首先购买香港VPS即可,省钱,安装宝塔面板就不在这里阐述了,都会,如果不会也就没必要自建网站或是CDN了。安装完宝塔之后别的都不需要安装就把nginx安装上,然后安装好nginx之后,我们就可以开始配置nginx缓存了。
配置CDN服务器的nginx的缓存
NGINX的缓存配置如下:首先是进到网站的设置里,点左边的配置文件,直接复制以下代码覆盖原代码即可,记得域名修改下你自己的。
server {
listen 443 ssl ;
http2 on;
server_name cdn.maccmsrust.com;
ssl_certificate /www/server/panel/vhost/cert/cdn.maccmsrust.com/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/cdn.maccmsrust.com/privkey.pem;
# ===== 1. 首页:单独缓存 1 小时 =====
location = / {
proxy_cache cdn_cache;
proxy_cache_valid 200 1h;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass https://www.jljjj.com/;
proxy_set_header Host www.jljjj.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Accept-Encoding "";
proxy_hide_header Vary; # 👈 添加这行
gzip_vary off; # 👈 强烈建议添加(防 gzip 自动加 Vary)
add_header Vary "Accept-Encoding"; # 👈 添加这行
add_header X-Cache-Status $upstream_cache_status;
}
# ===== 2. 静态资源目录:缓存 7 天 =====
location ~ ^/(static|template|upload)/ {
proxy_cache cdn_cache;
proxy_cache_valid 200 302 7d;
proxy_cache_valid 404 1m;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass https://www.jljjj.com;
proxy_set_header Host www.jljjj.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Accept-Encoding "";
proxy_hide_header Vary;
add_header Vary "Accept-Encoding";
add_header X-Cache-Status $upstream_cache_status;
}
# ===== 3. 其他路径(动态页面):不缓存 =====
location / {
proxy_pass https://www.jljjj.com;
proxy_set_header Host www.jljjj.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# 注意:这里不加 proxy_cache,避免缓存动态内容
}
# 安全:禁止脚本执行
location ~* \.(php|jsp|cgi|sh|pl|py|asp|aspx)$ {
deny all;
}
gzip on;
gzip_types text/plain text/css application/json application/javascript image/svg+xml;
}
下一步修改全局的nginx配置文件,进到左边的软件商店,点nginx的设置,在http标签里添加以下代码:
# ===== CDN 缓存区定义(全局,只需写一次)=====
http
{
include mime.types;
#include luawaf.conf;
# ===== CDN 缓存区定义(全局,只需写一次)就是这段代码=====
proxy_cache_path /www/wwwroot/cdn_cache levels=1:2 keys_zone=cdn_cache:50m max_size=20g inactive=1h use_temp_path=off;
# ===== CDN 缓存区定义(全局,只需写一次)就是这段代码=====
include proxy.conf;
lua_package_path "/www/server/nginx/lib/lua/?.lua;;";
default_type application/octet-stream;
附赠一个图片的CDN缓存规则
server {
listen 443 ssl ;
http2 on;
server_name img.maccmsrust.com;
ssl_certificate /www/server/panel/vhost/cert/img.maccmsrust.com/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/img.maccmsrust.com/privkey.pem;
root /www/wwwroot/img.maccmsrust.com; # ← 明确指定 root(即使主要用 proxy)
# ==============================
# 1. 字体文件:/jljjj/webfonts/ → 缓存 + CORS
# ==============================
location ~ ^/jljjj/webfonts/.+\.(woff2|woff|ttf|eot|otf)$ {
# CORS 跨域头(必须)
add_header Access-Control-Allow-Origin "https://www.jljjj.com" always;
add_header Vary "Origin" always; # 建议加上,避免 CDN 缓存污染
# 启用 proxy_cache
proxy_cache cdn_cache;
proxy_cache_valid 200 30d;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
# 代理到源站
proxy_pass https://ywimg.basinhydrology.com;
proxy_set_header Host ywimg.basinhydrology.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Accept-Encoding "";
# 隐藏后端头,自定义缓存控制
proxy_hide_header Vary;
proxy_hide_header Cache-Control;
gzip_vary off;
add_header X-Cache-Status $upstream_cache_status;
add_header Cache-Control "public, max-age=2592000"; # 30天
}
# ==============================
# 1. 所有 /jljjj/upload/ 静态资源:走 proxy_cache
# ==============================
location ~ ^/jljjj/upload/.+\.(css|js|woff2|woff|ttf|svg|png|jpe?g|gif|webp|bmp|avif)$ {
proxy_cache cdn_cache;
proxy_cache_valid 200 30d;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
proxy_pass https://ywimg.basinhydrology.com;
proxy_set_header Host ywimg.basinhydrology.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Accept-Encoding "";
proxy_hide_header Vary;
proxy_hide_header Cache-Control;
gzip_vary off;
# === 新增 CORS 头 ===
add_header Access-Control-Allow-Origin "https://www.jljjj.com" always;
# 如果还有其他域名需要支持,可以用 map 或多个规则
add_header Vary "Accept-Encoding";
add_header X-Cache-Status $upstream_cache_status;
add_header Cache-Control "public, max-age=2592000";
}
# ==============================
# 2. 其他请求:透传(不缓存)
# ==============================
location / {
proxy_pass https://ywimg.basinhydrology.com;
proxy_set_header Host ywimg.basinhydrology.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Accept-Encoding "";
}
# ==============================
# 3. 安全:禁止脚本执行
# ==============================
location ~* \.(php|jsp|cgi|sh|pl|py|asp|aspx)$ {
deny all;
}
gzip on;
gzip_types text/plain text/css application/json application/javascript image/svg+xml;
}
配置源站的nginx的缓存
#ERROR-PAGE-START 错误页配置,可以注释、删除或修改
error_page 404 /404.html;
#error_page 502 /502.html;
#ERROR-PAGE-END
#PHP-INFO-START PHP引用配置,可以注释或修改
include enable-php-71.conf;
#PHP-INFO-END
#REWRITE-START URL重写规则引用,修改后将导致面板设置的伪静态规则失效
include /www/server/panel/vhost/rewrite/www.jljjj.com.conf;
#REWRITE-END
# ===== 自动将本地路径替换为 CDN 域名(无侵入式)=====
sub_filter_types text/html;
sub_filter_once off;
# ✅ 只替换静态资源(安全!)
sub_filter 'src="/upload/' 'src="https://cdn.maccmsrust.com/upload/';
sub_filter 'src="/template/' 'src="https://cdn.maccmsrust.com/template/';
sub_filter 'src="/static/' 'src="https://cdn.maccmsrust.com/static/';
sub_filter 'href="/template/' 'href="https://cdn.maccmsrust.com/template/';
sub_filter 'href="/static/' 'href="https://cdn.maccmsrust.com/static/';
sub_filter 'url(/upload/' 'url(https://cdn.maccmsrust.com/upload/';
sub_filter 'url(/template/' 'url(https://cdn.maccmsrust.com/template/';
sub_filter 'url(/static/' 'url(https://cdn.maccmsrust.com/static/';
# ❗ 关键防护:确保首页链接不被替换(防止跳转到 CDN 域名)
sub_filter 'href="/"' 'href="/"';
sub_filter 'href="/index.html"' 'href="/index.html"';
# ===== 自动将本地路径替换为 CDN 域名(无侵入式)就是上边这段代码加到适当位置=====
#禁止访问的文件或目录
location ~ ^/(\.user.ini|\.htaccess|\.git|\.env|\.svn|\.project|LICENSE|README.md)
{
return 404;
}
以上就是全部的配置,重启nginx即可。各个参数根据自己的实际情况修改吧。