Nginx 配置 Google Ajax、 Fonts和 Gravatar 反向代理教程

5,911次阅读
没有评论

Nginx 配置 Google Ajax、Fonts 和 Gravatar 反向代理教程

Nginx 是最快和最强大的 Web 服务器之一,以其高性能和低资源占用率而闻名。它既可以被安装为一个独立的 Web 服务器,也可以安装成反向代理 Web 服务器。

nginx 反向代理的指令不需要新增额外的模块,默认自带 proxy_pass 指令,只需要修改配置文件就可以实现反向代理。

首先我们需要建立用来存储缓存的目录:

mkdir -p /var/cache/nginx/cache
mkdir -p /var/cache/nginx/temp

修改 nginx 配置文件,加入 

##
        # Nginx Cache Settings
        ##

        proxy_temp_file_write_size 128k;
        proxy_temp_path   /var/cache/nginx/temp;
        proxy_cache_path  /var/cache/nginx/cache levels=1:2 keys_zone=cache_one:50m inactive=7d max_size=5g;

以下是分别的配置文件:

google-ajax.conf

upstream googleajax {server ajax.googleapis.com:443;}

server {
    listen 80;

    server_name ajax.vpswe.com;

    resolver 8.8.8.8;

    location / {
        proxy_pass_header Server;
        proxy_set_header Host ajax.googleapis.com;
        proxy_set_header Accept-Encoding '';
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_pass https://googleajax;
        proxy_cache cache_one;
        proxy_cache_valid  200 304 365d;
        proxy_cache_key $host$uri$is_args$args;
        expires max;
    }
}

server {
    listen 443 ssl spdy;

    ssl on;
    ssl_certificate /root/ssl/css.crt;
    ssl_certificate_key /root/ssl/css.key;

    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
    keepalive_timeout 70;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m; 

    server_name ajax.vpswe.com;

    resolver 8.8.8.8;

    location / {
        proxy_pass_header Server;
        proxy_set_header Host ajax.googleapis.com;
        proxy_set_header Accept-Encoding '';
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_pass https://googleajax;
        proxy_cache cache_one;
        proxy_cache_valid  200 304 365d;
        proxy_cache_key $host$uri$is_args$args;
        expires max;
    }
}

google-fonts.conf

upstream google {server fonts.googleapis.com:443;}

upstream gstatic {server fonts.gstatic.com:443;}

server {
    listen 80;

    server_name fonts.vpswe.com;

    resolver 8.8.8.8;

    location /css {
        sub_filter 'fonts.gstatic.com' 'fonts.vpswe.com';
        sub_filter_once off;
        sub_filter_types text/css;
        proxy_pass_header Server;
        proxy_set_header Host fonts.googleapis.com;
        proxy_set_header Accept-Encoding '';
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_pass https://google;
        proxy_cache cache_one;
        proxy_cache_valid  200 304 365d;
        proxy_cache_key $host$uri$is_args$args;
        expires max;
    }

    location /icon {
        sub_filter 'fonts.gstatic.com' 'fonts.vpswe.com';
        sub_filter_once off;
        sub_filter_types text/css;
        proxy_pass_header Server;
        proxy_set_header Host fonts.googleapis.com;
        proxy_set_header Accept-Encoding '';
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_pass https://google;
        proxy_cache cache_one;
        proxy_cache_valid  200 304 365d;
        proxy_cache_key $host$uri$is_args$args;
        expires max;
    }

    location / {
        proxy_pass_header Server;
        proxy_set_header Host fonts.gstatic.com;
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_pass http://gstatic;
        proxy_cache cache_one;
        proxy_cache_valid  200 304 365d;
        proxy_cache_key $host$uri$is_args$args;
        expires max;
    }
}

server {
    listen 443 ssl spdy;

    ssl on;
    ssl_certificate /root/ssl/css.crt;
    ssl_certificate_key /root/ssl/css.key;

    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
    keepalive_timeout 70;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m; 

    server_name fonts.vpswe.com;

    resolver 8.8.8.8;

    location /css {
        sub_filter 'fonts.gstatic.com' 'fonts.vpswe.com'; 
        sub_filter_once off;
        sub_filter_types text/css;
        proxy_pass_header Server;
        proxy_set_header Host fonts.googleapis.com;
        proxy_set_header Accept-Encoding '';
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_pass https://google;
        proxy_cache cache_one;
        proxy_cache_valid  200 304 365d;
        proxy_cache_key $host$uri$is_args$args;
        expires max;
    }

    location /icon {
        sub_filter 'fonts.gstatic.com' 'fonts.vpswe.com'; 
        sub_filter_once off;
        sub_filter_types text/css;
        proxy_pass_header Server;
        proxy_set_header Host fonts.googleapis.com;
        proxy_set_header Accept-Encoding '';
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_pass https://google;
        proxy_cache cache_one;
        proxy_cache_valid  200 304 365d;
        proxy_cache_key $host$uri$is_args$args;
        expires max;
    }

    location / {
        proxy_pass_header Server;
        proxy_set_header Host fonts.gstatic.com;
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_pass https://gstatic;
        proxy_cache cache_one;
        proxy_cache_valid  200 304 365d;
        proxy_cache_key $host$uri$is_args$args;
        expires max;
    }
}

gravatar.conf

upstream gravatar {server secure.gravatar.com:443;}

server {
    listen 80;

    server_name gravatar.vpswe.com;

    resolver 8.8.8.8;

    location / {
        proxy_pass_header Server;
        proxy_set_header Host secure.gravatar.com;
        proxy_set_header Accept-Encoding '';
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_pass https://gravatar;
        proxy_cache cache_one;
        proxy_cache_valid  200 304 365d;
        proxy_cache_key $host$uri$is_args$args;
        expires max;
    }
}

server {
    listen 443 ssl spdy;

    ssl on;
    ssl_certificate /root/ssl/css.crt; #改为自己的 SSL 证书位置
    ssl_certificate_key /root/ssl/css.key; #改为自己的 SSL 私钥位置

    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
    keepalive_timeout 70;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m; 

    server_name gravatar.vpswe.com;

    resolver 8.8.8.8;

    location / {
        proxy_pass_header Server;
        proxy_set_header Host secure.gravatar.com;
        proxy_set_header Accept-Encoding '';
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_pass https://gravatar;
        proxy_cache cache_one;
        proxy_cache_valid  200 304 365d;
        proxy_cache_key $host$uri$is_args$args;
        expires max;
    }
}

正文完
Google Ajax Goole Fonts Gravatar Nginx 反向代理
发表至: Nginx
2016-09-13
 0
VPSWe
版权声明:本站原创文章,由 VPSWe 于2016-09-13发表,共计5915字。
转载说明:除特殊说明外本站文章皆由CC-4.0协议发布,转载请注明出处。
Nginx 配置 Google Ajax、 Fonts和 Gravatar 反向代理教程
LNMP1.3 反向代理 Gravatar 配置
Nginx配置索引(目录浏览),美化索引页面,配置目录密码保护
评论(没有评论)
验证码
文章搜索
最新文章
使用 ntfy 自建消息推送服务

使用 ntfy 自建消息推送服务

消息推送有很多现成的平台,比如 Server 酱、微信甚至 E-mail 等等,基本上可以满足大多数场景。不过...
最新评论
可惜可以装的太少了。而且暂时还不支持数据库数据的导入导出 计划中不知道什么时候可以实现(๑•̀ㅁ•́ฅ)
ZjzMisaka ZjzMisaka 最后有关返回值信息, 好像写的太死了例如a命令返回的是: net.ipv4.tcp_available_congestion_control = reno cubic bbrb命令返回的是: tcp_bbr 20480 1实际上应该返回带bbr的返回值就代表安装成功了. 另外谢谢大佬, 装了bbr以后速度简直起飞了~
Linux 下使用 vnStat 统计 VPS 流量 | P3terChan’s Blog – Log@X.X.B Linux 下使用 vnStat 统计 VPS 流量 | P3terChan’s Blog – Log@X.X.B […] vnstat教程:linux下很方便查看服务器带宽流量统计的命令 […]
VPSWe VPSWe 由于某些服务商的VPS 无法创建NAT 网络, 所以不支持用此方法开启BBR。
游客 游客 无法创建NAT网络怎么破?
许 好文。谢谢。已经按你的指引操作成功了。
w w centos6 X86上安装出错
逝水无痕 逝水无痕 不错,学习了!