0%

Tengine日常操作攻略

一、常用操作

1.1 重定向

  • 302 临时重定向
1
2
3
location /query {
rewrite ^(.*)$ https://docs.qq.com/doc/DVEtQbVdOcUpTZWl2 redirect;
}
  • 301 永久重定向
1
2
3
location /ceshi {
rewrite ^(.*)$ https://$host$1 permanent;
}

1.2 配置返回403

1
2
3
location /abcd {
return 403;
}
  • if嵌套语句返回403
1
2
3
4
5
6
7
set $flag 0;
if ($args ~* "occupyStock") {
set $flag "${flag}1";
}
if ($flag = "01") {
return 403;
}

1.3 拒绝全部访问

1
2
3
location /configs/ {
deny all;
}

1.4 拒绝某一个IP

1
2
3
4
location / {
deny 125.119.249.65;
allow all;
}

1.5 代理

1
2
3
4
5
6
7
location /thirdparty {
proxy_redirect off;
proxy_set_header Host www.512book.cn;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://www.512book.cn/thirtparty;
}

1.6 Upstream健康检查模块

  • tcp协议,适用于后端是linux主机
1
2
3
4
5
6
7
8
 upstream  www_512book_cn {
keepalive 32;
keepalive_timeout 30s;
check interval=1000 rise=2 fall=3 timeout=1000 type=tcp;
check_keepalive_requests 10000;
server 10.10.12.19:8797;
server 10.10.12.37:8797;
}
  • http协议,适用于后端是winserver web站点服务
1
2
3
4
5
6
7
8
9
10
upstream  www_512book_cn {
least_conn;
keepalive 32;
keepalive_timeout 30s;
check interval=3000 rise=2 fall=3 timeout=1000 type=http default_down=false;
check_http_send "GET /_stats/build.txt HTTP/1.1\r\nHost: localhost\r\nConnection: keep-alive\r\n\r\n";
check_keepalive_requests 10000;
server 10.10.12.19:8797;
server 10.10.12.37:8797;
}

1.7 Server配置文件一份

  • 监听80
1
2
3
4
5
6
7
8
9
10
11
server {
listen 80;
req_status server;
server_name www.512book.cn;

set $ups "此处为Upstream name";

location / {
proxy_pass http://$ups;
}
}

  • 监听443
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
server {
listen 443 ssl http2;
req_status server;
server_name www.512book.cn;
ssl on;
ssl_certificate keys/512book.cn.crt;
ssl_certificate_key keys/512book.cn.key;
ssl_dhparam keys/dhparams.pem;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:50m;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
#此处为Upsteam name
set $ups "www_512book.cn";

limit_req zone=global burst=50;

location /images {
rewrite ^/(.*) https://www.512book.cn/$1 permanent;
}
location / {
proxy_pass http://$ups;
}
}

1.8 配置健康检查页面

  • 可以实现监控每一个upstream name后端主机的状态
    1
    2
    3
    4
    5
    6
    7
    server {
    listen 4433;
    server_name _;
    location /nstatus {
    check_status;
    }
    }

效果图

image.png

  • 使用技巧:只查看状态为down的机器
    http://512book.cn:4433/nstatus?Status=down
坚持原创技术分享,您的支持将鼓励我继续创作!
-------------本文结束感谢您的阅读-------------