#user  nobody;
worker_processes  1;             #配置工作進程數(shù)目，根據(jù)硬件調(diào)整，通常等于CPU數(shù)量或2倍于CPU數(shù)量

#error_log  logs/error.log;       #制定日志路徑，級別。這個設(shè)置可以放入全局塊，http塊，server塊，級別以此為：debug|info|notice|warn|error|crit|alert|emerg
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;             #指定nginx進程運行文件存放地址
events {
    worker_connections  1024;    #最大連接數(shù)，默認為512
}
http {
    include       mime.types;        #文件擴展名與文件類型映射表
    default_type  application/octet-stream;    #默認文件類型，默認為text/plain

   #配置日志格式

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;    #配置access.log日志及存放路徑，并且使用上面定義的main日志格式

    sendfile        on;    #允許sendfile方式傳輸文件，默認為off，可以在http塊，server塊，location塊。
    #tcp_nopush     on;  #防止網(wǎng)絡(luò)阻塞

    #keepalive_timeout  0;
    keepalive_timeout  65;   #連接超時時間，默認為75s，可以在http，server，location塊。

    #gzip  on;    #是否開啟gzip壓縮輸出

    #以下是配置跨域（Nginx設(shè)置響應頭信息給瀏覽器）

    add_header Access-Control-Allow-Origin *;
    add_header Access-Control-Allow-Credentials true;
    add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
    add_header Access-Control-Allow-Headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type;

    server {               #服務(wù)，可以有多個server，對應多個服務(wù)
        listen       80;  #監(jiān)聽端口 ，此項如果不配置則默認80端口
        server_name  localhost;  #配置服務(wù)名

        #charset koi8-r;   #配置字符集

        #access_log  logs/host.access.log  main;    #配置本虛擬主機的訪問日志

      #默認的匹配斜杠/的請求，當訪問路徑有斜杠，會被該location匹配并且進行處理

        location / {
            root   html;  #root是配置服務(wù)器的默認網(wǎng)站根目錄位置，默認為nginx安裝主目錄下的html目錄
            index  index.html index.htm;  #配置首頁文件的名稱
        }

        #error_page  404              /404.html;  #配置404頁面

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;  #配置50x錯誤頁面
        location = /50x.html {
            root   html;
        }

       #PHP 腳本請求全部轉(zhuǎn)發(fā)到Apache處理

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

      #PHP 腳本請求全部轉(zhuǎn)發(fā)到FastCGI處理

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

       #禁止訪問.htaccess 文件

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }

    #配置另外一臺虛擬主機
    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

   #配置https服務(wù)
    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

}

#user  nobody;
worker_processes  1;
 
#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;
 
#pid        logs/nginx.pid;
 
events {undefined
    worker_connections  1024;  #最大連接數(shù)，默認為512
}
 
http {undefined
    include       mime.types;
    default_type  application/octet-stream;
 
    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';
 
    #access_log  logs/access.log  main;
 
    sendfile        on;
    #tcp_nopush     on;
 
    #keepalive_timeout  0;
    keepalive_timeout  65; #連接超時時間，默認為75s，可以在http，server，location塊。
 
    #gzip  on;
    //以下是負載均衡配置包含多個配置項，主要有backup,weight,down,max_fails,fail_timeout..  proxy_next_upstream,
    如：upstream:www.aaaaa.com{}指定了三個服務(wù)器，其中8082端口服務(wù)器因為帶有backup標識，作為備用服務(wù)器存在，也就是說當8081服務(wù)器正常時，8082服務(wù)器是不參與工作的，僅當8081服務(wù)器遇到了proxy_next_upstream指定的錯誤類型( error | timeout | http_502 | http_503 | http_504),nginx才會切換到備用服務(wù)器。
    weight：        #指定了服務(wù)器的權(quán)重， 其中8080服務(wù)器的流量將會是8081服務(wù)器的2倍。
    max_fails：   #允許請求失敗的次數(shù)，默認為1。當超過最大次數(shù)時，返回proxy_next_upstream 模塊定義的錯誤
    fail_timeout：# 默認值10s，代表超時時間。
    down:            #表示當前的server暫時不參與負載
    ip_hash：     #每個請求按訪問ip的hash結(jié)果分配，這樣每個訪客固定訪問一個后端服務(wù)器，可以解決session不能跨服務(wù)器的問題，如果后端服務(wù)器down掉，要手工down掉。
    upstream www.aaaaa.com {  
            server 127.0.0.1:8080; weight=2 max_fails=3  fail_timeout=30s;
            server 127.0.0.1:8081 weight=1 max_fails=3  fail_timeout=30s;
            server 127.0.0.1:8082 weight=1  max_fails=3  fail_timeout=30s backup;
        
    }  
   
    upstream www.bbbbb.net {
            server 127.0.0.1:9999;
    }
 
    upstream www.ccccc.cn {  
            server 127.0.0.1:8888;
    }
    
    upstream weixin.ddddd.com {  
            server 127.0.0.1:8080;
    }
    
    upstream weixin.eeeee.com {  
            server 127.0.0.1:8899;
    }
    
    upstream 105.26.224.50 {  
            server 127.0.0.1:8899;
    }
    upstream 105.26.224.52 {  
            server 127.0.0.1:8899;
    }
    
    upstream demo.wly.fffff.com {  
            server 127.0.0.1:7777;
    }
    //以下是多站點多應用配置,各自有不同的域名,www.aaaaa.com將被自動代理到http://www.aaabb.com:8080服務(wù)器上， 而www.bbbbb.net:8081則被自動代理到http://www.bbbcc.net:8082服務(wù)器上。
    域名情況下，proxy_name，upstream
    server {
        listen       80;
        server_name  www.aaaaa.com;  
        charset utf-8;  #編碼格式
        
        #location是nginx配置文件中的一個配置項， 當需要在一個域名下面部署多個不同服務(wù)器，可使用該方案，配置如下
        # http://www.aaaaa.com:80/mail/ 下的請求轉(zhuǎn)發(fā)到 http://www.wly.com:80/protmail/
        location /mail/ {
            index  index.html index.jsp;
            proxy_pass http://www.wly.com:80/protmail/;   #指定要代理的服務(wù)器
            proxy_set_header    X-Real-IP   $remote_addr;    
            client_max_body_size    100m;
        }
        # http://www.aaaaa.com:80/mail/ 下的請求轉(zhuǎn)發(fā)到 http://www.wly.com:80/protmail/mail/
        location /com/ {
            index  index.html index.jsp;
            proxy_pass http://www.wly.com:80/protmail/mail/;
            proxy_set_header    X-Real-IP   $remote_addr;    
            client_max_body_size    100m;
        }
        # 將其它所有請求轉(zhuǎn)發(fā)到 http://www.aaabb.com:8080
        location / {
            index  index.html index.jsp;    
            proxy_pass  http://www.aaabb.com:8080;    
            proxy_set_header    X-Real-IP   $remote_addr;    
            client_max_body_size    100m; 
        }
            
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
 
    server {
        listen       80;
        server_name  www.bbbbb.net;
 
        location / {
            index  index.html index.jsp;    
            proxy_pass  http://www.bbbcc.net;    
            proxy_set_header    X-Real-IP   $remote_addr;    
            client_max_body_size    100m; 
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
    
    server {
        listen       80;
        server_name  www.ccccc.cn;
 
        location / {
            index  index.html index.jsp;    
            proxy_pass  http://www.ccccc.cn:8081;    
            proxy_set_header    X-Real-IP   $remote_addr;    
            client_max_body_size    100m; 
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
    
    server {
        listen       8082;
        server_name  weixin.ddddd.com;
 
        location / {
            index  index.html index.jsp;    
            proxy_pass  http://weixin.ddddd.com:8083;    
            proxy_set_header    X-Real-IP   $remote_addr;    
            client_max_body_size    100m; 
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
    
    server {
        listen       80;
        server_name  weixin.eeeee.com;
 
        location / {
            index  index.html index.jsp;    
            proxy_pass  http://weixin.eeeee.com;    
            proxy_set_header    X-Real-IP   $remote_addr;    
            client_max_body_size    100m; 
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
    
    server {
        listen       80;
        server_name  demo.wly.fffff.com;
 
        location / {
            index  index.html index.jsp;    
            proxy_pass  http://demo.wly.fffff.com;    
            proxy_set_header    X-Real-IP   $remote_addr;    
            client_max_body_size    100m; 
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
    server {
        listen       80;
        server_name  105.26.224.50;
 
        location / {
            index  index.html index.jsp;    
            proxy_pass  http://105.26.224.51;   
            proxy_set_header    Host 105.26.224.50;               
            proxy_set_header    X-Real-IP   $remote_addr;    
            client_max_body_size    100m; 
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
    server {
        listen       80;
        server_name  105.26.224.52;
 
        location / {
            index  index.html index.jsp;    
            proxy_pass  http://105.26.224.53; 
            proxy_set_header    Host 105.26.224.52;        #這一行的作用是把原h(huán)ttp請求的Header中的Host字段也放到轉(zhuǎn)發(fā)的請求，如果不加nginx轉(zhuǎn)發(fā)的請求header里就不會有Host字段     
            proxy_set_header    X-Real-IP   $remote_addr;   # 在web服務(wù)器端獲得用戶的真實ip
           以下兩行是nginx反向代理配置websocket
           proxy_set_header Upgrade $http_upgrade;
           proxy_set_header Connection upgrade;
           以下三行是nginx設(shè)置超時配置
           proxy_connect_timeout 75; 鏈接
           proxy_read_timeout 600; 讀取
           proxy_send_timeout 600; 發(fā)請求
          以下一行配置是客戶端請求服務(wù)器最大允許大小
          client_max_body_size 4098m
          設(shè)置HTTP協(xié)議版本
          proxy_http_version 1.1
          proxy_cookie_domain參數(shù)的作用是轉(zhuǎn)換response的set-cookie header中的domain選項，由后端設(shè)置的域名domain轉(zhuǎn)換成你的域名replacement，來保證cookie的順利傳遞并寫入到當前頁面中，注意proxy_cookie_domain負責的只是處理response set-cookie頭中的domain屬性，如果set-cookie本身就沒有domain內(nèi)容則無需加
         proxy_cookie_domain 10.23.1.1 10.23.1.2;

         client_max_body_size    100m; 
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
    配置https請求
    server {
        listen 443;
        server_name localhost;   #本機的IP地址
        ssl on;
        root html;
        index index.html index.htm;
        ssl_certificate   cert/證書名稱.pem; 如：/etc/nginx/server.crt;
        ssl_certificate_key  cert/證書名稱.key; 如：/etc/nginx/server.key;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        location / {
            #root   html;
            #index  testssl.html index.html index.htm;
            proxy_redirect off;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_pass http://IP地址/ssl/;
        }
    }
}

location /test/ {
    proxy_pass http://10.23.2.96:8082/;
}

location /test {
    proxy_pass http://10.23.2.96:8082;
}

location /test{
    proxy_pass http://10.23.2.96:8082/define;
}

location /test/ {
    proxy_pass http://10.23.2.96:8082;
}

location /test/ {
    proxy_pass http://10.23.2.96:8082/define;
}

location /test{
    proxy_pass http://10.23.2.96:8082/;
}

location /test {
    proxy_pass http://10.23.2.96:8082/define/;
}

location /test/ {
    proxy_pass http://10.23.2.96:8082/define/;
}

server {
    #配置校驗一級路由白名單樣例
    location /{
            set $urlacl $uri;
            if($urlacl ~ ^(/\w*).*)
            {
                set $urlacl /nginx/nginx/nginx/urlacl$1;
            }
            if(!-d $urlacl)
            {
                return 401;
            }
            proxy_set_header Host $http_host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_pass http://21.13.245.185:8090;  (轉(zhuǎn)發(fā)地址)

            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            expires -l;
        }
    }

server {
    #配置校驗二級路由白名單樣例
    location /minio{
            set $urlacl $uri;
            if($urlacl ~ ^(/minio\w*).*)
            {
                set $urlacl /nginx/nginx/nginx/urlacl$1;
            }
            if(!-d $urlacl)
            {
                return 401;
            }
            proxy_set_header Host $http_host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_pass  http://wly.test.com:8090/wps_result/open;  (轉(zhuǎn)發(fā)地址)

            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            expires -l;
        }
    }