Nginx常用功能配置

缓存静态资源

location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
    expires 30d;
    access_log off;
}
location ~ .*\.(js|css)?$ {
    expires 7d;
    access_log off;
}

开启SSL

SSL http2

listen 443 http2;
ssl_certificate /usr/local/nginx/conf/ssl/xxx.pem;
ssl_certificate_key /usr/local/nginx/conf/ssl/xxx.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_buffer_size 1400;
add_header Strict-Transport-Security max-age=15768000;
ssl_stapling on;
ssl_stapling_verify on;

开启GZIP

gzip_module ngx_http_gzip_static_module

#Gzip                          Compression
gzip on;
gzip_buffers 16 8k;
gzip_comp_level 6;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_proxied any;
gzip_vary on;
gzip_types
text/xml application/xml application/atom+xml application/rss+xml application/xhtml+xml image/svg+xml
text/javascript application/javascript application/x-javascript
text/x-json application/json application/x-web-app-manifest+json
text/css text/plain text/x-component
font/opentype application/x-font-ttf application/vnd.ms-fontobject
image/x-icon;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";

重定向

http 跳转 https

if ($ssl_protocol = "") { return 301 https://$host$request_uri; }

非www 重定向到 www

if ($host != 'www.xxxx.com' ) {
   rewrite ^/(.*)$ https://www.xxxx.com/$1 permanent;
}

防盗链

ngx_http_referer_module ngx_http_secure_link_module

location ~ .*\.(wma|wmv|asf|mp3|mmf|zip|rar|jpg|gif|png|swf|flv|mp4)$ {
    valid_referers none blocked *.nginx.stu nginx.stu;
    if ($invalid_referer) {
        return 403;
    }
}

反向代理

负载均衡