Nginx 配置 Google Fonts、Ajax 和 Gravatar 反向代理教程

废话不多说,直接很暴力的贴上配置文件,不懂的自己琢磨吧。因为都是静态文件,没啥问题的话可以加入 Nginx 缓存

[cc lang=”php”]
mkdir -p /var/cache/nginx/cache
mkdir -p /var/cache/nginx/temp
[/cc]
修改 nginx 配置文件,加入
[cc lang=”php”]
##
# Nginx Cache Settings
##

proxy_temp_file_write_size 128k;
proxy_temp_path /var/cache/nginx/temp;
proxy_cache_path /var/cache/nginx/cache levels=1:2 keys_zone=cache_one:50m inactive=7d max_size=5g;
[/cc]

以下是分别的配置文件

google-ajax.conf

[cc lang=”php”]
upstream googleajax {
server ajax.googleapis.com:443;
}

server {
listen 80;

server_name ajax.css.network;

resolver 8.8.8.8;

location / {
proxy_pass_header Server;
proxy_set_header Host ajax.googleapis.com;
proxy_set_header Accept-Encoding ”;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass https://googleajax;
proxy_cache cache_one;
proxy_cache_valid 200 304 365d;
proxy_cache_key $host$uri$is_args$args;
expires max;
}
}

server {
listen 443 ssl spdy;

ssl on;
ssl_certificate /root/ssl/css.crt;
ssl_certificate_key /root/ssl/css.key;

ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers “EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4″;
keepalive_timeout 70;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;

server_name ajax.css.network;

resolver 8.8.8.8;

location / {
proxy_pass_header Server;
proxy_set_header Host ajax.googleapis.com;
proxy_set_header Accept-Encoding ”;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass https://googleajax;
proxy_cache cache_one;
proxy_cache_valid 200 304 365d;
proxy_cache_key $host$uri$is_args$args;
expires max;
}
}
[/cc]

google-fonts.conf

[cc lang=”php”]
upstream google {
server fonts.googleapis.com:443;
}

upstream gstatic {
server fonts.gstatic.com:443;
}

server {
listen 80;

server_name fonts.css.network;

resolver 8.8.8.8;

location /css {
sub_filter ‘fonts.gstatic.com’ ‘fonts.css.network’;
sub_filter_once off;
sub_filter_types text/css;
proxy_pass_header Server;
proxy_set_header Host fonts.googleapis.com;
proxy_set_header Accept-Encoding ”;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass https://google;
proxy_cache cache_one;
proxy_cache_valid 200 304 365d;
proxy_cache_key $host$uri$is_args$args;
expires max;
}

location /icon {
sub_filter ‘fonts.gstatic.com’ ‘fonts.css.network’;
sub_filter_once off;
sub_filter_types text/css;
proxy_pass_header Server;
proxy_set_header Host fonts.googleapis.com;
proxy_set_header Accept-Encoding ”;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass https://google;
proxy_cache cache_one;
proxy_cache_valid 200 304 365d;
proxy_cache_key $host$uri$is_args$args;
expires max;
}

location / {
proxy_pass_header Server;
proxy_set_header Host fonts.gstatic.com;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass http://gstatic;
proxy_cache cache_one;
proxy_cache_valid 200 304 365d;
proxy_cache_key $host$uri$is_args$args;
expires max;
}
}

server {
listen 443 ssl spdy;

ssl on;
ssl_certificate /root/ssl/css.crt;
ssl_certificate_key /root/ssl/css.key;

ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers “EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4″;
keepalive_timeout 70;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;

server_name fonts.css.network;

resolver 8.8.8.8;

location /css {
sub_filter ‘fonts.gstatic.com’ ‘fonts.css.network’;
sub_filter_once off;
sub_filter_types text/css;
proxy_pass_header Server;
proxy_set_header Host fonts.googleapis.com;
proxy_set_header Accept-Encoding ”;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass https://google;
proxy_cache cache_one;
proxy_cache_valid 200 304 365d;
proxy_cache_key $host$uri$is_args$args;
expires max;
}

location /icon {
sub_filter ‘fonts.gstatic.com’ ‘fonts.css.network’;
sub_filter_once off;
sub_filter_types text/css;
proxy_pass_header Server;
proxy_set_header Host fonts.googleapis.com;
proxy_set_header Accept-Encoding ”;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass https://google;
proxy_cache cache_one;
proxy_cache_valid 200 304 365d;
proxy_cache_key $host$uri$is_args$args;
expires max;
}

location / {
proxy_pass_header Server;
proxy_set_header Host fonts.gstatic.com;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass https://gstatic;
proxy_cache cache_one;
proxy_cache_valid 200 304 365d;
proxy_cache_key $host$uri$is_args$args;
expires max;
}
}
[/cc]

gravatar.conf

[cc lang=”php”]
upstream gravatar {
server secure.gravatar.com:443;
}

server {
listen 80;

server_name gravatar.css.network;

resolver 8.8.8.8;

location / {
proxy_pass_header Server;
proxy_set_header Host secure.gravatar.com;
proxy_set_header Accept-Encoding ”;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass https://gravatar;
proxy_cache cache_one;
proxy_cache_valid 200 304 365d;
proxy_cache_key $host$uri$is_args$args;
expires max;
}
}

server {
listen 443 ssl spdy;

ssl on;
ssl_certificate /root/ssl/css.crt; #改为自己的SSL证书位置
ssl_certificate_key /root/ssl/css.key; #改为自己的SSL私钥位置

ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers “EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4″;
keepalive_timeout 70;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;

server_name gravatar.css.network;

resolver 8.8.8.8;

location / {
proxy_pass_header Server;
proxy_set_header Host secure.gravatar.com;
proxy_set_header Accept-Encoding ”;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass https://gravatar;
proxy_cache cache_one;
proxy_cache_valid 200 304 365d;
proxy_cache_key $host$uri$is_args$args;
expires max;
}
}
[/cc]

原创文章,作者:老D,如若转载,请注明出处:https://laod.cn/code-audit/nginx-google-fonts-ajax-gravatar-reverse-proxy.html

(0)
上一篇 2016-01-30 23:26
下一篇 2016-01-31 15:53

相关推荐

发表回复

登录后才能评论

评论列表(3条)

  • 的的
    的的 2017-05-18 10:33

    不是老司机看不懂有啥用途

  • xxx
    xxx 2016-02-04 16:32

    ??????????????????????[神马]

  • 78
    78 2016-02-02 12:32

    怎么用?