课件更新

README.md

@@ -1,2 +1,6 @@
 # geektime-nginx
 极客时间：nginx核心知识100讲配置文件与代码分享
+
+# nginx编译参数
+课程截止到第5部分时，用到的模块及编译参数如下：
+`./configure --with-http_auth_request_module --with-http_realip_module --with-http_v2_module --with-debug --add-module=/home/web/nginx-http-concat/ --with-http_random_index_module --with-http_sub_module --with-http_addition_module --with-http_secure_link_module --with-http_geoip_module --with-http_ssl_module --with-stream_ssl_module --with-stream_realip_module --with-stream_ssl_preread_module --with-stream --add-module=/home/web/ngx_cache_purge/ --with-http_slice_module --with-google_perftools_module`

examples/cache.conf

@@ -0,0 +1,72 @@
+proxy_cache_path /data/nginx/tmpcache levels=2:2 keys_zone=two:10m loader_threshold=300 
+                     loader_files=200 max_size=200m inactive=1m;
+
+server {
+	server_name cache.taohui.tech;
+
+	root html/;
+	error_log logs/cacherr.log debug;
+
+	location ~ /purge(/.*) {
+        	proxy_cache_purge two $scheme$1;
+    	}   
+
+	location /{
+		#expires @20h30m;
+		#if_modified_since off;
+		proxy_cache two;
+		proxy_cache_valid 200 1m;
+		add_header X-Cache-Status $upstream_cache_status;
+		#proxy_cache_use_stale error timeout updating;
+		#proxy_cache_key $scheme$uri;
+		#proxy_cache_revalidate on;
+		#proxy_cache_background_update on;
+		#proxy_hide_header      Set-Cookie;
+  		#proxy_ignore_headers   Set-Cookie;
+
+		#proxy_force_ranges on;
+
+		proxy_cache_key $scheme$uri;
+		proxy_pass http://localhost:8012;
+	}
+
+	listen 443 ssl; # managed by Certbot
+    	ssl_certificate examples/cert/a.crt;
+    	ssl_certificate_key examples/cert/a.key; 
+    	#include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    	#ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+	ssl_verify_client  optional;
+	ssl_verify_depth 2;
+	#ssl_trusted_certificate examples/cert/ca.crt;
+	ssl_client_certificate examples/cert/ca.crt;
+	#ssl_client_certificate LetsEncryptAuthorityX3.crt;
+
+	location /test {
+		default_type text/plain;
+		return 200 '
+ssl_client_escaped_cert: $ssl_client_escaped_cert
+ssl_client_cert: $ssl_client_cert
+ssl_client_raw_cert: $ssl_client_raw_cert
+ssl_cipher: $ssl_cipher
+ssl_ciphers: $ssl_ciphers
+ssl_client_fingerprint: $ssl_client_fingerprint
+ssl_client_i_dn: $ssl_client_i_dn
+ssl_client_i_dn_legacy: $ssl_client_i_dn_legacy
+ssl_client_s_dn: $ssl_client_s_dn
+ssl_client_s_dn_legacy: $ssl_client_s_dn_legacy
+ssl_client_serial: $ssl_client_serial
+ssl_client_v_end: $ssl_client_v_end
+ssl_client_v_remain: $ssl_client_v_remain
+ssl_client_v_start: $ssl_client_v_start
+ssl_client_verify: $ssl_client_verify
+ssl_curves: $ssl_curves
+ssl_protocol: $ssl_protocol
+ssl_server_name: $ssl_server_name
+ssl_session_id: $ssl_session_id
+ssl_session_reused: $ssl_session_reused
+';
+	}
+
+    listen 80; # managed by Certbot
+}

examples/grpc.conf

@@ -0,0 +1,15 @@
+server {
+	server_name http2.taohui.tech;
+
+	root html;
+	location / {
+		grpc_pass localhost:50051;
+	}
+
+    listen 4431 http2; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/http2.taohui.tech/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/http2.taohui.tech/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}

examples/http2.conf

@@ -0,0 +1,21 @@
+server {
+	server_name http2.taohui.tech;
+
+	root html;
+	location / {
+		http2_push /mirror.txt;
+		http2_push /video.mp4;
+	}
+
+	location /test {
+		add_header Link "</style.css>; as=style; rel=preload";
+		http2_push_preload on;
+	}
+
+    listen 4430 ssl http2; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/http2.taohui.tech/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/http2.taohui.tech/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}

examples/memcached.conf

@@ -0,0 +1,11 @@
+server {
+	server_name memcached.taohui.tech;
+	#root html/;
+	default_type text/plain;
+
+	location /get {
+		set            $memcached_key "$arg_key";
+		#memcached_gzip_flag 2;
+		memcached_pass localhost:11211;
+	}
+}

examples/nextups.conf

@@ -0,0 +1,37 @@
+upstream nextups {
+	server 127.0.0.1:8013;
+	server 127.0.0.1:8011;
+}
+
+server {
+	server_name nextups.taohui.tech;
+	error_log  logs/myerror.log  debug;
+	#root html/;
+	default_type text/plain;
+
+	error_page 500 /test1.txt;
+
+	location / {
+		proxy_pass http://nextups;
+	}
+
+	location /test {
+	}
+
+	location /error {
+		proxy_pass http://nextups;
+		proxy_connect_timeout 1s;
+		proxy_next_upstream error;
+	}
+
+	location /intercept {
+		proxy_intercept_errors on;
+		proxy_pass http://127.0.0.1:8013;
+	}
+
+	location /httperr {
+                proxy_next_upstream http_500;
+                proxy_pass http://nextups;
+        }
+
+}

examples/openfilecache.conf

@@ -0,0 +1,10 @@
+server {
+	listen 8092;
+	root html;
+	location / {
+		open_file_cache max=10 inactive=60s;
+		open_file_cache_min_uses 1; 
+		open_file_cache_valid 60s; 
+		open_file_cache_errors on;
+	}
+}

examples/proxy.conf

@@ -1,21 +1,34 @@
-upstream proxyups {
+upstream proxyupstream {
 	server 127.0.0.1:8012 weight=1;
 }
 
 server {
 	server_name proxy.taohui.tech;
-	error_log myerror.log info;
+	error_log logs/myerror.log debug;
 
-	location /a {
-		proxy_pass http://proxyups/www;
-		proxy_method POST;
-		proxy_pass_request_headers off;
+	location / {
+		proxy_pass http://proxyupstream;
+		#proxy_method POST;
+
+		proxy_hide_header aaa;
+		proxy_pass_header server;
+		proxy_ignore_headers X-Accel-Limit-Rate;
+
+		#proxy_pass_request_headers off;
 		#proxy_pass_request_body off;
-		proxy_set_body 'hello world!';
-		proxy_set_header name '';
+		#proxy_set_body 'hello world!';
+		#proxy_set_header name '';
 		proxy_http_version 1.1;
         	proxy_set_header Connection "";
 	}
+
+    listen 80; # managed by Certbot
+
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/proxy.taohui.tech/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/proxy.taohui.tech/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
 }
 
 

examples/slice.conf

@@ -0,0 +1,24 @@
+proxy_cache_path /data/nginx/tmpcache3 levels=2:2 keys_zone=three:10m loader_threshold=300 
+                     loader_files=200 max_size=200m inactive=1m;
+
+server {
+	server_name slice.taohui.tech;
+
+	error_log logs/cacherr.log debug;
+
+	location ~ /purge(/.*) {
+                proxy_cache_purge three $1$is_args$args$slice_range;
+        }
+
+	location /{
+		proxy_cache three;
+		slice             1m;
+		proxy_cache_key   $uri$is_args$args$slice_range;
+    		proxy_set_header  Range $slice_range;
+
+		proxy_cache_valid 200 206 1m;
+		add_header X-Cache-Status $upstream_cache_status;
+
+		proxy_pass http://localhost:8012;
+	}
+}

examples/store.conf

@@ -0,0 +1,19 @@
+upstream proxyups {
+	server 127.0.0.1:8012 weight=1;
+}
+
+server {
+	server_name store.taohui.tech;
+	error_log logs/myerror.log debug;
+	root /tmp;
+
+	location / {
+		proxy_pass http://proxyups;
+		proxy_store        on;
+    		proxy_store_access user:rw group:rw all:r;
+	}
+
+    listen 80; # managed by Certbot
+}
+
+

examples/stream.conf

@@ -0,0 +1,7 @@
+stream {
+        server {
+                listen 10001;
+                return 'hello, $remote_addr!\n';
+        }
+}
+

examples/streamups.conf

@@ -0,0 +1,40 @@
+stream {
+	log_format basic '$remote_addr [$time_local] '
+                 '$protocol $status $bytes_sent $bytes_received '
+                 '$session_time';
+
+	error_log logs/stream_error.log debug;
+	access_log logs/stream_access.log basic;
+	server {
+		listen 10002 proxy_protocol;
+		return '10002 server get ip: $remote_addr!\n';
+	}
+
+	server {
+		listen 10003 proxy_protocol;
+		return '10003 server get ip: $remote_addr!\n';
+        }
+
+	server {
+		#listen 10004;
+		listen 10004 proxy_protocol;
+		set_real_ip_from 127.0.0.1;
+		allow 202.112.144.236;
+		deny all;
+		return '10004 vars:
+bytes_received: $bytes_received
+bytes_sent: $bytes_sent
+proxy_protocol_addr: $proxy_protocol_addr
+proxy_protocol_port: $proxy_protocol_port
+remote_addr: $remote_addr
+remote_port: $remote_port
+realip_remote_addr: $realip_remote_addr
+realip_remote_port: $realip_remote_port
+server_addr: $server_addr
+server_port: $server_port
+session_time: $session_time
+status: $status
+protocol: $protocol
+';
+	}
+}

examples/upserver.conf

@@ -0,0 +1,39 @@
+server {
+        listen 127.0.0.1:8011;
+	default_type text/plain;
+	limit_rate 1;
+        return 200 '8011 server response.\n';
+}
+
+server {
+        listen 8013;
+        default_type text/plain;
+        return 500 '8013 Server Internal Error.\n';
+}
+
+server {
+        listen 8012;
+	default_type text/plain;
+	#client_body_in_single_buffer on;
+	#add_header Cache-Control 'max-age=3,stale-while-revalidate=3';
+	#add_header Vary *;
+	#add_header X-Accel-Expires 3;
+	root html;
+
+	location / {
+		#add_header aaa 'aaa value';
+		#add_header X-Accel-Limit-Rate 10;
+	}
+
+	location /test {
+        	return 200 '8012 server response.
+uri: $uri
+method: $request_method
+request: $request
+http_name: $http_name
+curtime: $time_local
+\n';
+	}
+}
+
+

examples/websocket.conf

@@ -0,0 +1,23 @@
+server {
+	server_name websocket.taohui.tech;
+	#root html/;
+	default_type text/plain;
+
+	access_log logs/ws.log;
+
+	location / {
+		proxy_http_version 1.1;
+    		proxy_set_header Upgrade $http_upgrade;
+    		proxy_set_header Connection "upgrade";
+		proxy_pass http://echo.websocket.org;
+	}
+
+    listen 80; # managed by Certbot
+
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/websocket.taohui.tech/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/websocket.taohui.tech/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}