Nginx cross-domain configuration

http {
    # Domains that allow cross-domain requests, * for all
    add_header 'Access-Control-Allow-Origin' *;
    # Allow requests with cookies
    add_header 'Access-Control-Allow-Credentials' 'true'; 
    Methods that allow requests, such as GET/POST/PUT/DELETE
    add_header 'Access-Control-Allow-Methods' *;
    # Allow headers for requests
    add_header 'Access-Control-Allow-Headers' *;
}
Copy the code

Nginx anti-linked-theft configuration

http {
    # Verify the source site
    valid_referers baidu.com; 
    # Illegal introduction will enter the judgment below
    if ($invalid_referer) {
        return404}Copy the code

Nginx load balancing

Upstream tomcats {server 119.3.214.158:6991; Server 119.3.214.158:6992; Server 119.3.214.158:6993; } server { listen 6990; location / { proxy_pass http://tomcats; }}Copy the code

Upstream parameters

weight=number

Sets the weight of the server, which defaults to 1

Upstream tomcats {server 192.168.1.171:8080 weight=1; Server 192.168.1.174:8080 weight = 3; Server 192.168.1.175:8080 weight = 5; }Copy the code

max_conns=number

Limit the number of connections for each server to protect against overload and limit traffic.

Upstream tomcats {server 192.168.1.173:8080 max_conns=2; Server 192.168.1.174:8080 max_conns = 2; Server 192.168.1.175:8080 max_conns = 2; }Copy the code

slow_start=time

How long to slow start (available in commercial edition only)

Upstream tomcats {server 192.168.1.171:8080 weight=1; Server 192.168.1.174:8080 weight = 3;# 60 seconds from 0 -> 5, server unavailable to availableServer 192.168.1.175:8080 weight = 5 slow_start = 60 s; }Copy the code

down

Mark the server as unavailable

backup

Mark server as the backup server. It is enabled when the primary server is unavailable.

fail_timeout=time

Indicates the failed retry time

max_fails=number

If the server fails several times, the server is marked down and the upstream service is removed. Assume that the current Settings are as follows:

max_fails=2 fail_timeout=15s
Copy the code

It means that if the request for a certain server fails twice within 15 seconds, the server is considered to have hung up or gone down. Then, after 15 seconds, no new request will arrive at the node that has just hung up, but will be sent to the server that is running. After 15 seconds, a new request will try to connect to the server that has hung up. If it still fails, repeat the previous process until it recovers

keepalive connections

If you configure keepalive support in the upstream server, Nginx will now reuse existing TCP connections instead of creating new ones. This can significantly reduce the number of TCP connections on a TIME_WAIT busy SSL server

• Keep-Alive
• Connection

Upstream http_backend {server 127.0.0.1:8080;# Maintain the number of TCP connections for subsequent reuse
    keepalive 16;
}

server {
    location /http/ {
        proxy_pass http://http_backend;
        
        # Default is HTTP/1, keepalive is only available in HTTP/1.1Proxy_http_version 1.1;Clear this header if the client sent it
        # for this value may be [keepalive | close], if it is close client or server want to close the Internet connection, this is a default value for the HTTP / 1.0 requests
        proxy_set_header Connection ""; . }}Copy the code

Load balancing Policy

Round – robin polling

Requests to the application server are distributed in a circular manner

Weighted polling

Load balancing is affected by assigning weights to servers

upstream myapp1 {
        server srv1.example.com weight=3;
        server srv2.example.com;
        server srv3.example.com;
    }
Copy the code

With this configuration, every five new requests will be distributed across the application instance as follows: three requests will be directed to SRV1, one request will be directed to SRV2, and one request will be directed to SRV3

Least-connected Indicates the least number of connections

The next request is assigned to the server with the fewest active connections

    upstream myapp1 {
        least_conn;
        server srv1.example.com;
        server srv2.example.com;
        server srv3.example.com;
    }
Copy the code

ip-hash

A hash function determines which server should be selected for the next request (based on the client’s IP address)

upstream myapp1 {
    ip_hash;
    server srv1.example.com;
    server srv2.example.com;
    server srv3.example.com;
}
Copy the code

But there are some problems with IP-hash:

1. Server increase or decreaseThe hash must be recalculated (using a new number of servers) and subsequent requests for the existing IP are sent to other machines, eventually invalidating the cache or session
2. tiltThat is, too many IP addresses will hash into one server resulting in uneven distribution

Consistent hashes are a good solution to these problems

Nginx Configures the HTTPS domain name certificate

1. Installing an SSL Module

   To configure HTTPS in nginx, you must install the SSL module, namely: http_SSL_modul

2. Configure HTTPS

   • The SSL certificate*.crtAnd a private key*.keyCopy to the /usr/local/nginx/conf directory
   • Adding server listener443port

   server {
       listen  443;
       # your domain name
       server_name dsying.cn; 
       # open SSL
       ssl on;
   
       Configure the SSL certificate
       ssl_certificate dsying.cn.crt;
       Configure the SSL key
       ssl_certificate_key dsying.cn.key;
   
       # SSL session cache
       ssl_session_cache shared:SSL:1m;
       # SSL session timeoutssl_session_timeout 5m; Location / {proxy_pass http://public IP address: project port number; }}Copy the code