1. 隐藏版本号
1
2
3
4
http {
    # 隐藏版本号
	server_tokens off;
}

curl -I 你的网站看看就没有了版本号了

  1. 设置上传大小
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
server {
    listen       80;
    server_name  localhost;
    #charset koi8-r;
 
    # client_max_body_size 用来修改允许客户端上传文件的大小。默认为1m,如果设置为0,表示上传文件大小不受限制。
    # 可以在以下模块设置: http, server, location 
    client_max_body_size 1024m;
 
    # 访问 / 网站跟目录返回的内容
    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }
    
    ...
}

  1. 代理后端下载大文件504 网关超时 504 gateway timeout

    1
    2
    3
    4
    5
    location /xx {
    	proxy_connect_timeout 600s;
        proxy_send_timeout 600s;
        proxy_read_timeout 600s;
     }

  2. 代理websock

    1
    2
    3
    4
    5
    6
    location /websocket {
            proxy_pass http://backend;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
        }

  3. 获取真实ip

    1
    2
    3
    4
    5
    6
    location /websocket {
        proxy_set_header Host $http_host;
    	proxy_set_header X-Real-IP $remote_addr;
    	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    	proxy_set_header X-Forwarded-Proto $scheme;
    }

  4. 漏扫出现问题

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    location /mp/ {
               proxy_pass http://192.168.60.162:8060/;
               proxy_set_header Host $http_host;
               proxy_set_header X-Real-IP $remote_addr;
               proxy_set_header REMOTE-HOST $remote_addr;
               proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           }
            # 漏扫出现问题
           add_header X-Content-Type-Options nosniff;
           add_header 'Referrer-Policy' 'origin';
           add_header X-Download-Options "noopen" always;
           add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
           add_header X-Permitted-Cross-Domain-Policies  "master-only";
           add_header X-Frame-Options SAMEORIGIN;
           #add_header Content-Security-Policy "default-src 'self' at.alicdn.com cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval' blob: data: ;"
           add_header Content-Security-Policy "default-src 'self' *.alicdn.com *.cloudflare.com 'unsafe-inline' 'unsafe-eval' blob: data: ;";
           add_header X-Content-Type-Options: nosniff;
           add_header X-XSS-Protection "1; mode=block";
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
location /xxx/ {
		#  大文件 gateway超时问题
		proxy_connect_timeout 600s;
		proxy_read_timeout 600s;
		proxy_send_timeout 600s;
		# 代理websocket
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
		# 真实ip
		proxy_set_header Host $host;
		proxy_set_header X-real-ip $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto $scheme;
		# 反向代理java 服务
		proxy_pass http://www.xxx.com/;
		
	}