我将nginx 1.10.3用于几个虚拟Web服务器。他们中的大多数具有相同的配置,似乎很简单(将非www重定向到www并将http重定向到https)但我仍然为每个配置提供超过100行代码。有没有办法干这个?例如每次都不重复记录路径,只是一次?
这不是世界上最大的问题,但我想清理它并且不知道如何。
以下是我为每个虚拟服务器使用的配置:
# Virtual Host configuration for www.company.com
#
server {
listen 80;
server_name www.company.com;
access_log /var/log/nginx/www.company.com-access.log;
error_log /var/log/nginx/www.company.com-error.log;
root /var/www/www.company.com/current;
index index.html index.htm;
# Let's Encrypt Challenge
location ~ /.well-known {
allow all;
root /var/www/letsencrypt;
}
location / {
rewrite ^/(.*)$ https://www.company.com/$1 permanent;
rewrite ^/$ https://www.company.com/ permanent;
}
}
server {
listen 80;
server_name company.com;
access_log /var/log/nginx/www.company.com-access.log;
error_log /var/log/nginx/www.company.com-error.log;
root /var/www/www.company.com/current;
index index.html index.htm;
# Let's Encrypt Challenge
location ~ /.well-known {
allow all;
root /var/www/letsencrypt;
}
location / {
rewrite ^/(.*)$ https://company.com/$1 permanent;
rewrite ^/$ https://company.com/ permanent;
}
}
server {
listen 443 ssl http2;
server_name company.com;
access_log /var/log/nginx/www.company.com-access.log;
error_log /var/log/nginx/www.company.com-error.log;
# Letsencrypt SSL certificate
ssl_certificate /etc/letsencrypt/live/www.company.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.company.com/privkey.pem;
# Connection credentials caching
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 180m;
# Strict Transport Security
# => Tell the client to remember that this is a https site
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
root /var/www/www.company.com/current;
index index.html index.htm;
location / {
rewrite ^/(.*)$ https://www.company.com/$1 permanent;
rewrite ^/$ https://www.company.com/ permanent;
}
}
server {
listen 443 ssl http2;
server_name www.company.com;
access_log /var/log/nginx/www.company.com-access.log;
error_log /var/log/nginx/www.company.com-error.log;
# Letsencrypt SSL certificate
ssl_certificate /etc/letsencrypt/live/www.company.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.company.com/privkey.pem;
# Connection credentials caching
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 180m;
# Strict Transport Security
# => Tell the client to remember that this is a https site
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
root /var/www/www.company.com/current;
index index.html index.htm;
location / {
expires 7d;
add_header Cache-Control public;
try_files $uri $uri/ =404;
}
}
答案 0 :(得分:1)
您无法在config中使用变量的NGINX FAQ文档。
问:有没有一种正确的方法可以使用nginx变量来缩短配置的各个部分,将它们用作宏来使部分配置工作为模板?答:变量不应该用作模板宏。在处理每个请求期间,在运行时评估变量,因此与普通静态配置相比,它们相当昂贵。使用变量存储静态字符串也是一个坏主意。相反,应该使用宏扩展和“包含”指令来更容易地生成配置,并且可以使用外部工具来完成,例如, sed + make或任何其他常见的模板机制。
这意味着你需要使用像conf.d甚至bash脚本这样的模板生成器来自动生成这些配置。使用bash意味着您需要将每个$转义为\$。以下是使用bash的示例方法
# Virtual Host configuration for www.${SITE}
#
server {
listen 80;
server_name www.${SITE};
access_log /var/log/nginx/www.${SITE}-access.log;
error_log /var/log/nginx/www.${SITE}-error.log;
root /var/www/www.${SITE}/current;
index index.html index.htm;
# Let's Encrypt Challenge
location ~ /.well-known {
allow all;
root /var/www/letsencrypt;
}
location / {
rewrite ^/(.*)\$ https://www.${SITE}/\$1 permanent;
rewrite ^/\$ https://www.${SITE}/ permanent;
}
}
server {
listen 80;
server_name company.com;
access_log /var/log/nginx/www.${SITE}-access.log;
error_log /var/log/nginx/www.${SITE}-error.log;
root /var/www/www.${SITE}/current;
index index.html index.htm;
# Let's Encrypt Challenge
location ~ /.well-known {
allow all;
root /var/www/letsencrypt;
}
location / {
rewrite ^/(.*)\$ https://${SITE}/\$1 permanent;
rewrite ^/\$ https://${SITE}/ permanent;
}
}
#!/bin/bash
generate_site_config() {
echo generating config for $1 in $1.conf
IN=site.template
OUT=$1.conf
SITE=$1 eval "cat <<EOF
$(cat $IN)
EOF" > $OUT
}
generate_site_config $1
然后生成如下所示的配置
$ sh site.sh tarunlalwani.com
generating config for tarunlalwani.com in tarunlalwani.com.conf
生成配置如下所示
# Virtual Host configuration for www.tarunlalwani.com
#
server {
listen 80;
server_name www.tarunlalwani.com;
access_log /var/log/nginx/www.tarunlalwani.com-access.log;
error_log /var/log/nginx/www.tarunlalwani.com-error.log;
root /var/www/www.tarunlalwani.com/current;
index index.html index.htm;
# Let's Encrypt Challenge
location ~ /.well-known {
allow all;
root /var/www/letsencrypt;
}
location / {
rewrite ^/(.*)$ https://www.tarunlalwani.com/$1 permanent;
rewrite ^/$ https://www.tarunlalwani.com/ permanent;
}
}
server {
listen 80;
server_name company.com;
access_log /var/log/nginx/www.tarunlalwani.com-access.log;
error_log /var/log/nginx/www.tarunlalwani.com-error.log;
root /var/www/www.tarunlalwani.com/current;
index index.html index.htm;
# Let's Encrypt Challenge
location ~ /.well-known {
allow all;
root /var/www/letsencrypt;
}
location / {
rewrite ^/(.*)$ https://tarunlalwani.com/$1 permanent;
rewrite ^/$ https://tarunlalwani.com/ permanent;
}
}