CentOS的nginx中各种配置（包含HTTPS证书配置，http请求转发https请求，简易防火墙）

nginx配置

#user nobody; worker_processes 1; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; #简易防火墙 limit_req_zone $server_name zone=one:1m rate=100r/s; limit_req_zone $binary_remote_addr zone=two:2m rate=1r/s; limit_conn_zone $binary_remote_addr zone=four:2m; #server { #listen 80; #server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; #静态项目配置方法 # location / { # root html; # root /usr/local/nginx/项目名称（这一级有html）; # index index.html index.htm; # } #博客不加https配置方法 #location / { #proxy_set_header HOST $host; #proxy_set_header X-Forwarded-Proto $scheme; #proxy_set_header X-Real-IP $remote_addr; #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #proxy_pass http://127.0.0.1:端口号/; #} #单独监听另一个项目使用X端口 server{ listen x; server_name localhost; location / { ## root html; root /usr/local/nginx/项目名称（这一级有html）; index index.html index.htm; } } #使用https配置博客方法 server{ listen 443 ssl; #填写绑定证书的域名 server_name xxxx.xxx; #证书文件名称 ssl_certificate xxxxxx.crt; #私钥文件名称 ssl_certificate_key xxxxxx.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; #博客使用了xxxx端口 location / { proxy_buffer_size 128k; proxy_buffers 32 32k; proxy_busy_buffers_size 128k; proxy_pass http://127.0.0.1:xxxx; #简易防火墙 limit_req zone=one burst=3000 nodelay; limit_req zone=two burst=50 nodelay; limit_conn four 10; limit_rate 1m; } } #将http请求转发为https请求的方法 server{ listen 80; #域名 server_name xxxx.xx; return 301 https://$host$request_uri; } }

nginx中配置访问防火墙

可参考https://blog.csdn.net/keketrtr/article/details/75315330