Nginx配置文件的include
在配置 NGINX反向代理https 时发现,其实很多段落的配置文件时重复的片段,特别是结合 Nginx virtual host配置 时,不少配置项其实时不同片段的组合。这就类似于 Shell 编程中的 source 指令,可以将共同的代码片段包含进来。
我拆解修订了 NGINX反向代理https 配置,来构建:
将所有共同的配置部分拆解成片段,按照目录树的方式分别存放到
/etc/nginx/includes目录下按照功能分子目录,例如
ssl子目录存放TLS/SSL相关配置片段;proxy子目录存放 Nginx反向代理
实践案例
公网对外Nginx反向代理服务器
tree输出配置文件列表:
tree 输出配置文件列表.
├── conf.d
│ └── cloud-atlas.io.conf
├── includes
│ ├── proxy
│ │ └── proxy_set.conf
│ ├── server_name.conf
│ └── ssl
│ └── ssl_set.conf
/etc/nginx/conf.d/cloud-atlas.io.conf:
/etc/nginx/conf.d/cloud-atlas.io.confserver {
include /etc/nginx/includes/server_name.conf;
location / {
proxy_pass http://127.0.0.1:24180;
include /etc/nginx/includes/proxy/proxy_set.conf;
}
include /etc/nginx/includes/ssl/ssl_set.conf;
}
server {
# 所有HTTP访问全部重定向到HTTPS
if ($host = *.cloud-atlas.io) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = cloud-atlas.io) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
include /etc/nginx/includes/server_name.conf;
return 404; # managed by Certbot
}
/etc/nginx/includes/server_name.conf:
/etc/nginx/include/server_name.conf # 第一个主机名是canonical,后面的主机名是alias
server_name cloud-atlas.io www.cloud-atlas.io docs.cloud-atlas.io;
/etc/nginx/includes/proxy/proxy_set.conf:
/etc/nginx/include/proxy/proxy_set.conf proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header Connection "";
/etc/nginx/includes/ssl/ssl_set.conf:
/etc/nginx/include/ssl/ssl_set.conf listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/cloud-atlas.io/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/cloud-atlas.io/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
备注
将上述配置从 cloud-atlas.io.conf 作为起点(类似于程序的 main() ),将不同的配置片段 include 进来,就可以看出整个配置的原貌。
后端Nginx配置
tree输出配置文件列表:
tree 输出后端Nginx配置文件列表.
├── conf.d
│ └── cloud-atlas.io.conf
├── includes
│ └── server.conf
后端Nginx配置
/etc/nginx/conf.d/cloud-atlas.io.conf:
后端Nginx配置
/etc/nginx/conf.d/cloud-atlas.io.confserver {
include /etc/nginx/includes/server.conf;
server_name cloud-atlas.io www.cloud-atlas.io;
root /var/web/cloud-atlas.io/www;
}
server {
include /etc/nginx/includes/server.conf;
server_name docs.cloud-atlas.io;
root /var/web/cloud-atlas.io/docs;
}
后端Nginx配置
/etc/nginx/includes/server.conf:
后端Nginx配置
/etc/nginx/includes/server.conf listen 80;
listen [::]:80;
index index.html;
location / {
try_files $uri $uri/ =404;
}