四、Nginx反向绑定域名:subs_filter优化请求和解决Google验证码问题
1、上面我们已经将ngx_http_substitutions_filter_module模块编译进入到了Nginx,这个模块主要是为了将网页中的所请求都转发自己的服务器。
2、在location 中加入以下代码,类似:
- location / {
- proxy_redirect off;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto https;
- proxy_pass https://www.google.com;
- proxy_set_header Host "www.google.com";
- proxy_set_header Accept-Encoding "";
- proxy_set_header User-Agent $http_user_agent;
- subs_filter www.google.com freehao123.com;
- subs_filter ssl.gstatic.com freehao123.com;
- subs_filter_types text/css text/xml text/javascript;
- }
3、单个IP地址如果在短时间内对Google发送大量的IP请求,会被Google判定为机器人,从而出现搜索验证码的情况,为了解决这个问题,我们可以在Http层加入以下代码,类似于:
- upstream google {
- server 74.125.139.1:80 max_fails=3;
- server 74.125.139.2:80 max_fails=3;
- server 74.125.139.3:80 max_fails=3;
- server 74.125.139.4:80 max_fails=3;
- server 74.125.139.5:80 max_fails=3;
- }
- server
- {
- listen 80;
- server_name www.freehao123.com freehao123.com;
- location / { rewrite ^/(.*)$ https://freehao123.com$1 permanent; } }
4、upstream google 写了Google的服务器IP地址,如果请求量非常大的话,建议多写一些。
五、Nginx反向绑定域名:使用Nginx缓存来加速访问请求
1、nginx 自带的 proxy_cache 模块可以实现访问缓存,即第二次访问可以直接从自己的服务器读取相应的数据了,而不需要再来一次中转请求了。
2、先在Http层加入以下代码,类似:
- proxy_cache_path /home/cache/freehao123 levels=1:2 keys_zone=one:10m max_size=10g;
- proxy_cache_key "$host$request_uri";
- server
- {
- listen 80;
- server_name www.freehao123.com freehao123.com;
- location / {
- rewrite ^/(.*)$ https://freehao123.com$1 permanent;
- }
- }
3、proxy_cache_path 是缓存目录路径,你需要提前创建好,并设置好读写权限。
4、接着在location中加入以下代码,类似于:
- location / {
- proxy_cache one;
- proxy_cache_valid 200 302 1h;
- proxy_cache_valid 404 1m;
- proxy_redirect https://www.google.com/ /;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto https;
- proxy_pass https://www.google.com;
- proxy_set_header Host "www.google.com";
- proxy_set_header Accept-Encoding "";
- proxy_set_header User-Agent $http_user_agent;
- }
5、proxy_cache 中的值要与前面的keys_zone值相同。重启Nginx后,可以使用Https访问了。
6、同时打开缓存目录,能看到生成了缓存数据了。
六、Nginx反向绑定域名:解决Google和Gravatar无法访问的问题
1、上面的代码都是基于反向D理Google的,以下就是经部落测试有效的代码,你只需要将域名、upstream IP地址、证书路径、缓存目录等改自己的内容即可:
- http {
- include mime.types;
- default_type application/octet-stream;
- sendfile on;
- proxy_connect_timeout 5;
- proxy_read_timeout 60;
- proxy_send_timeout 5;
- proxy_buffer_size 16k;
- proxy_buffers 4 64k;
- proxy_busy_buffers_size 128k;
- proxy_temp_file_write_size 128k;
- proxy_temp_path /usr/local/src/cache/temp;
- proxy_cache_path /usr/local/src/cache/one levels=1:2 keys_zone=one:10m inactive=7d max_size=10g;
- proxy_cache_key "$host$request_uri";
- upstream google {
- server 64.15.24.122:80 max_fails=3;
- server 92.19.28.214:80 max_fails=3;
- server 64.150.13.60:80 max_fails=3;
- }
- server {
- listen 80;
- server_name www.mmtaoyi.com mmtaoyi.com;
- rewrite ^/(.*)$ https://mmtaoyi.com$1 permanent;
- location / {
- root html;
- index index.html index.htm;
- }
- error_page 500 502 503 504 /50x.html;
- location = /50x.html {
- root html;
- }
- }
- server {
- listen 443;
- server_name www.mmtaoyi.com mmtaoyi.com;
- if ($host = 'www.mmtaoyi.com') {
- rewrite ^/(.*)$ https://mmtaoyi.com$1 permanent;
- }
- ssl on;
- ssl_certificate /usr/local/src/myssl/myssl.crt;
- ssl_certificate_key /usr/local/src/myssl/privkey.key;
- location / {
- proxy_cache one;
- proxy_cache_valid 200 302 1h;
- proxy_cache_valid 404 1m;
- proxy_cache_valid 301 3d;
- proxy_cache_valid any 1m;
- proxy_cache_use_stale invalid_header error timeout http_502;
- proxy_redirect https://www.google.com/ /;
- proxy_cookie_domain google.com mmtaoyi.com;
- proxy_pass https://google;
- proxy_set_header Host "www.google.com";
- proxy_set_header Accept-Encoding "";
- proxy_set_header User-Agent $http_user_agent;
- proxy_set_header Accept-Language "zh-CN";
- proxy_set_header Cookie "PREF=ID=047808f19f6de346:U=0f62f33dd8549d11:FF=2:LD=zh-CN:NW=1:TM=1325338577:LM=1332142444:GM=1:SG=2:S=rE0SyJh2w1IQ-Maw";
- subs_filter_types text/css text/xml text/javascript;
- subs_filter ssl.gstatic.com mmtaoyi.com;
- subs_filter www.google.com mmtaoyi.com ;
- }
- location /gb {
- proxy_pass https://ssl.gstatic.com/gb/;
- proxy_set_header Accept-Encoding "";
- }
- }
- }
(举报)
