NGINX-1.5.10 フロントXXX.CONF設定、バックエンドXXX.CONF設定

2台構成のNginxのリバースプロキシのConfの設定をしました。WordPress,SSLを考慮しています。SPDY3.1も使用できました。

■フロント側 192.xxx.xxx105

/etc/nginx/nginx.conf
user nginx;
worker_processes 2;

error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

log_format main ‘$remote_addr – $remote_user [$time_local] “$request” ‘
‘$status $body_bytes_sent “$http_referer” ‘
‘”$http_user_agent” “$http_x_forwarded_for”‘;

access_log /var/log/nginx/access.log main;

sendfile on;
#tcp_nopush on;

keepalive_timeout 65;

#gzip on;
gzip on;
gzip_types text/plain
text/xml
text/css
text/javascript
image/x-icon
application/xml
application/rss+xml
application/json
application/x-javascript;
gzip_disable “MSIE [1-6]\.”;
gzip_disable “Mozilla/4″;

# トークン他
server_tokens off;
ignore_invalid_headers on;

#プロキシー

/etc/nginx/conf.d/proxy.conf
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=czone:4m max_size=50m inactive=120m;
proxy_temp_path /var/tmp/nginx;
proxy_cache_key “$scheme://$host$request_uri”;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

# 設定ファイル読み込み
include /etc/nginx/conf.d/*.conf;
}

=============================

/etc/nginx/conf.d/virtual.conf
upstream backend {
ip_hash;
server 192.XXX.XXX.110:8080;
}

server {

server_name xxx.xxxxx.jp;
rewrite http://proxy.xxxxxxxx.jp$request_uri? permanent;
}

server {
listen 80;
server_name xxxx.xxxx.jp;
root /var/www/html/xxxxx;

access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log debug;

client_max_body_size 36M;
port_in_redirect off;

location ~ /\. { deny all; access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
location = /favicon.ico { access_log off; log_not_found off; }
location /wp-admin { proxy_pass http://backend; }
location ~ .*\.php { proxy_pass http://backend; }
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
log_not_found off;
proxy_pass http://backend;
}
location / {
set $mobile “”;
if ($http_user_agent ~* ‘(DoCoMo|J-PHONE|Vodafone|MOT-|UP\.Browser|DDIPOCKET|ASTEL|PDXGW|Palmscape|Xiin
o|sharp pda browser|Windows CE|L-mode|WILLCOM|SoftBank|Semulator|Vemulator|J-EMULATOR|emobile|mixi-mobile-conve
rter)’) {
set $mobile “@ktai”;
}
if ($http_user_agent ~* ‘(iPhone|iPod|Opera Mini|Android.*Mobile|NetFront|PSP|BlackBerry)’) {
set $mobile “@mobile”;
}
if ($http_cookie ~* “comment_author_|wordpress_(?!test_cookie)|wp-postpass_” ) {
set $do_not_cache 1;
}
set $do_not_cache 0;
if ($request_method != GET) {
set $do_not_cache 1;
}
if ($uri !~* “.(jpg|png|gif|jpeg|css|js|swf|pdf|html|htm)$”) {
set $do_not_cache 1;
}
# Casheing
proxy_no_cache $do_not_cache;
proxy_cache_bypass $do_not_cache;
proxy_cache czone;
proxy_cache_key “$scheme://$host$request_uri$is_args$args$mobile”;
proxy_cache_valid 200 301 302 60m;
proxy_cache_valid 404 5m;
proxy_cache_use_stale error timeout invalid_header updating
http_500 http_502 http_503 http_504;
proxy_pass http://ssmg;

proxy_redirect off;
}
}

server {
listen 443 ssl spdy;
server_name proxy-wp.ssmg.jp;
root /var/www/html/proxy-wp;
client_max_body_size 36M;

# ssl
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;

ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

# Tell the browser we do SPDY
add_header Alternate-Protocol 443:npn-spdy/2;
# spdy
spdy_max_concurrent_streams 50;
spdy_streams_index_size 32;
spdy_recv_timeout 5s;
spdy_keepalive_timeout 15s;
spdy_headers_comp 9;

location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

# Casheing
set $do_not_cache 0;
if ($request_method != GET) {
set $do_not_cache 1;
}
if ($uri !~* “.(jpg|png|gif|jpeg|css|js|swf|pdf|html|htm)$”) {
set $do_not_cache 1;
}
proxy_no_cache $do_not_cache;
proxy_cache_bypass $do_not_cache;
proxy_cache czone;
proxy_cache_key “$scheme://$host$request_uri$is_args$args$mobile”;
proxy_cache_valid 200 301 302 60m;
proxy_cache_valid 404 5m;
proxy_cache_use_stale error timeout invalid_header updating
http_500 http_502 http_503 http_504;
proxy_pass http://backend;
}
}

■バックエンド側 192.XXX.XXX110
/etc/nginx/nginx.conf
ser nginx;
worker_processes 2;

error_log /var/log/nginx/error.log debug;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

log_format main ‘$remote_addr – $remote_user [$time_local] “$request” ‘
‘$status $body_bytes_sent “$http_referer” ‘
‘”$http_user_agent” “$http_x_forwarded_for”‘;

access_log /var/log/nginx/access.log main;

sendfile on;

#keepalive_timeout 0;
keepalive_timeout 30;

# gzip圧縮
gzip on;
gzip_http_version 1.0;
gzip_vary on;
gzip_comp_level 6;
gzip_types text/xml text/css application/xhtml+xml application/xml application/rss+xml application/atom_xml application/x-javascript application/x-httpd-php;
gzip_disable “MSIE [1-6]\.”;

# リバースプロキシの設定
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=czone:4m max_size=50m inactive=120m;
proxy_temp_path /var/lib/nginx/tmp;
proxy_cache_key “$scheme://$host$request_uri”;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
include /etc/nginx/conf.d/*.conf;

=============================

/etc/nginx/conf.d/virtul.conf
server {
listen 8080;
server_name xxxxx.xxxxx.jp;
root /var/www/html/xxxxx;

access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log debug;
client_max_body_size 36M;

location / {
index index.php index.html index.htm;
# static files
if (-f $request_filename) {
expires 14d;
break;
}
# request to index.php
if (!-e $request_filename) {
rewrite ^(.+)$ /index.php?q=$1 last;
}
}

location ~ \.php$ {
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
expires 2h;
}
location ~ (\.ht|\.git|\.svn) {
deny all;
}
}

※SPDYの設定は、80のほうには 設定できない
※リバースプロキシ 80 → 8080  443 → 8080

コメントを残す

メールアドレスが公開されることはありません。 * が付いている欄は必須項目です

次のHTML タグと属性が使えます: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>