Location 匹配规则
location [=|~|~*|^~] /uri/ { … }
|
模式 |
含义 |
location = /uri |
= 表示精确匹配,只有完全匹配上才能生效 |
location ^~ /uri |
^~ 开头对URL路径进行前缀匹配,并且在正则之前。 |
location ~ pattern |
开头表示区分大小写的正则匹配 |
location ~* pattern |
开头表示不区分大小写的正则匹配 |
location /uri |
不带任何修饰符,也表示前缀匹配,但是在正则匹配之后 |
location / |
通用匹配,任何未匹配到其它location的请求都会匹配到,相当于switch中的default |
前缀匹配时,Nginx 不对 url 做编码,因此请求为 /static/20%/aa,可以被规则^~ /static/ /aa匹配到(注意是空格)
多个 location 配置的情况下匹配顺序为:
- 首先精确匹配 =
- 其次前缀匹配 ^~
- 其次是按文件中顺序的正则匹配
- 然后匹配不带任何修饰的前缀匹配。
- 最后是交给 / 通用匹配
当有匹配成功时候,停止匹配,按当前匹配规则处理请求
注意:前缀匹配,如果有包含关系时,按最大匹配原则进行匹配。比如在前缀匹配:location /dir01与location /dir01/dir02,如有请求http://localhost/dir01/dir02/file 将最终匹配到location /dir01/dir02
例子,有如下匹配规则:
location = / { echo "规则A"; } location = /login { echo "规则B"; } location ^~ /static/ { echo "规则C"; } location ^~ /static/files { echo "规则X"; } location ~ \.(gif|jpg|png|js|css)$ { echo "规则D"; } location ~* \.png$ { echo "规则E"; } location /img { echo "规则Y"; } location / { echo "规则F"; }
|
那么产生的效果如下:
所以实际使用中,笔者觉得至少有三个匹配规则定义,如下:
location = / { proxy_pass http://tomcat:8080/index }
location ^~ /static/ { root /webroot/static/; } location ~* \.(gif|jpg|jpeg|png|css|js|ico)$ { root /webroot/res/; }
location / { proxy_pass http://tomcat:8080/ }
|
rewrite 语法
- last – 基本上都用这个 Flag
- break – 中止 Rewirte,不再继续匹配
- redirect – 返回临时重定向的 HTTP 状态 302
- permanent – 返回永久重定向的 HTTP 状态 301
- 下面是可以用来判断的表达式:
-f 和 !-f 用来判断是否存在文件 -d 和 !-d 用来判断是否存在目录 -e 和 !-e 用来判断是否存在文件或目录 -x 和 !-x 用来判断文件是否可执行
|
- 下面是可以用作判断的全局变量
例:http: $host:localhost $server_port:88 $request_uri:/test1/test2/test.php?k=v $document_uri:/test1/test2/test.php $document_root:D:\nginx/html $request_filename:D:\nginx/html/test1/test2/test.php
|
redirect 语法
server { listen 80; server_name www.zeze.info; index index.html index.php; root html; if ($http_host !~ "^star\.igrow\.cn$") { rewrite ^(.*) http://star.igrow.cn$1 redirect; } }
|
防盗链
location ~* \.(gif|jpg|swf)$ { valid_referers none blocked start.igrow.cn sta.igrow.cn; if ($invalid_referer) { rewrite ^/ http://$host/logo.png; } }
|
根据文件类型设置过期时间
location ~* \.(js|css|jpg|jpeg|gif|png|swf)$ { if (-f $request_filename) { expires 1h; break; } }
|
禁止访问某个目录
location ~* \.(txt|doc)${ root /data/www/wwwroot/linuxtone/test; deny all; }
|
完整demo
upstream appzuul { server 192.168.*.*:18600; server 192.168.*.*:18600; }
server { listen 80; server_name a.cooper.com b.cooper.com; rewrite ^/(.*)$ https://a.cooper.com/$1 permanent; }
server { listen 443 ssl; server_name a.cooper.com b.cooper.com; root /opt/web_html/auth.100credit.com; index login index.html index.htm login.html applicationMasterPage.html;
ssl_certificate /opt/nginx-1.4.7/conf/ssl/100credit.com.crt; ssl_certificate_key /opt/nginx-1.4.7/conf/ssl/100credit.com.key;
ssl_prefer_server_ciphers on;
ssl_protocols SSLv3 TLSv1; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
access_log logs/a.cooper.com_access.log; error_log logs/a.cooper.com_error.log;
error_page 404 /view/404.html; location ~ /base/{ rewrite ^/base/login\.html / } location ^~ /v/ { rewrite ^/v/(.*)$ /$1 permanent; }
location / { root /opt/web_html/apiservice.100credit.com; index index.html; try_files $uri $uri/ /index.html; }
location ^~ /api/ { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://appzuul; }
location ^~ /zuul/api/ { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://appzuul; }
}
|