Nginx 代理配置

A-A+
0 91 次浏览 全部
文章目录

ws 代理报错处理

nginx: [emerg] unknown "connection_upgrade" variable

#在nginx.conf文件的http{}段内增加以下内容:
#http {
map $http_upgrade $connection_upgrade {
default upgrade;
''      close;
}
#}

kibana http代理

cat act.conf
upstream act19091 {
server 10.200.77.41:19091 max_fails=3 fail_timeout=10s;
}
server {
listen                 19091;
server_name            act.fungaming.me;
#ssl_certificate        ssl/fungaming.me.crt;
#ssl_certificate_key    ssl/fungaming.me.key;
include                vhost/error.txt;
error_log              /home/wwwlogs/act.error.log;
access_log             /home/logs/act.fungaming.me.log main;
location /             {
proxy_pass         http://act19091;
proxy_http_version 1.1;
proxy_set_header   Upgrade $http_upgrade;
proxy_set_header   Connection $connection_upgrade;
}
}
server {
listen 80;
server_name ana.fungaming.me;
proxy_set_header X-Forwarded-For $remote_addr;
location / {
auth_basic "FunGaming WARNING";
auth_basic_user_file /usr/local/nginx/passwd.db;
proxy_pass         http://10.200.77.41:5601;
proxy_set_header   Host $host;
proxy_set_header   X-Real-IP $remote_addr;
proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header   X-Forwarded-Host $server_name;
proxy_read_timeout  1200s;
access_log      /var/log/nginx/ana.access.log;
error_log       /var/log/nginx/ana.error.log;
}
}

http代理(seafile)

server {
listen 80;
server_name seafile.example.com;
proxy_set_header X-Forwarded-For $remote_addr;
location / {
proxy_pass         http://127.0.0.1:8000;
proxy_set_header   Host $host;
proxy_set_header   X-Real-IP $remote_addr;
proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header   X-Forwarded-Host $server_name;
proxy_read_timeout  1200s;
# used for view/edit office file via Office Online Server
client_max_body_size 0;
access_log      /var/log/nginx/seahub.access.log;
error_log       /var/log/nginx/seahub.error.log;
}
# If you are using [FastCGI](http://en.wikipedia.org/wiki/FastCGI),
# which is not recommended, you should use the following config for location `/`.
#
#    location / {
#         fastcgi_pass    127.0.0.1:8000;
#         fastcgi_param   SCRIPT_FILENAME     $document_root$fastcgi_script_name;
#         fastcgi_param   PATH_INFO           $fastcgi_script_name;
#
#         fastcgi_param     SERVER_PROTOCOL     $server_protocol;
#         fastcgi_param   QUERY_STRING        $query_string;
#         fastcgi_param   REQUEST_METHOD      $request_method;
#         fastcgi_param   CONTENT_TYPE        $content_type;
#         fastcgi_param   CONTENT_LENGTH      $content_length;
#         fastcgi_param     SERVER_ADDR         $server_addr;
#         fastcgi_param     SERVER_PORT         $server_port;
#         fastcgi_param     SERVER_NAME         $server_name;
#         fastcgi_param   REMOTE_ADDR         $remote_addr;
#          fastcgi_read_timeout 36000;
#
#         client_max_body_size 0;
#
#         access_log      /var/log/nginx/seahub.access.log;
#          error_log       /var/log/nginx/seahub.error.log;
#    }
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size 0;
proxy_connect_timeout  36000s;
proxy_read_timeout  36000s;
proxy_send_timeout  36000s;
send_timeout  36000s;
}
location /media {
root /home/user/haiwen/seafile-server-latest/seahub;
}
}

Nginx 默认设置 "client_max_body_size" 为 1M。如果上传文件大于这个值的话,会报错,相关 HTTP 状态码为 423 ("Request Entity Too Large"). 你可以将值设为 0 以禁用此功能.
如果要上传大于 4GB 的文件,默认情况下 Nginx 会把整个文件存在一个临时文件中,然后发给上游服务器 (seaf-server),这样容易出错。使用 1.8.0 以上版本同时在 Nginx 配置文件中设置以下内容能解决这个问题:
location /seafhttp {
... ...
proxy_request_buffering off;
}

https代理(seafile)

server {
listen       80;
server_name  seafile.example.com;
rewrite ^ https://$http_host$request_uri? permanent;    #强制将http重定向到https
server_tokens off;
}
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/cacert.pem;        #cacert.pem 文件路径
ssl_certificate_key /etc/ssl/privkey.pem;    #privkey.pem 文件路径
server_name seafile.example.com;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:5m;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /etc/nginx/dhparam.pem;
# secure settings (A+ at SSL Labs ssltest at time of writing)
# see https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:HIGH:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS';
ssl_prefer_server_ciphers on;
proxy_set_header X-Forwarded-For $remote_addr;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
server_tokens off;
location / {
proxy_pass         http://127.0.0.1:8000;
proxy_set_header   Host $host;
proxy_set_header   X-Real-IP $remote_addr;
proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header   X-Forwarded-Host $server_name;
proxy_set_header   X-Forwarded-Proto https;
access_log      /var/log/nginx/seahub.access.log;
error_log       /var/log/nginx/seahub.error.log;
proxy_read_timeout  1200s;
client_max_body_size 0;
}
# 如果你使用 fastcgi 请使用此配置
#
#    location / {
#        fastcgi_pass    127.0.0.1:8000;
#        fastcgi_param   SCRIPT_FILENAME     $document_root$fastcgi_script_name;
#        fastcgi_param   PATH_INFO           $fastcgi_script_name;
#
#        fastcgi_param   SERVER_PROTOCOL     $server_protocol;
#        fastcgi_param   QUERY_STRING        $query_string;
#        fastcgi_param   REQUEST_METHOD      $request_method;
#        fastcgi_param   CONTENT_TYPE        $content_type;
#        fastcgi_param   CONTENT_LENGTH      $content_length;
#        fastcgi_param   SERVER_ADDR         $server_addr;
#        fastcgi_param   SERVER_PORT         $server_port;
#        fastcgi_param   SERVER_NAME         $server_name;
#        fastcgi_param   REMOTE_ADDR         $remote_addr;
#        fastcgi_read_timeout 36000;
#
#        client_max_body_size 0;
#
#        access_log      /var/log/nginx/seahub.access.log;
#        error_log       /var/log/nginx/seahub.error.log;
#    }
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size 0;
proxy_connect_timeout  36000s;
proxy_read_timeout  36000s;
proxy_send_timeout  36000s;
send_timeout  36000s;
}
location /media {
root /home/user/haiwen/seafile-server-latest/seahub;
}
}

TCP代理(rsync)

vi nginx.conf
#放最前面,已加载则不需要
load_module "/usr/lib64/nginx/modules/ngx_stream_module.so";
#放配置文件最后面
stream{
upstream rsync{
hash $remote_addr consistent;
server 10.200.124.37:37873;
}
server{
listen 37873;
proxy_connect_timeout 20s;
proxy_timeout 5m;
proxy_pass rsync;
}
}

im riak conf

upstream riak_hosts {
server  172.18.119.95:8098;
server  172.18.119.96:8098;
server  172.18.119.97:8098;
server  172.18.119.98:8098;
server  172.18.119.99:8098;
}
server {
listen       80;
listen       8000;
listen       23000 ssl;
server_name  upload.mchat.com file.hygtchat.com;
ssl_certificate        key/1_file.hygtchat.com_bundle.crt;
ssl_certificate_key    key/2_file.hygtchat.com.key;
include sslreq.txt;
location = /auth {
internal;
proxy_pass_request_body     off;
proxy_set_header X-Original-URI $request_uri;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
if ($request_method = DELETE) {
return 405;
}
if ($request_method = GET) {
return 200;
}
proxy_pass http://localhost:8083/auth_token;
}
error_page 401 = @error401;
location @error401 {
return 302 http://riak_hosts;
}
location /riak {
if ($request_method = OPTIONS) {
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Credentials true;
add_header Access-Control-Allow-Methods 'GET, PUT, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
return 200;
}
client_max_body_size 10m;
auth_request /auth;
rewrite /riak/(.*) /riak/test/$1?$args break;
try_files $uri $uri/ @proxy;
}
location @proxy {
proxy_set_header  Host $host;
proxy_set_header  X-Real-IP $remote_addr;
proxy_set_header  X-Forwarded-Proto http;
proxy_set_header  X-Forwarded-For $remote_addr;
proxy_set_header  X-Forwarded-Host $remote_addr;
proxy_set_header  'Access-Control-Allow-Origin' '*';
proxy_set_header Referer '';
proxy_pass    http://riak_hosts;
if ($http_user_agent ~* "Firefox|Safari"){
add_header Access-Control-Allow-Origin *;
add_header Content-Disposition "attachment; filename*=$arg_n";
}
if ($http_user_agent !~* "Firefox"){
add_header Access-Control-Allow-Origin *;
add_header Content-Disposition "attachment; filename=$arg_n";
}
}
location / {
root   html;
index  index.html index.htm;
access_log logs/access.log;
}
error_page   500 502 503 504  /50x.html;
location = /50x.html {
root   html;
}
}

fungaming.com.conf

cat fungaming.com.conf
server
{
listen 80;
listen 443 ssl;
server_name fungaming.com www.fungaming.com;
if ($scheme = 'http') { return 301 https://$host$request_uri; }
ssl_certificate /etc/nginx/1.pem;
ssl_certificate_key /etc/nginx/1.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA;
ssl_session_cache shared:SSL:10m;
ssl_prefer_server_ciphers on;
location /
{
proxy_redirect  off;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_set_header Accept-Encoding "";
proxy_pass_header User-Agent;
proxy_pass  http://127.0.0.1:4000;
#sub_filter_types text/css text/xml;
sub_filter http://$host $scheme://$host;
sub_filter_once off;
}
}

wss代理配置(传用户真实IP,带日志)

upstream logs19091 {
server 192.168.220.251:19091;
}
server
{
listen 19091 ssl;
server_name logs.blizzmi.net;
set $proxy_add logs19091;
error_log              /home/wwwlogs/act.error.log;
access_log             /home/logs/act.fungaming.me.log main;
ssl_certificate /etc/nginx/1.crt;
ssl_certificate_key /etc/nginx/1.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA;
ssl_session_cache shared:SSL:10m;
ssl_prefer_server_ciphers on;
location /
{
proxy_redirect  off;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_set_header Accept-Encoding "";
proxy_pass_header User-Agent;
proxy_pass  http://$proxy_add;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}
全部为采集文章,文中的 联系方式 均不是 本人 的!
作者 : obnim
没有个人说明

发表评论