preface

Powerful functions in nginx, such as rewrite and proxy_pass is inseparable from his matching rules. Understand nginx and learn advanced nginx usage. You must know all kinds of matching priorities and matching syntax

1, nginx location

1. Syntax rules and priorities

location [=|~|~*|!~|!~*|^~] /uri/ {

  ...

} 

  =     >   ^~   >   ~|~*|!~|!*~**    >    /

Exact match > Character start > Regular matching > General distribution

server {

  listen 192.168.93.136;

  root /abcd;

  index  index.html;

location = / { index a.html; }

location ~ / { index b.html; }

location   / { index c.html; }

}

# The test page observes the priority according to the different contents of the page 

2. Matching sequence

In addition to priority, there is a rare way to decide which match to use according to the priority matching order, for example

Figure: forward to different tomcat applications according to different matching, using ~ regular matching

There is a url, such as: http://ip:port/gwaf/report , you can see that the url satisfies two matches at the same time, so is the request forwarded to server2 or server3.

The answer is server2. The matching rules at the same level are the matching rules that are matched first. From the perspective of the configuration file, it is in the order from top to bottom. Here, it is matched to ~ / (console|report), so it is forwarded to server2.

Then there will be a problem. For example, if the url is the interface in the requested server3, it should be forwarded to server3 for processing, but it is forwarded to server2. At this time, nginx will return 404 because server2 cannot process this interface. There are two methods: try to write the ~ / gwaf match in front of the ~ / (console|report) match, let the ~ / gwaf match first and forward it to server3. Or use ^ ~ / gwaf to increase the matching priority by using the beginning matching.

2, nginx rewrite

rewrite redirects the url visited by the user to a new url

Let's take a look at several rewrite matching cases

Case 1: rewrite url to jump

When visiting http://192.168.93.136/aaa/a/1.html Redirect to http://192.168.93.136/ccc/bbb/1.html

mkdir -p /usr/share/nginx/html/ccc/bbb

mkdir -p /usr/share/nginx/html/aaa/a

vim /usr/share/nginx/html/aaa/a/1.html

vim /usr/share/nginx/html/ccc/bbb/1.html

vim /etc/nginx/conf.d/default.conf

  location /aaa {

    rewrite .* /ccc/bbb/1.html permanent;   # If the url contains / aaa, it will be redirected to / ccc/bbb/1.html

    }

Test page http://192.168.100.10/aaa/a/1.html the url accessed contains the "/ AAA" field

permanent parameter:

If permanent is used, the new url and new web content will be displayed directly. If it is not used, the original url will be displayed, but the page content will still be displayed after forwarding.

Whether the following matching methods are feasible:

location  = /aaa   http://192.168.100.10/aaa/123.html is it feasible

infeasible. Because you need an exact match

location ~ /aaa   http://192.168.100.10/aaa/123.html is it feasible

Feasible. Because partial matching is enough

location ^~ /aaa   http://192.168.100.10/aaa/123.html is it feasible

Feasible. Because partial matching is enough

Case 2: using regular in rewrite

take http://192.168.93.136/2017/a/1.html change http://192.168.93.136/2018/a/2.html

mkdir -p 2018/a/

echo '2018' 2018/a/1.html

mkdir -p 2019/a

echo '2019' 2019/a/2.html

vim /etc/nginx/conf.d/default.conf

  location /2018{

    rewrite ^/2018/(.*)$ /2019/$1 permanent; # $1 refers to the content in the previous (), which is the same as the regular shell

    }

    Access test http://192.168.93.136/2018/a/1.html

Case 3: hostname redirection

take http://liang.com change http://kong.com

vim /etc/nginx/conf.d/default.conf

  if ( $host ~* liang.com ) { # $host nginx built in variable

  rewrite .*  http://kong.com permanent;

  }

  Access test access liang.com

Case 4: domain name redirection

take http://web.liang.com/a/1.html Replace with http://kong.com/a/1.html

Establish two virtual hosts for domain name resolution, and create the home page content of the two hosts

echo 'web.liang' >a/1.html

echo 'kong' >a/1.html

if ( $host ~* liang.com ) {

  rewrite .* http://kong.com$request_uri permanent;

  }

  Access test web.liang.com/a/1.html

Case 5: php website login jump

http://www.liang.com/login/liang.html Turn into http://www.liang.com/reg/login.php?user=liang

location /login {

  rewrite ^/login/(.*)\.html$ /reg/login.php?user=$1;

}

Case 6: http://alice.liang.com ==> http://www.liang.com/alice

http://jack.liang.com ==> http://www.liang.com/jack

if ($host ~* "^www.liang.com$") {

  break;        # Jump out match

}

  if ($host ~* "^(.*)\.liang\.com$" ) {

    set $user $1;       # set variable

    rewrite .* http://www.liang.com/$user permanent;

}

mkdir /usr/share/nginx/html/{jack,alice}

echo "jack" > /usr/share/nginx/html/jack/index.html

echo "alice" > /usr/share/nginx/html/alice/index.html

Case 7: 403 operation rejection error is returned for the accessed. sh end file

location ~* \.sh$ {

  return 403;

  #return 301 http://www.liang.com;

}

Case 8: http to https conversion

(1) Virtual machine purchases domain name and applies for CA certificate

(2) Download the CA certificate and unzip the certificate

(3) Open 443 server in the configuration file

server {

  listen       443;

  server_name  web.xxxx.com;     # domain name

  ssl  on;

  ssl_certificate         /etc/pki/tls/certs/server.crt;

  ssl_certificate_key  /etc/pki/tls/certs/server.key;  # Specify the path where the certificate is stored

  ssl_session_timeout  5m;

  ssl_protocols  SSLv2 SSLv3 TLSv1;

  ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;       # The password is specified in a format supported by OpenSSL

  ssl_prefer_server_ciphers   on;

  location / {

    root   /liang/html;

    index  index.html index.htm;

      }

  }

(4) Startup certificate

server {

  listen      8080;

  server_name  domain name;

  return     301  https://Domain name $request_uri;

}

(5) Access http and automatically go to https

Case 9: last, break, redirect, permanent Tags

mkdir /usr/share/nginx/html/test 

echo 'break' > /usr/share/nginx/html/test/break.html

echo 'last' > /usr/share/nginx/html/test/last.html

echo 'test' > /usr/share/nginx/html/test/test.html

server {

  listen 80;

  server_name 192.168.93.136;

  location / {

    root /usr/share/nginx/html;

    index index.html index.php;

  }

  location /break {

    rewrite .* /test/break.html break;

    root /usr/share/nginx/html;

  }

  location /last {

    rewrite .* /test/last.html last;

    root /usr/share/nginx/html;

  }

  location /test {

    rewrite .* /test/test.html break;

    root /usr/share/nginx/html;

  }

}

Access test http://192.168.93.136/break visit the original site

Access test http://192.168.93.136/last automatically jump to the next station