config

server_name

server_name對應到網域名稱。

try_file

有關try_file，他會找目錄下的文件，有時寫了 location ，但路由總是只有\可以執行，可以看看是不是try_file沒有刪掉，因為他會優先執行然後沒找到就回傳404，另外可能不經意把自己的源碼給露出了

ex:

try_files $uri $uri/ =404;

https://servers.ustclug.org/2014/09/nginx-try_files-fallacy/

Underscore header

有時我們幫header取名時有_，ex: access__token這時會被nginx預設擋下，我們需加上

underscores_in_headers on;

https://serverfault.com/questions/586970/nginx-is-not-forwarding-a-header-value-when-using-proxy-pass

Web

server {
listen 80;
server_name sakatu.com;
rewrite ^/(.*) https://rent.sakatu.com/$1 permanent;
}
server {
listen 80;
server_name rent.sakatu.com;
rewrite ^/(.*) https://rent.sakatu.com/$1 permanent;
}
server {
listen 80;
server_name www.sakatu.com;
rewrite ^/(.*) https://sakatu.com permanent;
}


server {
server_name rent.sakatu.com;
listen 443;

gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;
include /etc/nginx/mime.types;

 ssl on;
 ssl_certificate /usr/share/nginx/sslcrt/cert.pem;
 ssl_certificate_key /usr/share/nginx/sslcrt/private.key;
location / {
try_files $uri /index.html;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
location /google7d69523ad2a54000.html{
try_files /../../googlesearch/google7d69523ad2a54000.html /test.html;
}
location /sitemap.txt {
try_files /../../sitemap.txt /test.html;
}

}


server {
listen 443;
server_name chat.sakatu.com;
location / {
proxy_pass http://localhost:3005;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;

}

}

API

limit_req_zone $binary_remote_addr zone=req_zone:10m rate=5r/s;
server {
        listen 443;
        server_name api.sakatu.com;
        gzip on;
        ssl on;
        ssl_certificate sites-available/c.pem;
        ssl_certificate_key sites-available/c.key;
        underscores_in_headers on;
        location / {
               limit_req zone=req_zone burst=10 nodelay;
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                proxy_pass http://localhost:3001;
        }
}