首页 > web服务 > nginx > Nginx 配置 Google Fonts、Ajax 和 Gravatar 反向代理教程
2016
03-21

Nginx 配置 Google Fonts、Ajax 和 Gravatar 反向代理教程

废话不多说,直接很暴力的贴上配置文件,不懂的自己琢磨吧。因为都是静态文件,没啥问题的话可以加入 Nginx 缓存

mkdir -p /var/cache/nginx/cache
mkdir -p /var/cache/nginx/temp

Nginx 配置 Google Fonts、Ajax 和 Gravatar 反向代理教程 - 第1张  | 大博辞
修改 nginx 配置文件,加入

 ##
        # Nginx Cache Settings
        ##

        proxy_temp_file_write_size 128k;
        proxy_temp_path   /var/cache/nginx/temp;
        proxy_cache_path  /var/cache/nginx/cache levels=1:2 keys_zone=cache_one:50m inactive=7d max_size=5g;

以下是分别的配置文件

google-ajax.conf

upstream googleajax {
    server ajax.googleapis.com:443;
}

server {
    listen 80;

    server_name ajax.css.network;

    resolver 8.8.8.8;

    location / {
        proxy_pass_header Server;
        proxy_set_header Host ajax.googleapis.com;
        proxy_set_header Accept-Encoding '';
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_pass https://googleajax;
        proxy_cache cache_one;
        proxy_cache_valid  200 304 365d;
        proxy_cache_key $host$uri$is_args$args;
        expires max;
    }
}

server {
    listen 443 ssl spdy;

    ssl on;
    ssl_certificate /root/ssl/css.crt;
    ssl_certificate_key /root/ssl/css.key;

    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
    keepalive_timeout 70;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m; 

    server_name ajax.css.network;

    resolver 8.8.8.8;

    location / {
        proxy_pass_header Server;
        proxy_set_header Host ajax.googleapis.com;
        proxy_set_header Accept-Encoding '';
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_pass https://googleajax;
        proxy_cache cache_one;
        proxy_cache_valid  200 304 365d;
        proxy_cache_key $host$uri$is_args$args;
        expires max;
    }
}

google-fontfs.conf

upstream google {
    server fonts.googleapis.com:443;
}

upstream gstatic {
    server fonts.gstatic.com:443;
}

server {
    listen 80;

    server_name fonts.css.network;

    resolver 8.8.8.8;

    location /css {
        sub_filter 'fonts.gstatic.com' 'fonts.css.network';
        sub_filter_once off;
        sub_filter_types text/css;
        proxy_pass_header Server;
        proxy_set_header Host fonts.googleapis.com;
        proxy_set_header Accept-Encoding '';
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_pass https://google;
        proxy_cache cache_one;
        proxy_cache_valid  200 304 365d;
        proxy_cache_key $host$uri$is_args$args;
        expires max;
    }

    location /icon {
        sub_filter 'fonts.gstatic.com' 'fonts.css.network';
        sub_filter_once off;
        sub_filter_types text/css;
        proxy_pass_header Server;
        proxy_set_header Host fonts.googleapis.com;
        proxy_set_header Accept-Encoding '';
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_pass https://google;
        proxy_cache cache_one;
        proxy_cache_valid  200 304 365d;
        proxy_cache_key $host$uri$is_args$args;
        expires max;
    }

    location / {
        proxy_pass_header Server;
        proxy_set_header Host fonts.gstatic.com;
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_pass http://gstatic;
        proxy_cache cache_one;
        proxy_cache_valid  200 304 365d;
        proxy_cache_key $host$uri$is_args$args;
        expires max;
    }
}

server {
    listen 443 ssl spdy;

    ssl on;
    ssl_certificate /root/ssl/css.crt;
    ssl_certificate_key /root/ssl/css.key;

    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
    keepalive_timeout 70;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m; 

    server_name fonts.css.network;

    resolver 8.8.8.8;

    location /css {
        sub_filter 'fonts.gstatic.com' 'fonts.css.network'; 
        sub_filter_once off;
        sub_filter_types text/css;
        proxy_pass_header Server;
        proxy_set_header Host fonts.googleapis.com;
        proxy_set_header Accept-Encoding '';
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_pass https://google;
        proxy_cache cache_one;
        proxy_cache_valid  200 304 365d;
        proxy_cache_key $host$uri$is_args$args;
        expires max;
    }

    location /icon {
        sub_filter 'fonts.gstatic.com' 'fonts.css.network'; 
        sub_filter_once off;
        sub_filter_types text/css;
        proxy_pass_header Server;
        proxy_set_header Host fonts.googleapis.com;
        proxy_set_header Accept-Encoding '';
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_pass https://google;
        proxy_cache cache_one;
        proxy_cache_valid  200 304 365d;
        proxy_cache_key $host$uri$is_args$args;
        expires max;
    }

    location / {
        proxy_pass_header Server;
        proxy_set_header Host fonts.gstatic.com;
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_pass https://gstatic;
        proxy_cache cache_one;
        proxy_cache_valid  200 304 365d;
        proxy_cache_key $host$uri$is_args$args;
        expires max;
    }
}

gravatar.conf

upstream gravatar {
    server secure.gravatar.com:443;
}

server {
    listen 80;

    server_name gravatar.css.network;

    resolver 8.8.8.8;

    location / {
        proxy_pass_header Server;
        proxy_set_header Host secure.gravatar.com;
        proxy_set_header Accept-Encoding '';
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_pass https://gravatar;
        proxy_cache cache_one;
        proxy_cache_valid  200 304 365d;
        proxy_cache_key $host$uri$is_args$args;
        expires max;
    }
}

server {
    listen 443 ssl spdy;

    ssl on;
    ssl_certificate /root/ssl/css.crt; #改为自己的SSL证书位置
    ssl_certificate_key /root/ssl/css.key; #改为自己的SSL私钥位置

    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
    keepalive_timeout 70;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m; 

    server_name gravatar.css.network;

    resolver 8.8.8.8;

    location / {
        proxy_pass_header Server;
        proxy_set_header Host secure.gravatar.com;
        proxy_set_header Accept-Encoding '';
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_pass https://gravatar;
        proxy_cache cache_one;
        proxy_cache_valid  200 304 365d;
        proxy_cache_key $host$uri$is_args$args;
        expires max;
    }
}
最后编辑:
作者:admin

留下一个回复