ws 代理报错处理
nginx: [emerg] unknown "connection_upgrade" variable
#在nginx.conf文件的http{}段内增加以下内容:
#http {
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
#}
kibana http代理
cat act.conf
upstream act19091 {
server 10.200.77.41:19091 max_fails=3 fail_timeout=10s;
}
server {
listen 19091;
server_name act.fungaming.me;
#ssl_certificate ssl/fungaming.me.crt;
#ssl_certificate_key ssl/fungaming.me.key;
include vhost/error.txt;
error_log /home/wwwlogs/act.error.log;
access_log /home/logs/act.fungaming.me.log main;
location / {
proxy_pass http://act19091;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
server {
listen 80;
server_name ana.fungaming.me;
proxy_set_header X-Forwarded-For $remote_addr;
location / {
auth_basic "FunGaming WARNING";
auth_basic_user_file /usr/local/nginx/passwd.db;
proxy_pass http://10.200.77.41:5601;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_read_timeout 1200s;
access_log /var/log/nginx/ana.access.log;
error_log /var/log/nginx/ana.error.log;
}
}
http代理(seafile)
server {
listen 80;
server_name seafile.example.com;
proxy_set_header X-Forwarded-For $remote_addr;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_read_timeout 1200s;
# used for view/edit office file via Office Online Server
client_max_body_size 0;
access_log /var/log/nginx/seahub.access.log;
error_log /var/log/nginx/seahub.error.log;
}
# If you are using [FastCGI](http://en.wikipedia.org/wiki/FastCGI),
# which is not recommended, you should use the following config for location /
.
#
# location / {
# fastcgi_pass 127.0.0.1:8000;
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# fastcgi_param PATH_INFO $fastcgi_script_name;
#
# fastcgi_param SERVER_PROTOCOL $server_protocol;
# fastcgi_param QUERY_STRING $query_string;
# fastcgi_param REQUEST_METHOD $request_method;
# fastcgi_param CONTENT_TYPE $content_type;
# fastcgi_param CONTENT_LENGTH $content_length;
# fastcgi_param SERVER_ADDR $server_addr;
# fastcgi_param SERVER_PORT $server_port;
# fastcgi_param SERVER_NAME $server_name;
# fastcgi_param REMOTE_ADDR $remote_addr;
# fastcgi_read_timeout 36000;
#
# client_max_body_size 0;
#
# access_log /var/log/nginx/seahub.access.log;
# error_log /var/log/nginx/seahub.error.log;
# }
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;
}
location /media {
root /home/user/haiwen/seafile-server-latest/seahub;
}
}
Nginx 默认设置 "client_max_body_size" 为 1M。如果上传文件大于这个值的话,会报错,相关 HTTP 状态码为 423 ("Request Entity Too Large"). 你可以将值设为 0 以禁用此功能.
如果要上传大于 4GB 的文件,默认情况下 Nginx 会把整个文件存在一个临时文件中,然后发给上游服务器 (seaf-server),这样容易出错。使用 1.8.0 以上版本同时在 Nginx 配置文件中设置以下内容能解决这个问题:
location /seafhttp {
... ...
proxy_request_buffering off;
}
https代理(seafile)
server {
listen 80;
server_name seafile.example.com;
rewrite ^ https://$http_host$request_uri? permanent; #强制将http重定向到https
server_tokens off;
}
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/cacert.pem; #cacert.pem 文件路径
ssl_certificate_key /etc/ssl/privkey.pem; #privkey.pem 文件路径
server_name seafile.example.com;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:5m;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /etc/nginx/dhparam.pem;
# secure settings (A+ at SSL Labs ssltest at time of writing)
# see https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:HIGH:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS';
ssl_prefer_server_ciphers on;
proxy_set_header X-Forwarded-For $remote_addr;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
server_tokens off;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto https;
access_log /var/log/nginx/seahub.access.log;
error_log /var/log/nginx/seahub.error.log;
proxy_read_timeout 1200s;
client_max_body_size 0;
}
# 如果你使用 fastcgi 请使用此配置
#
# location / {
# fastcgi_pass 127.0.0.1:8000;
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# fastcgi_param PATH_INFO $fastcgi_script_name;
#
# fastcgi_param SERVER_PROTOCOL $server_protocol;
# fastcgi_param QUERY_STRING $query_string;
# fastcgi_param REQUEST_METHOD $request_method;
# fastcgi_param CONTENT_TYPE $content_type;
# fastcgi_param CONTENT_LENGTH $content_length;
# fastcgi_param SERVER_ADDR $server_addr;
# fastcgi_param SERVER_PORT $server_port;
# fastcgi_param SERVER_NAME $server_name;
# fastcgi_param REMOTE_ADDR $remote_addr;
# fastcgi_read_timeout 36000;
#
# client_max_body_size 0;
#
# access_log /var/log/nginx/seahub.access.log;
# error_log /var/log/nginx/seahub.error.log;
# }
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;
}
location /media {
root /home/user/haiwen/seafile-server-latest/seahub;
}
}
TCP代理(rsync)
vi nginx.conf
#放最前面,已加载则不需要
load_module "/usr/lib64/nginx/modules/ngx_stream_module.so";
#放配置文件最后面
stream{
upstream rsync{
hash $remote_addr consistent;
server 10.200.124.37:37873;
}
server{
listen 37873;
proxy_connect_timeout 20s;
proxy_timeout 5m;
proxy_pass rsync;
}
}
im riak conf
upstream riak_hosts {
server 172.18.119.95:8098;
server 172.18.119.96:8098;
server 172.18.119.97:8098;
server 172.18.119.98:8098;
server 172.18.119.99:8098;
}
server {
listen 80;
listen 8000;
listen 23000 ssl;
server_name upload.mchat.com file.hygtchat.com;
ssl_certificate key/1_file.hygtchat.com_bundle.crt;
ssl_certificate_key key/2_file.hygtchat.com.key;
include sslreq.txt;
location = /auth {
internal;
proxy_pass_request_body off;
proxy_set_header X-Original-URI $request_uri;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
if ($request_method = DELETE) {
return 405;
}
if ($request_method = GET) {
return 200;
}
proxy_pass http://localhost:8083/auth_token;
}
error_page 401 = @error401;
location @error401 {
return 302 http://riak_hosts;
}
location /riak {
if ($request_method = OPTIONS) {
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Credentials true;
add_header Access-Control-Allow-Methods 'GET, PUT, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
return 200;
}
client_max_body_size 10m;
auth_request /auth;
rewrite /riak/(.*) /riak/test/$1?$args break;
try_files $uri $uri/ @proxy;
}
location @proxy {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Host $remote_addr;
proxy_set_header 'Access-Control-Allow-Origin' '*';
proxy_set_header Referer '';
proxy_pass http://riak_hosts;
if ($http_user_agent ~* "Firefox|Safari"){
add_header Access-Control-Allow-Origin *;
add_header Content-Disposition "attachment; filename*=$arg_n";
}
if ($http_user_agent !~* "Firefox"){
add_header Access-Control-Allow-Origin *;
add_header Content-Disposition "attachment; filename=$arg_n";
}
}
location / {
root html;
index index.html index.htm;
access_log logs/access.log;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
fungaming.com.conf
cat fungaming.com.conf
server
{
listen 80;
listen 443 ssl;
server_name fungaming.com www.fungaming.com;
if ($scheme = 'http') { return 301 https://$host$request_uri; }
ssl_certificate /etc/nginx/1.pem;
ssl_certificate_key /etc/nginx/1.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA;
ssl_session_cache shared:SSL:10m;
ssl_prefer_server_ciphers on;
location /
{
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_set_header Accept-Encoding "";
proxy_pass_header User-Agent;
proxy_pass http://127.0.0.1:4000;
#sub_filter_types text/css text/xml;
sub_filter http://$host $scheme://$host;
sub_filter_once off;
}
}
wss代理配置(传用户真实IP,带日志)
upstream logs19091 {
server 192.168.220.251:19091;
}
server
{
listen 19091 ssl;
server_name logs.blizzmi.net;
set $proxy_add logs19091;
error_log /home/wwwlogs/act.error.log;
access_log /home/logs/act.fungaming.me.log main;
ssl_certificate /etc/nginx/1.crt;
ssl_certificate_key /etc/nginx/1.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA;
ssl_session_cache shared:SSL:10m;
ssl_prefer_server_ciphers on;
location /
{
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_set_header Accept-Encoding "";
proxy_pass_header User-Agent;
proxy_pass http://$proxy_add;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}
如果您喜欢本站,点击这儿可以捐赠本站
这些信息可能会帮助到你: 联系作者 | 报毒说明
修改版本软件,加群提示等均为修改者自留,非本站信息,注意鉴别
这些信息可能会帮助到你: 联系作者 | 报毒说明
修改版本软件,加群提示等均为修改者自留,非本站信息,注意鉴别
评论(0)