kk Blog —— 通用基础


date [-d @int|str] [+%s|"+%F %T"]
netstat -ltunp
sar -n DEV 1

nginx配置多个域名, http https共用配置

https://www.cnblogs.com/dayq/p/17488471.html

1. nginx

vim /usr/local/openresty/nginx/conf/nginx.conf

域名 s1.com *.s1.com 建议分开写两个?

如果需要多个域名共用端口则复制多个

增加回源地址 Proxy: “$proxy_host” “$upstream_addr”

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
http {
	log_format  main  '$fmt_localtime $request_time $server_addr $server_port $remote_addr $remote_port $status $body_bytes_sent $request_method $server_protocol'
			  ' "$host" "$uri" "$query_string" "$http_referer" "$http_user_agent" "$ssl_protocol" "$ssl_cipher" "-" "$remote_user" "$http_x_forwarded_for"'
			  ' Proxy: $upstream_response_time $proxy_host $upstream_addr $upstream_status $upstream_response_length';
	access_log  /var/log/nginx/access.log  main;

	map $host $fmt_localtime {
		default '';
	}
	log_by_lua_block {
		ngx.var.fmt_localtime = ngx.localtime();
	}

	sendfile      on;
	tcp_nopush        on;
	tcp_nodelay       on;
	keepalive_timeout 65;
	types_hash_max_size   4096;
	#gzip  on;


	include       mime.types;
	default_type  application/octet-stream;


	server {
		listen  80;
		listen  443 ssl;
		server_name s1.com;

		ssl_certificate       /var/www/s1.com.pem;
		ssl_certificate_key   /var/www/s1.com.key;

		client_max_body_size 200m;

		proxy_http_version 1.1;
		proxy_set_header Connection "";
		proxy_set_header Host $http_host;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

		location / {
			proxy_pass https://192.168.1.11:11;
		}

		error_page   500 502 503 504  /50x.html;
		location = /50x.html {
			root   html;
		}
	}

	server {
		listen  80;
		listen  443 ssl;
		server_name *.s1.com;

		ssl_certificate       /var/www/s1.com.pem;
		ssl_certificate_key   /var/www/s1.com.key;

		client_max_body_size 200m;

		proxy_http_version 1.1;
		proxy_set_header Connection "";
		proxy_set_header Host $http_host;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

		location / {
			proxy_pass https://192.168.1.11:11;
		}

		error_page   500 502 503 504  /50x.html;
		location = /50x.html {
			root   html;
		}
	}



	server {
		listen  80;
		listen  443 ssl;
		server_name s2.com;

		ssl_certificate       /var/www/s2.com.pem;
		ssl_certificate_key   /var/www/s2.com.key;

		client_max_body_size 200m;

		proxy_http_version 1.1;
		proxy_set_header Connection "";
		proxy_set_header Host $http_host;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

		location / {
			proxy_pass https://192.168.2.22:22;
		}

		error_page   500 502 503 504  /50x.html;
		location = /50x.html {
			root   html;
		}
	}

	server {
		listen  80;
		listen  443 ssl;
		server_name *.s2.com;

		ssl_certificate       /var/www/s2.com.pem;
		ssl_certificate_key   /var/www/s2.com.key;

		client_max_body_size 200m;

		proxy_http_version 1.1;
		proxy_set_header Connection "";
		proxy_set_header Host $http_host;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

		location / {
			proxy_pass https://192.168.2.22:22;
		}

		error_page   500 502 503 504  /50x.html;
		location = /50x.html {
			root   html;
		}
	}
}

2. log 配置

vim /etc/logrotate.d/nginx

1
2
3
4
5
6
7
8
9
10
11
12
/var/log/nginx/*.log {
    create 0640 nginx root
    weekly
    rotate 100
    missingok
    notifempty
    delaycompress
    sharedscripts
    postrotate
        /bin/kill -USR1 `cat /run/nginx.pid 2>/dev/null` 2>/dev/null || true
    endscript
}