使用Nginx反向代理,自建CDN加速节点
1、安装Nginx
Nginx安装方法请参阅:liunx安装Nginx |
2、CDN配置
假如我需要对www.hopeidc.com搭建CDN节点,数据放在192.168.1.100,需要先修改hosts指向,告知CDN节点去哪里去获取网站数据,也就是回源地址,做如下修改:
vi /etc/hosts 192.168.1.100 www.hopeidc.com 然后创建nginx配置文件hopeidc.com.conf。 #创建缓存目录 mkdir -p /usr/local/nginx/caches/www.hopeidc.com #设置缓存目录权限 chown -R www:www /usr/local/nginx/caches/www.hopeidc.com #创建hopeidc.com.conf vi /usr/local/nginx/conf/vhost/hopeidc.com.conf |
在hopeidc.com.conf中添加下面的内容,缓存目录/缓存时间请根据实际情况调整。
proxy_cache_path /usr/local/nginx/caches/www.hopeidc.com levels=1:2 keys_zone=xiaoz:50m inactive=30m max_size=50m; server { listen 80; server_name www.hopeidc.com; charset utf-8,gbk; location / { proxy_set_header Accept-Encoding ""; proxy_pass https://www.hopeidc.com; proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_cache xiaoz; proxy_cache_valid 200 304 30m; proxy_cache_valid 301 24h; proxy_cache_valid 500 502 503 504 0s; proxy_cache_valid any 1s; proxy_cache_min_uses 1; expires 12h; } } |
参数说明:
/usr/local/nginx/caches/www.hopeidc.com:为缓存目录 levels:指定该缓存空间有两层hash目录,第一层目录为1个字母,第二层为2个字母。 keys_zone=xiaoz:50m:为缓存空间起个名字,这里取名为“xiaoz”,后面的50m指内存缓存空间 inactive=30m:如果30分钟内该资源没有被访问则删除 max_size=50m:指硬盘缓存大小为50MB proxy_cache_valid:指定状态码缓存时间,前面写状态码,后面写缓存时间。 |
3. 然后重启Nginx生效
/etc/init.d/nginx reload |
4、Https配置
如果是https网站,配置文件参考:
proxy_cache_path /data/wwwroot/caches/www.hopeidc.com levels=1:2 keys_zone=Rats:50m inactive=30m max_size=50m; server { listen 443 ssl http2; ssl_certificate /home/hopeidc.com.crt; ssl_certificate_key /home/hopeidc.com.key; ssl_session_timeout 1d; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_dhparam /data/ssl/dhparam.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'; ssl_prefer_server_ciphers on; ssl_stapling on; ssl_stapling_verify on; server_name www.hopeidc.com; access_log /data/wwwlogs/hopeidc.com_nginx.log combined; charset utf-8,gbk; location / { proxy_set_header Accept-Encoding ""; proxy_pass https://www.hopeidc.com; proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_cache Rats; proxy_cache_valid 200 304 30m; proxy_cache_valid 301 24h; proxy_cache_valid 500 502 503 504 0s; proxy_cache_valid any 1s; proxy_cache_min_uses 1; expires 12h; } } server { listen 80 default_server; return 301 https://$host$request_uri; } |
你也可以使用多台VPS,利用CloudXNS智能解析,将不同地区的DNS解析到最近的VPS上,进行CND加速。