释放双眼,带上耳机,听听看~!
此教程适合全新安装,下面以乌班兔环境来操作
1、下载substitutions4nginx模块,这个模块用于替换。
pkill nginx
/etc/init.d/nginx stop #停止nginx
cd
apt-get update
apt-get install -y git gcc g++ make automake
#安装依赖包,Centos将apt-get更改为yum
git clone https://github.com/yaoweibin/ngx_http_substitutions_filter_module2、下载并安装nginx
wget -c http://nginx.org/download/nginx-1.3.13.tar.gz
tar zxvf nginx-1.3.13.tar.gz
cd nginx-1.3.13
./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-ipv6 --with-http_sub_module --add-module=/root/ngx_http_substitutions_filter_module
make
make install3、核心步骤。
新建一个.conf 配置用于反代(可随意命名,以.conf为后缀即可被nginx执行)
vi /usr/local/nginx/conf/vhost/example.com.conf
#example.com是你要绑定的域名,当然你也可以用其他名字.conf加入以下内容:
server{
listen 80;
server_name example.com; #绑定的域名
index index.php; #默认索引首页
access_log off; #off 关闭日志
location / {
subs_filter 91ce.com example.com; #替换掉域名
subs_filter static/image/common/logo.png http://xxx/1.jpg; #替换掉LOGO
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Referer http://91ce.com; #强制定义Referer,程序验证判断会用到
proxy_set_header Host 91ce.com; #定义主机头,如果目标站点绑定的域名个server_name项的吻合则使用$host
proxy_pass 91ce.com; #指定目标,建议使用IP或者nginx自定义池
proxy_set_header Accept-Encoding ""; #清除编码
}
}这里很多同学会问乱码的问题,咱们在编辑conf文件的时候转成utf-8模式即可
4、重启Nginx
/etc/init.d/nginx restart到这里教程就结束了。
分享一位大佬的nginx规则:
server
{
listen 80;
listen 443 ssl http2;
server_name 91ce.com www.91ce.com;
index index.php index.html index.htm default.php default.htm default.html;
#SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则
#error_page 404/404.html;
ssl_certificate /www/server/panel/vhost/cert/91ce.com/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/91ce.com/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
#添加
ssl_buffer_size 1400;
add_header Strict-Transport-Security max-age=15768000;
ssl_stapling on;
ssl_stapling_verify on;
#添加结束
error_page 497 https://$host$request_uri;
#SSL-END
#ERROR-PAGE-START 错误页配置,可以注释、删除或修改
#error_page 404 /404.html;
#error_page 502 /502.html;
#ERROR-PAGE-END
#PHP-INFO-START PHP引用配置,可以注释或修改
include enable-php-00.conf;
#PHP-INFO-END
#REWRITE-START URL重写规则引用,修改后将导致面板设置的伪静态规则失效
include /www/server/panel/vhost/rewrite/91ce.com.conf;
#REWRITE-END
#禁止访问的文件或目录
location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
{
return 404;
}
#一键申请SSL证书验证目录相关设置
location ~ \.well-known{
allow all;
}
#添加
if ($ssl_protocol = "") { return 301 https://$host$request_uri; }
if ($host != www.91ce.com) {
rewrite ^/(.*)$ $scheme://www.91ce.com)/$1 permanent;
}
location / {
proxy_pass https://127.0.0.1:443;
#proxy_pass https://127.0.0.1:443;
#Proxy Settings
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_max_temp_file_size 0;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
error_page 404 401 402 403 404 500 502 503 504 /502.html;
}
#添加结束
access_log /www/wwwlogs/91ce.com.log;
error_log /www/wwwlogs/91ce.com.error.log;
}配置说明:
源服务器:宝塔+NIGNX,反代服务器:宝塔+NIGNX,源服务器和目标服务器都绑定了网站域名,其实装不装宝塔都是OK的,设置好证书路径即可。
宝塔做个301.www.91ce.com 自动跳到91ce.com
配置文件修改:(其中91ce.com是你需要同域名反代的站点域名,127.0.0.1是你的源服务器IP)