Master Nginx: Multi-Domain, Auth, Autoindex, and Reverse Proxy Tricks

Multiple Domains for One Site

<code>server {
  listen 80;
  server_name ops-coffee.cn b.ops-coffee.cn;
}</code>

Use

server_name

with space‑separated domain names.

One Service Hosting Multiple Sites

<code>server {
  listen 80;
  server_name a.ops-coffee.cn;
  location / {
    root /home/project/pa;
    index index.html;
  }
}
server {
  listen 80;
  server_name ops-coffee.cn b.ops-coffee.cn;
  location / {
    root /home/project/pb;
    index index.html;
  }
}
server {
  listen 80;
  server_name c.ops-coffee.cn;
  location / {
    root /home/project/pc;
    index index.html;
  }
}</code>

Nginx supports three types of virtual hosts:

IP‑based virtual host : requires multiple IP addresses, less common.

Port‑based virtual host : each site listens on a different port.

Name‑based virtual host : most widely used; differentiate sites by

server_name

.

Basic Auth with Username/Password

<code>server {
    location / {
        auth_basic "please input user&passwd";
        auth_basic_user_file key/auth.key;
    }
}</code>

Generate encrypted passwords with a small Perl script.

<code># cat pwd.pl
#!/usr/bin/perl
use strict;
my $pw=$ARGV[0];
print crypt($pw,$pw);
</code>

<code># perl pwd.pl ops-coffee.cn
opf8BImqCAXww
# echo "admin:opf8BImqCAXww" > key/auth.key
</code>

Enable Directory Listing

<code>server {
    location download {
        autoindex on;
        autoindex_exact_size off;
        autoindex_localtime on;
    }
}</code>

autoindex_exact_size

controls size units, and

autoindex_localtime

toggles timestamp display. To force download of certain file types, add:

<code>if ($request_filename ~* ^.*?.(txt|pdf|jpg|png)$) {
    add_header Content-Disposition 'attachment';
}</code>

Default Site Configuration

<code>server {
    listen 80 default;
}</code>

Place the default server first or use

listen default

to catch unmatched hosts.

Block Access by IP or Unconfigured Domains

<code>server {
    listen 80 default;
    server_name _;
    return 404;
}</code>

Alternatively, redirect all unmatched traffic to a primary domain:

<code>server {
    rewrite ^/(.*)$ https://ops-coffee.cn/$1 permanent;
}</code>

Serve Verification File Directly

<code>location = /XDFyle6tNA.txt {
    default_type text/plain;
    return 200 'd6296a84657eb275c05c31b10924f6ea';
}</code>

Upstream Reverse Proxy

<code>http {
    upstream tomcats {
        server 192.168.106.176 weight=1;
        server 192.168.106.177 weight=1;
    }
    server {
        location /ops-coffee/ {
            proxy_pass http://tomcats;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
    }
}</code>

Distinguish

proxy_pass http://tomcats

(no trailing slash) from

proxy_pass http://tomcats/

; the former preserves the original URI, while the latter replaces it with the upstream URI.

Enable Keepalive for Upstream

<code>upstream tomcat {
    server ops-coffee.cn:8080;
    keepalive 1024;
}
server {
    location / {
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        proxy_pass http://tomcat;
    }
}</code>

Keepalive reduces TCP connection overhead; it requires HTTP/1.1 and clearing the

Connection

header to avoid accidental closure.

Redirect 404 Errors to Home Page

<code>server {
    location / {
        error_page 404 = @ops-coffee;
    }
    location @ops-coffee {
        rewrite .* / permanent;
    }
}</code>

This configuration sends users encountering a 404 directly back to the site’s homepage.