nginx 配置小结

Posted 2020-09-06

tags:

篇首语：本文由小常识网(cha138.com)小编为大家整理，主要介绍了nginx 配置小结相关的知识，希望对你有一定的参考价值。

#用户

user webapp;

#工作进程数量

worker_processes 8;

#平均分配到CPU（当前是8核）

worker_cpu_affinity 10000000 01000000 00100000 00010000 00001000 00000100 00000010 00000001;

#worker_cpu_affinity auto;

#错误日志记录

error_log logs/error.log;

#error_log logs/error.log notice;

#error_log logs/error.log info;

pid logs/nginx.pid;

worker_rlimit_nofile 10240;

#事件类型

events {

use epoll;

#每个进程的最大连接数

worker_connections 15000;

multi_accept on;

}

http {

include mime.types;

default_type application/octet-stream;

# 修改默认服务器类型标签，避免某些安全隐患

server_tokens off;

server_tag ‘NULL‘;

#定义日志格式

#log_format main ‘$remote_addr - $remote_user [$time_local] "$request" ‘

# ‘$status $body_bytes_sent "$http_referer" ‘

# ‘"$http_user_agent" "$http_x_forwarded_for"‘;

#access_log logs/access.log main;

#设定请求缓冲

client_header_buffer_size 32k;

large_client_header_buffers 4 4k;

sendfile on;

tcp_nopush on;

tcp_nodelay on;

#keepalive_timeout 0;

keepalive_timeout 65;

server_tokens off;

open_file_cache max=65535 inactive=20s;

open_file_cache_valid 30s;

open_file_cache_min_uses 1;

#开启gzip模块

gzip on;

gzip_min_length 1000;

gzip_buffers 4 16k;

gzip_comp_level 4;

gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;

gzip_vary on;

gzip_disable "MSIE [1-6]\.";

fastcgi_intercept_errors on;

#定义负载均衡后端服务器

upstream TOMCAT {

server 192.168.1.1:8081 max_fails=1;

server 192.168.1.1:8082 max_fails=1;

server 192.168.1.1:8083 max_fails=1;

server 192.168.1.1:8084 max_fails=1;

ip_hash;

#负载均衡健康检查需要安装nginx_upstream_check_module

check interval=3000 rise=2 fall=5 timeout=1000 type=http;

#check_http_send "GET / HTTP/1.0\r\n\r\n";

#check_http_expect_alive http_2xx http_3xx;

}

#limit模块限制

limit_req_zone $binary_remote_addr zone=zone_name:20m rate=5r/s;

# 服务器定义

server {

listen 8080;

#定义多个端口

#listen 9090;

server_name 192.168.1.1 localhost;

set $addr $remote_addr;

proxy_store off;

error_page 404 /404.html;

charset utf-8;

#设定上传文件的最大尺寸

client_max_body_size 20m;

#定义时间参数，用作日志生成

if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})") {

set $year $1;

set $month $2;

set $day $3;

}

#日志，指定目录及日期，可自动按天生成

access_log /nfs/nginxlog/nginx-$year-$month-$day-access.log;

# 指定HTTP访问方式：非GET或者POST方式，返回403;一般为Web、WAP使用

if ($request_method !~ ^(GET|POST)$) {

return 403;

}

#判断客户端地址

if ($remote_Addr != ‘4.4.4.4‘ ){

return 403;

}

if ($remote_Addr = ‘2.2.2.2‘ ) || ($remote_Addr = ‘3.3.3.3‘ ) {

........;

}else{

return 403;

}

#可以根据判断结果设定参数值，再根据参数值确定具体操作

if ($request_uri ~ \.(conf|xml)$) {

set $seo 2;

}

if ($seo = 2) {

proxy_pass http://192.168.1.2:8080;

rewrite ^.*$ /api/1$request_uri;

break;

}

#判断用户访问的客户端类型

if ( $http_user_agent ~* "(android|iPhone|Windows Phone|UC|Kindle)" ){

rewrite ^(.*) http://www.xxx.cn/yy/ permanent;

}

#设置参数初始值，并在进行判断后赋值

set $SESSIONID "-";

if ( $http_cookie ~* "WAP_SESSIONID=([^;]+)(?:;|$)" ){

set $SESSIONID $1;

}

#匹配用户访问url路径，然后进行相应处理

location =/ {

return 404;

}

location ~ ^/(WEB-INF)/ {

deny all;

}

location ^~ class {

# 匹配任何已 images 开头的任何查询并且停止搜索。任何正则表达式将不会被测试。

deny all;

}

#匹配用户访问的文件类型，符合即指向指定目录

location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|htc|ico)$ {

root /webapp/web/image;

access_log off;

expires 30d;

}

#重定向

location /content {

rewrite ^/(.*)$ /lcpproxy/content.php?$1 last;

}

#使用LUA脚本

location /queryCache {

default_type ‘text/plain‘;

content_by_lua_file /home/fjccwt/nginx/lua/queryCache.lua;

}

#使用python脚本需要ngx_python模块

location /content_by_python_file {

content_by_python_file /webapp/openresty/hello.py;

}

#反向代理

location /test/ {

limit_req zone=zone_name burst=1500 nodelay;

proxy_pass http://tomcat/test/;

proxy_redirect off;

proxy_set_header Host $host:$server_port;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

client_max_body_size 20m;

client_body_buffer_size 500k;

proxy_max_temp_file_size 0;

proxy_connect_timeout 60;

proxy_send_timeout 60;

proxy_read_timeout 60;

proxy_buffer_size 128k;

proxy_buffers 8 128k;

proxy_busy_buffers_size 256k;

proxy_temp_file_write_size 1024k;

}

#nginx管理配置

location /ngx_status {

stub_status on;

access_log off;

#设定NGINX管理平台访问密码

#auth_basic "NginxStatus";

#auth_basic_user_file htpasswd;

allow 127.0.0.1;

deny all;

}

#HTTPS配置

server {

listen 8443;

server_name localhost;

ssl on;

ssl_certificate /webapp/softs/sslkey/server.crt;

ssl_certificate_key /webapp/softs/sslkey/server.key;

ssl_session_timeout 5m;

ssl_protocols SSLv2 TLSv1;

ssl_ciphers HIGH:!aNULL:!MD5;

ssl_prefer_server_ciphers on;

if ($request_method !~ ^(GET|HEAD|POST)$ ) {

return 403;

}

location / {

root html;

index index.html index.htm;

}

# another virtual host using mix of IP-, name-, and port-based configuration

#server {

# listen 8000;

# listen somename:8080;

# server_name somename alias another.alias;

# location / {

# root html;

# index index.html index.htm;

# }

# HTTPS server

#server {

# listen 443 ssl;

# server_name localhost;

# ssl_certificate cert.pem;

# ssl_certificate_key cert.key;

# ssl_session_cache shared:SSL:1m;

# ssl_session_timeout 5m;

# ssl_ciphers HIGH:!aNULL:!MD5;

# ssl_prefer_server_ciphers on;

# location / {

# root html;

# index index.html index.htm;

# }

}

本文出自 “无所适从” 博客，请务必保留此出处http://tommypage.blog.51cto.com/6689011/1910930

以上是关于nginx 配置小结的主要内容，如果未能解决你的问题，请参考以下文章

nginx 配置小结

Nginx前端实践小结

nginx小结--请求转发与动静分离

Nginx下关于缓存控制字段cache-control的配置说明 - 运维小结

周末完成工作小结