Nginx cheat sheet

#🌐

前言

驗證nginx的http2開啓方式時，
才突然驚覺我需要一個nginx cheat sheet
不然怎麼單純回個狀態都不知道去哪抄

正文

response 200

location / {
    add_header Content-Type text/plain;
    return 200 'Hey James,Say Hello Nginx';
}

自簽憑證

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout example.key -out example.crt

在 Common Name時，記得輸入你目前電腦的ip，
產生完後，掛載對應的volume到nginx裏面。
更改config。

docker-compose.yaml


version: '3.8'
services:
  nginx-lb:
    container_name: nginx
    image: nginx
    pull_policy: if_not_present
    restart: always
    volumes:
      - ./certs:/etc/ssl
      - ./nginx.conf:/etc/nginx/nginx.conf
      - ./proxy.conf:/etc/nginx/conf.d/proxy.conf
    ports:
      - 443:443
      - 80:80
    networks:
      - internal
networks:
  internal:
    name: internal
    driver: bridge

proxy.conf(某個nginx版本後 http2開啓的方式要改用下面的方式)

server {
    listen       443 ssl;
    server_name  192.168.1.106;
    http2 on;

    ssl_certificate           /etc/ssl/example.crt;
    ssl_certificate_key       /etc/ssl/example.key;
    ssl_protocols             TLSv1.3 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ecdh_curve            X25519:secp521r1:secp384r1;
    ssl_ciphers               TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_session_cache         shared:TLS:2m;
    ssl_buffer_size           4k;

	location / {
	    add_header Content-Type text/plain;
	    return 200 'Hey James,Say Hello Nginx';
	}
}

Proxy_pass

proxy_pass url 中包含路徑時，結尾的 / 最好同 location 匹配規則一致。

ref. proxy_pass url 反向代理的坑