Nginx配置文件详解
#conf/nginx.conf 此文件为主要配置文件
#nginx配置文件可以单独创建并在nginx.conf文件中指定
#加载第三方模块
load_module /data/nginx/nginx-server/obj/ngx_stream_module.so;
#指定那个用户权限可选
user root;
#cpu自动线程调节
worker_processes auto;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
worker_rlimit_nofile 65535;
events {
use epoll;
worker_connections 65535;
}
#####可以单独做tcp长连接配置start#####
stream {
upstream syjydb {
hash $remote_addr consistent;
server 172.17.248.111:1433 weight=5 max_fails=3 fail_timeout=900s;
}
server {
listen 5100;
proxy_connect_timeout 900s;
proxy_timeout 900s;
proxy_pass syjydb;
#so_keepalive on;
tcp_nodelay on;
}
}
#####可以单独做tcp长连接配置end#####
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#网络优化
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 75;
#反向代理优化
proxy_connect_timeout 75;
proxy_send_timeout 75;
# 连接成功后,后端服务器响应超时时间
proxy_read_timeout 300;
proxy_buffer_size 64k;
proxy_buffers 32 32k;
proxy_busy_buffers_size 512K;
proxy_temp_file_write_size 512K;
proxy_buffering on;
#反向代理缓存配置
proxy_temp_path /data/nginx/nginx-server/proxy_temp;
proxy_cache_path /data/nginx/nginx-server/proxy_cache levels=1:2 keys_zone=syjy-cache:100m max_size=1000m inactive=600m max_size=6g;
#超长域名配置
server_names_hash_bucket_size 128;
#设置允许发布内容为8M,可以调节
client_max_body_size 8M;
client_body_buffer_size 128k;
client_header_buffer_size 8M;
large_client_header_buffers 4 10240k;
gzip on; #是否开启gzip
gzip_buffers 32 4K;#缓冲(压缩在内存中缓冲几块,每块多大)
gzip_comp_level 6;#推荐6 压缩级别(级别越高,压的越小,越浪费CPU计算资源)
gzip_min_length 1024;#开始压缩的最小长度(再小就不要压缩了,意义不在)
gzip_proxied any;#设置请求者代理服务器,该如何缓存内容
gzip_types text/plain application/x-javascript text/css text/xml application/xml application/javascript application/json;#对哪些类型的文件用压缩
gzip_vary on;#是否传输gzip压缩标志
#xxx集群配置
upstream xxxx{
consistent_hash $request_uri; #第三方负载插件,若不配置默认为轮询负载(还有很多其他负载)
server 172.17.132.104:5038;
server 172.17.132.101:5038;
}
#站点相关配置
server {
listen 80;
server_name xx.xx.com;
#charset koi8-r;
access_log logs/xxxx.log main;
#自动跳转到https 443
rewrite ^(.*) https://$host$1 permanent;
}
#域名证书配置
server {
listen 443 ssl;
server_name xx.xx.com; #你的域名
access_log logs/xxxx.log main;
ssl_certificate /data/nginx/nginx-server/cert/xx.com.crt; #改成你的证书对应的名字
ssl_certificate_key /data/nginx/nginx-server/cert/xxx.com.key; #你的证书对应的名字
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
add_header backendIP $upstream_addr;#展示内网地址可选
proxy_set_header Host $host;
proxy_redirect off;
proxy_set_header X-Forward-For $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://xxxx;
proxy_ignore_headers Set-Cookie;
proxy_hide_header Set-Cookie;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
}
#静态资源相关配置
location ~ .*\.(gif|jpg|png|html|htm|css|js|ico|swf|pdf)$ {
add_header backendIP $upstream_addr;
proxy_pass http://xxxx; #集群配置名称
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_ignore_headers Set-Cookie Cache-Control;
proxy_hide_header Cache-Control;
proxy_hide_header Set-Cookie;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_cache syjy-cache;
add_header Nginx-Cache $upstream_cache_status;
proxy_cache_valid 200 304 301 302 8h; #反向代理缓存相关配置
proxy_cache_valid 404 1m; #反向代理缓存相关配置
proxy_cache_valid any 1d; #反向代理缓存相关配置
proxy_cache_key $host$uri$is_args$args; #反向代理缓存相关配置
expires 30d; #若项目频繁更新不建议配置此项
}
#可指定其他地方的配置文件(方便分类管理)
include /data/nginx/nginx-server/conf/HYxx.conf;
}
评论区