nginx模块编译及反向镜像网站

      使用oneinstack安装LNMP环境,由于默认是缺少两个模块的,所以需要我们编译一下nginx; 

      首先查看一下nginx -V; 

       然后git clone https://github.com/yaoweibin/ngx_http_substitutions_filter_module.git 或者wget -O ngx_http_substitutions_filter_module-master.zip https://github.com/yaoweibin/ngx_http_substitutions_filter_module/archive/master.zip   下载下来;

      先找到Ngnix的源码包,并解压 cd /root/oneinstack/src/ tar zxf nginx-1.15.tar.gz;解压相应的包。 

      然后cd nginx-1.15; ./configure –prefix=/usr/local/nginx –user=www –group=www –with-http_stub_status_module –with-http_v2 _module –with-http_ssl_module –with-http_gzip_static_module –with-http_realip_module –with-http_flv_module –wi th-http_mp4_module –with-openssl=../openssl-1.1.1b –with-pcre=../pcre-8.42 –with-pcre-jit –with-ld-opt=-ljemall oc –with-http_sub_module –add-module=/root/ngx_http_substitutions_filter_module-master   

    make,开始替换编译; 

    service nginx stop 停止nginx ;

    cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak 备份nginx; 

    cp ./objs/nginx /usr/local/nginx/sbin/ 覆盖nginx; 

    service nginx start 启动nginx 这样就完成nginx的模块添加   接下来就是镜像网站了.

    分两种情况,一种http协议的,一种https协议的; http协议的比较简单 HTTP 镜像适用于:

   添加虚拟主机时选择不启用 SSL 证书,并且被镜像的域名也没有启用 SSL 证书 打开/usr/local/nginx/conf/vhost 新建abc.com.conf vim abc.com.conf,把以下内容复制到 abc.com.conf   

 

 server { listen 80; server_name bbbbb.com;   
  if ($http_user_agent ~* (baiduspider|360spider|haosouspider|googlebot|soso|bing|sogou|yahoo|sohu-search|yodao|YoudaoBot|robozilla|msnbot|MJ12bot|NHN|Twiceler)) { return  403; }   
  location /  { 
  sub_filter 被复制的网址.com abc.com; 
  sub_filter_once off; 
  proxy_set_header X-Real-IP $remote_addr; 
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
  proxy_set_header Referer http://被复制的网址.com;
  proxy_set_header Host 被复制的网址.com; 
  proxy_pass http://被复制的网址.com; 
  proxy_set_header Accept-Encoding "";
   } 
  }

 最后执行:service nginx restart 重启nginx,使其生效。   

 另外一种是https镜像的; HTTPS 镜像适用于:添加虚拟主机时选择启用SSL证书,并且被镜像的域名也启用了SSL证书 ;

  cd /usr/local/nginx/conf/vhost vim abc.com.conf(创建一个网站conf),

  根本具体的情况修改: 

 

server {   
   listen 80;   listen 443 ssl http2;   
   ssl_certificate /usr/local/nginx/conf/ssl/www.abc.com.crt;   
   ssl_certificate_key /usr/local/nginx/conf/ssl/www.abc.com.key;   
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;   
    ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;   
   ssl_prefer_server_ciphers on;   
   ssl_session_timeout 10m;   
   ssl_session_cache builtin:1000 shared:SSL:10m;   
   ssl_buffer_size 1400;   
   add_header Strict-Transport-Security max-age=15768000;  
   ssl_stapling on;   
   ssl_stapling_verify on;   
   server_name www.abc.com abc.com;   
   access_log /data/wwwlogs/www.abc.com_nginx.log combined;   
   index index.html index.htm index.php;  
   root /data/wwwroot/www.abc.com;  
    if ($ssl_protocol = "") { return 301 https://$host$request_uri; }   
    if ($host != www.abc.com) {  return 301 $scheme://www.abc.com$request_uri;  }   
   include /usr/local/nginx/conf/rewrite/abc.com.conf;   
   #error_page 404 /404.html;   #error_page 502 /502.html;  
    if ($http_user_agent ~* (baiduspider|360spider|haosouspider|googlebot|soso|bing|sogou|yahoo|sohu-search|yodao|YoudaoBot|robozilla|msnbot|MJ12bot|NHN|Twiceler)) {    return  403;         }      
     location / {    
     sub_filter www.被复制的网址.com www.abc.com;         
     sub_filter_once off;         
     proxy_set_header X-Real-IP $remote_addr;         
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;         
     proxy_set_header Referer https://www.被复制的网址.com;         
     proxy_set_header Host www.被复制的网址.com;         
     proxy_pass https://www.被复制的网址.com;         
     proxy_set_header Accept-Encoding "";        
 }
 }


正文完
 0
评论(没有评论)