本文介绍了如何使用 Nginx 反向代理 Google Font、Ajax 和 Gravatar 头像。用以解决国内无法正常访问 Google Font、Ajax 和 Gravatar 头像而导致的网站加载速度慢的问题。
安装 Nginx
Nginx 的安装方式有很多,本文只介绍 Centos7 下 Nginx 的安装方法。
官方教程参考
官方教程参考:Install Nginx
在 Centos 7 下使用 yum 安装 Nginx
通过 ssh 进入系统后,执行以下命令:
#安装 EPEL
sudo yum install epel-release
#安装 Nginx
sudo yum install nginx
# 将 Nginx 服务加入开机自启动,默认安装完服务是没有开启的,需要手动进行开启
sudo systemctl enable nginx.service
sudo systemctl restart nginx.service
# 查看端口状态,打开防火墙
sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --reload
访问页面:http://你的服务器 IP/ 查看是否正常
参考教程:How To Install Nginx on CentOS 7
使用 LNMP.ORG 一键包安装 NGINX
# 安装命令行终端切换的自由软件 GNU Screen
yum install screen
# 下载并安装 LNMP 一键安装包
cd ~
wget -c http://soft.vpser.net/lnmp/lnmp1.4.tar.gz && tar zxf lnmp1.4.tar.gz && cd lnmp1.4 && ./install.sh lnmp
#运行安装脚本
./install.sh
然后根据提示进行安装即可,这儿我们只安装 Nginx
参考教程:LNMP 一键安装
使用 Oneinstack 一键包安装 NGINX
yum -y install wget screen curl python #for CentOS/Redhat
# apt-get -y install wget screen curl python #for Debian/Ubuntu
wget http://aliyun-oss.linuxeye.com/oneinstack-full.tar.gz #阿里云经典网络下载
wget http://mirrors.linuxeye.com/oneinstack-full.tar.gz #包含源码,国内外均可下载
wget http://mirrors.linuxeye.com/oneinstack.tar.gz #不包含源码,建议仅国外主机下载
tar xzf oneinstack-full.tar.gz
cd oneinstack #如果需要修改目录 (安装、数据存储、Nginx 日志),请修改 options.conf 文件
screen -S oneinstack #如果网路出现中断,可以执行命令`screen -R oneinstack`重新连接安装窗口
./install.sh #注:请勿 sh install.sh 或者 bash install.sh 这样执行
参考教程:OneinStack 安装教程
配置 Nginx
添加 Nginx 缓存
进入 ssh,执行以下命令
mkdir -p /var/cache/nginx/cache
mkdir -p /var/cache/nginx/temp
修改 Nginx 文件,加入下面的代码
##
# Nginx Cache Settings
##
proxy_temp_file_write_size 128k;
proxy_temp_path /var/cache/nginx/temp;
proxy_cache_path /var/cache/nginx/cache levels=1:2 keys_zone=cache_one:50m inactive=7d max_size=5g;
Nginx 反向代理配置文件参考
在 Nginx 文件夹下创建 conf 文件,用于反代。
google-ajax.conf - 反向代理 Google Ajax
直接下载:google-ajax.conf 修改替换其中的 ajax.css.network 为自己的域名即可。
upstream googleajax {
server ajax.googleapis.com:443;
}
server {
listen 80;
server_name ajax.css.network;
resolver 8.8.8.8;
location / {
proxy_pass_header Server;
proxy_set_header Host ajax.googleapis.com;
proxy_set_header Accept-Encoding '';
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass https://googleajax;
proxy_cache cache_one;
proxy_cache_valid 200 304 365d;
proxy_cache_key $host$uri$is_args$args;
expires max;
}
}
server {
listen 443 ssl spdy;
ssl on;
ssl_certificate /root/ssl/css.crt;
ssl_certificate_key /root/ssl/css.key;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
keepalive_timeout 70;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
server_name ajax.css.network;
resolver 8.8.8.8;
location / {
proxy_pass_header Server;
proxy_set_header Host ajax.googleapis.com;
proxy_set_header Accept-Encoding '';
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass https://googleajax;
proxy_cache cache_one;
proxy_cache_valid 200 304 365d;
proxy_cache_key $host$uri$is_args$args;
expires max;
}
}
google-fonts.conf - 反向代理 Google Font
直接下载:google-fonts.conf 修改替换其中的 fonts.css.network 为自己的域名即可。
upstream google {
server fonts.googleapis.com:443;
}
upstream gstatic {
server fonts.gstatic.com:443;
}
server {
listen 80;
server_name fonts.css.network;
resolver 8.8.8.8;
location /css {
sub_filter 'fonts.gstatic.com' 'fonts.css.network';
sub_filter_once off;
sub_filter_types text/css;
proxy_pass_header Server;
proxy_set_header Host fonts.googleapis.com;
proxy_set_header Accept-Encoding '';
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass https://google;
proxy_cache cache_one;
proxy_cache_valid 200 304 365d;
proxy_cache_key $host$uri$is_args$args;
expires max;
}
location /icon {
sub_filter 'fonts.gstatic.com' 'fonts.css.network';
sub_filter_once off;
sub_filter_types text/css;
proxy_pass_header Server;
proxy_set_header Host fonts.googleapis.com;
proxy_set_header Accept-Encoding '';
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass https://google;
proxy_cache cache_one;
proxy_cache_valid 200 304 365d;
proxy_cache_key $host$uri$is_args$args;
expires max;
}
location / {
proxy_pass_header Server;
proxy_set_header Host fonts.gstatic.com;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass http://gstatic;
proxy_cache cache_one;
proxy_cache_valid 200 304 365d;
proxy_cache_key $host$uri$is_args$args;
expires max;
}
}
server {
listen 443 ssl spdy;
ssl on;
ssl_certificate /root/ssl/css.crt;
ssl_certificate_key /root/ssl/css.key;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
keepalive_timeout 70;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
server_name fonts.css.network;
resolver 8.8.8.8;
location /css {
sub_filter 'fonts.gstatic.com' 'fonts.css.network';
sub_filter_once off;
sub_filter_types text/css;
proxy_pass_header Server;
proxy_set_header Host fonts.googleapis.com;
proxy_set_header Accept-Encoding '';
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass https://google;
proxy_cache cache_one;
proxy_cache_valid 200 304 365d;
proxy_cache_key $host$uri$is_args$args;
expires max;
}
location /icon {
sub_filter 'fonts.gstatic.com' 'fonts.css.network';
sub_filter_once off;
sub_filter_types text/css;
proxy_pass_header Server;
proxy_set_header Host fonts.googleapis.com;
proxy_set_header Accept-Encoding '';
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass https://google;
proxy_cache cache_one;
proxy_cache_valid 200 304 365d;
proxy_cache_key $host$uri$is_args$args;
expires max;
}
location / {
proxy_pass_header Server;
proxy_set_header Host fonts.gstatic.com;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass https://gstatic;
proxy_cache cache_one;
proxy_cache_valid 200 304 365d;
proxy_cache_key $host$uri$is_args$args;
expires max;
}
}
gravatar.conf - 反向代理 Gravatar
直接下载:gravatar.conf 修改替换其中的 gravatar.css.network 为自己的域名即可。
upstream gravatar {
server secure.gravatar.com:443;
}
server {
listen 80;
server_name gravatar.css.network;
resolver 8.8.8.8;
location / {
proxy_pass_header Server;
proxy_set_header Host secure.gravatar.com;
proxy_set_header Accept-Encoding '';
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass https://gravatar;
proxy_cache cache_one;
proxy_cache_valid 200 304 365d;
proxy_cache_key $host$uri$is_args$args;
expires max;
}
}
server {
listen 443 ssl spdy;
ssl on;
ssl_certificate /root/ssl/css.crt; #改为自己的 SSL 证书位置
ssl_certificate_key /root/ssl/css.key; #改为自己的 SSL 私钥位置
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
keepalive_timeout 70;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
server_name gravatar.css.network;
resolver 8.8.8.8;
location / {
proxy_pass_header Server;
proxy_set_header Host secure.gravatar.com;
proxy_set_header Accept-Encoding '';
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_pass https://gravatar;
proxy_cache cache_one;
proxy_cache_valid 200 304 365d;
proxy_cache_key $host$uri$is_args$args;
expires max;
}
}
重启 Nginx
添加了配置文件后,需要执行下面的命令重启 Nginx,使 conf 文件生效。
sudo systemctl restart nginx.service
转载来源
上面的 conf 文件我也是转载别人的,但是我并没有找到原作者所以无法写出来源。在这里向作者说一声抱歉。