Last active
May 24, 2017 07:45
-
-
Save 0neday/e375388742a60c50be62227456d2b7bd to your computer and use it in GitHub Desktop.
nginx configuration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# nginx - this script starts and stops the nginx daemon | |
# | |
# chkconfig: - 85 15 | |
# description: NGINX is an HTTP(S) server, HTTP(S) reverse \ | |
# proxy and IMAP/POP3 proxy server | |
# processname: nginx | |
# config: /etc/nginx/nginx.conf | |
# config: /etc/sysconfig/nginx | |
# pidfile: /var/run/nginx.pid | |
# Source function library. | |
. /etc/rc.d/init.d/functions | |
# Source networking configuration. | |
. /etc/sysconfig/network | |
# Check that networking is up. | |
[ "$NETWORKING" = "no" ] && exit 0 | |
nginx="/usr/sbin/nginx" | |
prog=$(basename $nginx) | |
NGINX_CONF_FILE="/etc/nginx/nginx.conf" | |
[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx | |
lockfile=/var/lock/subsys/nginx | |
make_dirs() { | |
# make required directories | |
user=`$nginx -V 2>&1 | grep "configure arguments:.*--user=" | sed 's/[^*]*--user=\([^ ]*\).*/\1/g' -` | |
if [ -n "$user" ]; then | |
if [ -z "`grep $user /etc/passwd`" ]; then | |
useradd -M -s /bin/nologin $user | |
fi | |
options=`$nginx -V 2>&1 | grep 'configure arguments:'` | |
for opt in $options; do | |
if [ `echo $opt | grep '.*-temp-path'` ]; then | |
value=`echo $opt | cut -d "=" -f 2` | |
if [ ! -d "$value" ]; then | |
# echo "creating" $value | |
mkdir -p $value && chown -R $user $value | |
fi | |
fi | |
done | |
fi | |
} | |
start() { | |
[ -x $nginx ] || exit 5 | |
[ -f $NGINX_CONF_FILE ] || exit 6 | |
make_dirs | |
echo -n $"Starting $prog: " | |
daemon $nginx -c $NGINX_CONF_FILE | |
retval=$? | |
echo | |
[ $retval -eq 0 ] && touch $lockfile | |
return $retval | |
} | |
stop() { | |
echo -n $"Stopping $prog: " | |
killproc $prog -QUIT | |
retval=$? | |
echo | |
[ $retval -eq 0 ] && rm -f $lockfile | |
return $retval | |
} | |
restart() { | |
configtest || return $? | |
stop | |
sleep 1 | |
start | |
} | |
reload() { | |
configtest || return $? | |
echo -n $"Reloading $prog: " | |
killproc $nginx -HUP | |
RETVAL=$? | |
echo | |
} | |
force_reload() { | |
restart | |
} | |
configtest() { | |
$nginx -t -c $NGINX_CONF_FILE | |
} | |
rh_status() { | |
status $prog | |
} | |
rh_status_q() { | |
rh_status >/dev/null 2>&1 | |
} | |
case "$1" in | |
start) | |
rh_status_q && exit 0 | |
$1 | |
;; | |
stop) | |
rh_status_q || exit 0 | |
$1 | |
;; | |
restart|configtest) | |
$1 | |
;; | |
reload) | |
rh_status_q || exit 7 | |
$1 | |
;; | |
force-reload) | |
force_reload | |
;; | |
status) | |
rh_status | |
;; | |
condrestart|try-restart) | |
rh_status_q || exit 0 | |
;; | |
*) | |
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}" | |
exit 2 | |
esac |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
user nobody; | |
worker_processes 4; | |
#error_log logs/error.log; | |
#error_log logs/error.log notice; | |
#error_log logs/error.log info; | |
#pid logs/nginx.pid; | |
events { | |
worker_connections 1024; | |
} | |
http { | |
include mime.types; | |
default_type application/octet-stream; | |
#log_format main '$remote_addr - $remote_user [$time_local] "$request" ' | |
# '$status $body_bytes_sent "$http_referer" ' | |
# '"$http_user_agent" "$http_x_forwarded_for"'; | |
#access_log logs/access.log main; | |
sendfile on; | |
#tcp_nopush on; | |
#keepalive_timeout 0; | |
keepalive_timeout 65; | |
#gzip on; | |
upstream cluster { | |
# simple round-robin | |
ip_hash; | |
server ip1:443; | |
server ip2:443; | |
#check interval=5000 rise=1 fall=3 timeout=4000; | |
check interval=3000 rise=2 fall=5 timeout=1000 type=ssl_hello port=443; | |
#check interval=3000 rise=2 fall=5 timeout=1000 type=http; | |
#check_http_send "HEAD / HTTP/1.0\r\n\r\n"; | |
#check_http_expect_alive http_2xx http_3xx; | |
} | |
server { | |
listen 80; | |
listen 443 ssl; | |
server_name yourdomain.cn; | |
ssl_protocols TLSv1.2 TLSv1.1 TLSv1; | |
ssl_prefer_server_ciphers on; | |
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS; | |
keepalive_timeout 70; | |
ssl_session_cache shared:SSL:10m; | |
ssl_session_timeout 10m; | |
ssl_certificate /etc/nginx/ssl/your.crt; | |
ssl_certificate_key /etc/nginx/ssl/your.key; | |
if ($http_user_agent ~ YisouSpider) { | |
return 403; | |
} | |
if ($scheme = 'http') { | |
rewrite ^ https://$http_host$request_uri? permanent; | |
} | |
location / { | |
proxy_set_header Host $host; | |
proxy_set_header X-Forwarded-Proto $scheme; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
add_header Cache-Control "no-cache, no-store"; | |
add_header Powered-By-CacheServer "MISS from xxx-1-3h3.6"; | |
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; | |
proxy_pass https://cluster; | |
} | |
location /xxx/ { | |
proxy_set_header Host $host; | |
proxy_set_header X-Forwarded-Proto $scheme; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
add_header Cache-Control "no-cache, no-store"; | |
add_header Powered-By-CacheServer "MISS from NJCIT-1-3h3.6"; | |
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; | |
proxy_pass https://cluster; | |
allow ip1; | |
deny all; | |
} | |
location ~* \.(png|jpg|jpeg|gif|ico|js|css|swf)$ { | |
root /opt/ids; | |
} | |
location /status { | |
check_status; | |
access_log off; | |
allow ip; | |
deny all; | |
} | |
error_page 404 403 500 502 503 504 /404.html; | |
location = /404.html { | |
root html; | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment