为Nginx启用自建CDN

 weihaifei   2017-07-11 22:38   220 人阅读  0 条评论

具体文章详细配置不在赘述以下文章可供参考

NGINX 缓存使用官方指南 <- 推荐

Nginx + Tomcat + Ngx_cache_purge 实现高效反向代理

利用nginx做本地缓存或CDN加速

其中,因为我的情况是源站和CDN使用域名完全相同,所以在DNS和Hosts文件上做了一些变动

国内,国外同域名指向不同地址

CDN服务器上Hosts文件写死域名对应IP

在此附上CDN节点Nginx配置

CDN节点Nginx配置

server
{
listen 443 ssl http2 fastopen=3  reuseport;
server_name blog.gxlrx.net;



 ssl on;
         ssl_certificate fullchain.pem;
         ssl_certificate_key privkey.pem;
         ssl_dhparam /usr/local/nginx/conf/dhparam.pem;
 ssl_session_cache shared:SSL:10m;
 ssl_session_cache shared:ssl_session_cache:10m;
 ssl_session_timeout 5m;
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_prefer_server_ciphers on;
 ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
  ssl_stapling on;
  ssl_stapling_verify on;
 add_header X-Frame-Options "DENY";
 add_header X-Content-Type-Options nosniff;
 add_header X-XSS-Protection "1; mode=block";
 add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
 add_header Public-Key-Pins 'pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg="; pin-sha256="Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys="; max-age=2592000; includeSubDomains';
         resolver 223.5.5.5 223.6.6.6 valid=300s;
         resolver_timeout 5s;


if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php
                         |sitemap(_index)?.xml") {
           set $skip_cache 1;
}   #匹配到这些目录不进行缓存

if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass
        |wordpress_no_cache|wordpress_logged_in") {
 set $skip_cache 1;
}#匹配到登录用户评论用户不进行缓存

location / {
proxy_cache cache_one;
proxy_cache_valid 200 304 3d;
proxy_cache_key $host$uri$is_args$args;
add_header  Nginx-Cache "$upstream_cache_status";
proxy_pass https://blog.gxlrx.net/;#此处用域名和CDN节点server_name一致 不过因在hosts文件里写死域名对应IP 所以实际上这两处域名并不相等
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
expires 10d;
access_log /home/wwwlogs/cache.log;
}

location ~* ^/wp-content/uploads/.*.(html|htm|shtml|php|js|swf)$ {
    deny all;
}
}
server
{
listen 443 ssl http2 fastopen=3  reuseport;
server_name blog.gxlrx.net;
 
 
 
ssl on;
         ssl_certificate fullchain.pem;
         ssl_certificate_key privkey.pem;
         ssl_dhparam /usr/local/nginx/conf/dhparam.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_cache shared:ssl_session_cache:10m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
ssl_stapling on;
ssl_stapling_verify on;
add_header X-Frame-Options "DENY";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header Public-Key-Pins 'pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg="; pin-sha256="Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys="; max-age=2592000; includeSubDomains';
         resolver 223.5.5.5 223.6.6.6 valid=300s;
         resolver_timeout 5s;
 
 
if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php
                         |sitemap(_index)?.xml") {
           set $skip_cache 1;
}   #匹配到这些目录不进行缓存
 
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass
        |wordpress_no_cache|wordpress_logged_in") {
set $skip_cache 1;
}#匹配到登录用户评论用户不进行缓存
 
location / {
proxy_cache cache_one;
proxy_cache_valid 200 304 3d;
proxy_cache_key $host$uri$is_args$args;
add_header  Nginx-Cache "$upstream_cache_status";
proxy_pass https://blog.gxlrx.net/;#此处用域名和CDN节点server_name一致 不过因在hosts文件里写死域名对应IP 所以实际上这两处域名并不相等
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
expires 10d;
access_log /home/wwwlogs/cache.log;
}
 
location ~* ^/wp-content/uploads/.*.(html|htm|shtml|php|js|swf)$ {
     deny all;
}
}

   


配置完成后重启nginx,打开浏览器观察


Nginx-cache字段已提示命中.访问速度快了不少.

以上.


本文地址:https://www.viponevip.com/post/8.html
版权声明:本文为原创文章,版权归 weihaifei 所有,欢迎分享本文,转载请保留出处!

评论已关闭!