Appearance
虚拟主机配置实例
本节提供多个虚拟主机配置实例,涵盖常见应用场景。
实例1:个人博客
配置文件
nginx
server {
listen 80;
server_name blog.example.com;
root /var/www/blog;
index index.html index.htm index.php;
access_log /var/log/nginx/blog.access.log;
error_log /var/log/nginx/blog.error.log;
# Gzip压缩
gzip on;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml;
# 静态文件缓存
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
expires 30d;
add_header Cache-Control "public, immutable";
}
# PHP处理
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# 禁止访问隐藏文件
location ~ /\. {
deny all;
}
# 禁止访问备份文件
location ~ ~$ {
deny all;
}
}实例2:企业官网
配置文件
nginx
server {
listen 80;
server_name www.example.com example.com;
root /var/www/example.com;
index index.html index.htm;
access_log /var/log/nginx/example.com.access.log;
error_log /var/log/nginx/example.com.error.log;
# 强制www
if ($host = example.com) {
return 301 https://www.example.com$request_uri;
}
# HTTPS重定向
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name www.example.com;
ssl_certificate /etc/nginx/ssl/example.com.crt;
ssl_certificate_key /etc/nginx/ssl/example.com.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
root /var/www/example.com;
index index.html index.htm;
# 安全头
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# 静态资源
location /static/ {
expires 1y;
add_header Cache-Control "public, immutable";
}
# 图片
location ~* \.(jpg|jpeg|png|gif|webp|svg)$ {
expires 30d;
add_header Cache-Control "public";
}
# 字体
location ~* \.(woff|woff2|ttf|otf|eot)$ {
expires 1y;
add_header Cache-Control "public";
}
# 禁止访问敏感文件
location ~* \.(env|git|svn|htaccess|htpasswd)$ {
deny all;
}
}实例3:API服务
配置文件
nginx
server {
listen 80;
server_name api.example.com;
# HTTPS重定向
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name api.example.com;
ssl_certificate /etc/nginx/ssl/api.example.com.crt;
ssl_certificate_key /etc/nginx/ssl/api.example.com.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
# CORS配置
add_header 'Access-Control-Allow-Origin' 'https://www.example.com' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always;
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
# 处理OPTIONS请求
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' 'https://www.example.com';
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
}
# API代理
location /api/ {
proxy_pass http://backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 超时设置
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
# 缓冲设置
proxy_buffering on;
proxy_buffer_size 4k;
proxy_buffers 8 4k;
proxy_busy_buffers_size 8k;
}
# 限流配置
limit_req_zone $binary_remote_addr zone=api_limit:10m rate=10r/s;
location /api/v1/ {
limit_req zone=api_limit burst=20 nodelay;
proxy_pass http://backend;
}
}实例4:电商网站
配置文件
nginx
server {
listen 80;
server_name shop.example.com;
root /var/www/shop;
index index.php index.html;
access_log /var/log/nginx/shop.access.log;
error_log /var/log/nginx/shop.error.log;
# 客户端上传限制
client_max_body_size 20m;
client_body_buffer_size 128k;
# 静态资源缓存
location ~* \.(jpg|jpeg|png|gif|webp|svg|css|js|woff|woff2|ttf|otf|eot)$ {
expires 30d;
add_header Cache-Control "public";
access_log off;
}
# 产品图片
location /products/images/ {
expires 1y;
add_header Cache-Control "public, immutable";
access_log off;
}
# PHP处理
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 16k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_read_timeout 300;
}
# 管理后台
location /admin/ {
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/.htpasswd;
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
# 禁止访问敏感目录
location ~* ^/(includes|config|library|templates)/ {
deny all;
}
}实例5:静态资源服务器
配置文件
nginx
server {
listen 80;
server_name static.example.com;
root /var/www/static;
index index.html;
access_log /var/log/nginx/static.access.log;
error_log /var/log/nginx/static.error.log;
# Gzip压缩
gzip on;
gzip_vary on;
gzip_min_length 1000;
gzip_comp_level 6;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml;
# 图片
location ~* \.(jpg|jpeg|png|gif|webp|svg|ico)$ {
expires 1y;
add_header Cache-Control "public, immutable";
access_log off;
# 图片优化
image_filter_buffer 10M;
image_filter_jpeg_quality 90;
}
# CSS和JS
location ~* \.(css|js)$ {
expires 1y;
add_header Cache-Control "public, immutable";
access_log off;
}
# 字体
location ~* \.(woff|woff2|ttf|otf|eot)$ {
expires 1y;
add_header Cache-Control "public, immutable";
access_log off;
add_header Access-Control-Allow-Origin "*";
}
# 视频
location ~* \.(mp4|webm|ogg)$ {
expires 1y;
add_header Cache-Control "public";
access_log off;
# 支持断点续传
mp4;
mp4_buffer_size 1m;
mp4_max_buffer_size 5m;
}
# 禁止访问隐藏文件
location ~ /\. {
deny all;
}
}实例6:开发环境
配置文件
nginx
server {
listen 80;
server_name dev.example.com;
root /var/www/dev;
index index.html index.htm index.php;
access_log /var/log/nginx/dev.access.log;
error_log /var/log/nginx/dev.error.log debug;
# 开发环境特殊配置
add_header X-Debug "true";
# 禁用缓存
expires off;
add_header Cache-Control "no-cache, no-store, must-revalidate";
# PHP处理
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# 开发工具
location /phpmyadmin/ {
alias /usr/share/phpmyadmin/;
index index.php;
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
include fastcgi_params;
}
}
# IP限制
allow 192.168.1.0/24;
deny all;
}实例7:多语言网站
配置文件
nginx
server {
listen 80;
server_name example.com;
root /var/www/example.com;
index index.html index.htm;
# 中文
location /zh/ {
alias /var/www/example.com/zh/;
index index.html;
}
# 英文
location /en/ {
alias /var/www/example.com/en/;
index index.html;
}
# 日文
location /ja/ {
alias /var/www/example.com/ja/;
index index.html;
}
# 默认语言
location / {
rewrite ^/$ /zh/ redirect;
}
}实例8:反向代理
配置文件
nginx
upstream backend {
server 192.168.1.10:8080;
server 192.168.1.11:8080;
server 192.168.1.12:8080;
}
server {
listen 80;
server_name proxy.example.com;
access_log /var/log/nginx/proxy.access.log;
error_log /var/log/nginx/proxy.error.log;
location / {
proxy_pass http://backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 超时设置
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
# 缓冲设置
proxy_buffering on;
proxy_buffer_size 4k;
proxy_buffers 8 4k;
}
# WebSocket支持
location /ws/ {
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}总结
虚拟主机配置实例的关键点:
- 个人博客:静态文件缓存、PHP支持
- 企业官网:HTTPS、安全头、静态资源优化
- API服务:CORS、限流、代理
- 电商网站:上传限制、管理后台、敏感目录保护
- 静态资源服务器:长期缓存、Gzip压缩、断点续传
- 开发环境:调试日志、IP限制、开发工具
- 多语言网站:语言目录、默认语言
- 反向代理:负载均衡、WebSocket支持
根据实际需求选择合适的配置实例,并进行相应的调整。