:alpinesudo apt update && sudo apt install nginx -y
sudo systemctl enable nginx
sudo systemctl start nginxsudo dnf install nginx -y
sudo systemctl enable nginx
sudo systemctl start nginxdocker run -d -p 80:80 -v /path/to/config:/etc/nginx/conf.d nginx:alpineserver {
listen 80;
server_name example.com www.example.com;
root /var/www/example.com/html;
index index.html;
location / {
try_files $uri $uri/ =404;
}
location ~* \.(jpg|jpeg|png|gif|ico|css|js|woff2)$ {
expires 1y;
add_header Cache-Control "public, immutable";
}
}sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/
sudo nginx -t && sudo systemctl reload nginxreferences/static-sites.mdserver {
listen 80;
server_name example.com www.example.com;
root /var/www/example.com/html;
index index.html;
location / {
try_files $uri $uri/ =404;
}
location ~* \.(jpg|jpeg|png|gif|ico|css|js|woff2)$ {
expires 1y;
add_header Cache-Control "public, immutable";
}
}sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/
sudo nginx -t && sudo systemctl reload nginxreferences/static-sites.mdupstream app_backend {
server 127.0.0.1:3000;
keepalive 32;
}
server {
listen 80;
server_name app.example.com;
location / {
proxy_pass http://app_backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
}references/reverse-proxy.mdupstream app_backend {
server 127.0.0.1:3000;
keepalive 32;
}
server {
listen 80;
server_name app.example.com;
location / {
proxy_pass http://app_backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
}references/reverse-proxy.mdserver {
listen 443 ssl http2;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
location / {
try_files $uri $uri/ =404;
}
}
server {
listen 80;
server_name example.com;
return 301 https://$server_name$request_uri;
}references/ssl-tls-config.mdserver {
listen 443 ssl http2;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
location / {
try_files $uri $uri/ =404;
}
}
server {
listen 80;
server_name example.com;
return 301 https://$server_name$request_uri;
}references/ssl-tls-config.mdnginx.conf (global settings)
├── events { } (connection processing)
└── http { } (HTTP-level settings)
└── server { } (virtual host)
└── location { } (URL routing)/etc/nginx/nginx.conf/etc/nginx/sites-available//etc/nginx/sites-enabled//etc/nginx/conf.d/*.conf/etc/nginx/snippets/references/configuration-structure.mdnginx.conf (全局设置)
├── events { } (连接处理)
└── http { } (HTTP层设置)
└── server { } (虚拟主机)
└── location { } (URL路由)/etc/nginx/nginx.conf/etc/nginx/sites-available//etc/nginx/sites-enabled//etc/nginx/conf.d/*.conf/etc/nginx/snippets/references/configuration-structure.mdlocation = /exactlocation ^~ /prefixlocation ~ \.php$location ~* \.(jpg|png)$location /location = /api/status {
return 200 "OK\n";
}
location ^~ /static/ {
root /var/www;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php-fpm.sock;
}
location / {
proxy_pass http://backend;
}location = /exactlocation ^~ /prefixlocation ~ \.php$location ~* \.(jpg|png)$location /location = /api/status {
return 200 "OK\n";
}
location ^~ /static/ {
root /var/www;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php-fpm.sock;
}
location / {
proxy_pass http://backend;
}proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;/etc/nginx/snippets/proxy-params.confinclude snippets/proxy-params.conf;proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;/etc/nginx/snippets/proxy-params.confinclude snippets/proxy-params.conf;upstream backend {
server backend1.example.com:8080;
server backend2.example.com:8080;
server backend3.example.com:8080;
keepalive 32;
}
server {
listen 80;
location / {
proxy_pass http://backend;
include snippets/proxy-params.conf;
}
}upstream backend {
least_conn;
server backend1.example.com:8080;
server backend2.example.com:8080;
}upstream backend {
ip_hash;
server backend1.example.com:8080;
server backend2.example.com:8080;
}upstream backend {
server backend1.example.com:8080 max_fails=3 fail_timeout=30s;
server backend2.example.com:8080 max_fails=3 fail_timeout=30s;
server backup.example.com:8080 backup;
}references/load-balancing.mdupstream backend {
server backend1.example.com:8080;
server backend2.example.com:8080;
server backend3.example.com:8080;
keepalive 32;
}
server {
listen 80;
location / {
proxy_pass http://backend;
include snippets/proxy-params.conf;
}
}upstream backend {
least_conn;
server backend1.example.com:8080;
server backend2.example.com:8080;
}upstream backend {
ip_hash;
server backend1.example.com:8080;
server backend2.example.com:8080;
}upstream backend {
server backend1.example.com:8080 max_fails=3 fail_timeout=30s;
server backend2.example.com:8080 max_fails=3 fail_timeout=30s;
server backup.example.com:8080 backup;
}references/load-balancing.mdupstream websocket_backend {
server 127.0.0.1:3000;
}
server {
listen 80;
server_name ws.example.com;
location / {
proxy_pass http://websocket_backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
# Long timeouts for persistent connections
proxy_connect_timeout 7d;
proxy_send_timeout 7d;
proxy_read_timeout 7d;
}
}upstream websocket_backend {
server 127.0.0.1:3000;
}
server {
listen 80;
server_name ws.example.com;
location / {
proxy_pass http://websocket_backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
# 持久连接的长超时设置
proxy_connect_timeout 7d;
proxy_send_timeout 7d;
proxy_read_timeout 7d;
}
}undefinedundefinedlimit_req zone=api_limit burst=10 nodelay;
limit_conn conn_limit 10;
location /api/ {
proxy_pass http://backend;
}
See `references/security-hardening.md` for complete security configuration.limit_req zone=api_limit burst=10 nodelay;
limit_conn conn_limit 10;
location /api/ {
proxy_pass http://backend;
}
如需完整安全加固配置,请参考`references/security-hardening.md`。undefinedundefined
**Gzip Compression:**
```nginx
**Gzip压缩:**
```nginx
**Proxy Caching:**
```nginx
**代理缓存:**
```nginx
See `references/performance-tuning.md` for detailed optimization strategies.
如需详细优化策略,请参考`references/performance-tuning.md`。undefinedundefined
Include in server blocks:
```nginx
server {
include snippets/security-headers.conf;
# ... rest of config
}
在server块中引入该片段:
```nginx
server {
include snippets/security-headers.conf;
# ... 其余配置
}server {
listen 80;
server_name admin.example.com;
# Allow specific IPs
allow 10.0.0.0/8;
allow 203.0.113.0/24;
# Deny all others
deny all;
location / {
proxy_pass http://admin_backend;
}
}server {
listen 80;
server_name admin.example.com;
# 允许特定IP段访问
allow 10.0.0.0/8;
allow 203.0.113.0/24;
# 拒绝其余所有IP
deny all;
location / {
proxy_pass http://admin_backend;
}
}.htaccess.htaccesssudo nginx -tsudo systemctl reload nginxsudo tail -f /var/log/nginx/error.logopenssl s_client -connect domain:443 -servername domaincurl -I https://domain.comps aux | grep nginxnetstat -an | grep :80 | wc -lcurl -I http://localhost:8080sudo nginx -tsudo systemctl reload nginxsudo tail -f /var/log/nginx/error.logopenssl s_client -connect domain:443 -servername domaincurl -I https://domain.comps aux | grep nginxnetstat -an | grep :80 | wc -lcurl -I http://localhost:8080sudo nginx -t/var/log/nginx/error.logcurl http://127.0.0.1:3000proxy_read_timeoutclient_max_body_sizereferences/troubleshooting.mdsudo nginx -t/var/log/nginx/error.logcurl http://127.0.0.1:3000proxy_read_timeoutclient_max_body_sizereferences/troubleshooting.mdreferences/installation-guide.mdreferences/configuration-structure.mdreferences/static-sites.mdreferences/reverse-proxy.mdreferences/load-balancing.mdreferences/ssl-tls-config.mdreferences/performance-tuning.mdreferences/security-hardening.mdreferences/troubleshooting.mdexamples/static-site/examples/reverse-proxy/examples/load-balancing/examples/ssl-tls/examples/performance/examples/security/snippets/ssl-modern.confsnippets/proxy-params.confsnippets/security-headers.confsnippets/cache-static.confreferences/installation-guide.mdreferences/configuration-structure.mdreferences/static-sites.mdreferences/reverse-proxy.mdreferences/load-balancing.mdreferences/ssl-tls-config.mdreferences/performance-tuning.mdreferences/security-hardening.mdreferences/troubleshooting.mdexamples/static-site/examples/reverse-proxy/examples/load-balancing/examples/ssl-tls/examples/performance/examples/security/snippets/ssl-modern.confsnippets/proxy-params.confsnippets/security-headers.confsnippets/cache-static.conf