4
Nginx配置参数详解_匿名V5程序员的技术博客_51CTO博客
source link: https://blog.51cto.com/u_12907475/5432493
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Nginx配置参数详解
1、基本配置
-
集群配置
-
代理配置
2、优化配置
-
Nginx进程数,一般为CPU核心数-1。查看命令:
cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq -c
-
日志及服务ID路径
-
Nginx单个进程可打开的最大文件数量
-
Nginx客户端最大连接数
- 事件处理模型优化
- 日志格式
- 文件上传大小
- 缓冲区设置
3、安全优化
4、回话保持配置
5、状态查看配置
- check模块还需在集群配置中配置
6、ssl配置
7、Nginx服务管理
[root@localhost nginx-1.20.1]# /usr/local/nginx1.20/sbin/nginx
[root@localhost nginx-1.20.1]# /usr/local/nginx1.20/sbin/nginx -s stop
[root@localhost nginx-1.20.1]# /usr/local/nginx1.20/sbin/nginx -s reload
[root@localhost nginx-1.20.1]# ps -ef | grep nginx
8、参考配置
#user nobody;
# CPU核心数-1
worker_processes 3;
# nginx错误日志的目录
#error_log logs/error.log;
error_log logs/error.log notice;
#error_log logs/error.log info;
# nginx进程id记录文件路径
pid logs/nginx.pid;
# 单个进程可打开的最大文件数量
worker_rlimit_nofile 1024;
events {
# epoll 模型对事件处理进行优化
use epoll;
# 客户端最大连接数,建议与单个进程可打开的最大文件数量保持一致
worker_connections 1024;
}
http {
# 隐藏nginx版本信息
server_tokens off;
include mime.types;
default_type application/octet-stream;
# 日志格式
log_format main '[time:$request_time s] $remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'
'$upstream_addr $upstream_response_time $request_time $upstream_status '
'"$http_range" "$sent_http_content_range"'
'"$gzip_ratio"'
'"$query_string"'
'"-http_refer:$http_referer"';
# nginx日志缓存,降低日志IO。
open_log_file_cache max=10240 inactive=60s valid=1m min_uses=2;
# 文件上传大小
client_max_body_size 100m;
client_header_buffer_size 64k;
large_client_header_buffers 4 4k;
# 压缩配置
gzip on;
gzip_min_length 2k;
gzip_buffers 4 16k;
gzip_comp_level 3;
gzip_vary on;
gzip_types text/plain application/x-javascript application/javascript application/css text/css application/xml application/json;
# 缓存配置
proxy_connect_timeout 3600s;# Nginx与代理的服务连接超时时间(Nginx请求代理服务)
proxy_read_timeout 3600s; # Nginx从代理服务读取文件超时时间
proxy_send_timeout 3600s; # Nginx向代理服务写入文件超时时间
proxy_buffer_size 512k; # 客户端请求头header大小
proxy_buffers 64 512k; # 缓冲区的大小和数量
proxy_busy_buffers_size 512k; #
proxy_temp_file_write_size 512k; #
## 当上游服务器的响应过大不能存储到配置的缓冲区域时,Nginx存储临时文件硬盘路径 ,设置为服务器上存在的目录
proxy_temp_path /usr/local/nginx1.20/cache_temp_path;
# 注意【cache_one】,后续的location会用到
proxy_cache_path /usr/local/nginx1.20/cache_path levels=1:2 keys_zone=cache_one:500m inactive=1d max_size=10g use_temp_path=off;
# proxy_cache_key $host$request_uri;
client_body_buffer_size 10240k;
output_buffers 8 64k;
postpone_output 1460;
client_header_timeout 120s;
client_body_timeout 120s;
sendfile on;
keepalive_timeout 65;
upstream cwbb {
# 会话保持,必须安装sticky模块
sticky name="hellosticky";
server 192.168.137.121:8080 max_fails=5 fail_timeout=600s weight=10;
server 192.168.137.121:8081 max_fails=5 fail_timeout=600s weight=10;
server 192.168.137.121:8083 max_fails=5 fail_timeout=600s weight=10;
server 192.168.137.121:8084 max_fails=5 fail_timeout=600s weight=10;
check interval=3000 rise=2 fall=5 timeout=1000 type=http;
}
server {
listen 80;
server_name localhost;
# 如果没有配置https证书,则listen 443 ssl; ssl_certificate; ssl_certificate_key; ssl_session_cache; ssl_session_timeout;都可以用#注释
#listen 443 ssl;
#ssl_certificate /usr/local/nginx1.20/cert/xxx.crt;
#ssl_certificate_key /usr/local/nginx1.20/cert/xxx.key;
#ssl_session_cache shared:SSL:10m;
#ssl_session_timeout 5m;
#ssl_ciphers HIGH:!aNULL:!MD5;
#ssl_prefer_server_ciphers on;
location ~* ^.+\.(jpg|jpeg|gif|png|js|ttf|css|json|)$ {
proxy_pass http://cwbb;
proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie;
proxy_cache off;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 180;
proxy_send_timeout 180;
proxy_read_timeout 180;
proxy_buffer_size 128k;
proxy_buffers 4 128k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
proxy_cache_valid 200 304 302 24h;
proxy_cache_key $server_addr$uri$is_args$args;
add_header Cache-Control no-cache;
}
# check模块配置
location /check_status {
check_status;
access_log off;
}
# stub模块配置
location /stub_status {
stub_status;
access_log off;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
## 根目录访问 ,如果有其他需要代理的路径,则依次增加location即可
location / {
## 如果信息中心强制禁止不安全的请求类型,增加如下配置,GET|POST|HEAD是允许的请求类型
if ($request_method !~ ^(GET|POST|HEAD)$) {
return 403 '{"timestamp":"2019-05-30T12:39:03.593","success":false,"errorCode":"403","errorMessage":"不安全的请求类型:$request_method","errorDetail":"不安全的URL:$request_uri","data":null}';
}
proxy_pass http://cwbb;
limit_rate 400k;
limit_rate_after 5m;
proxy_connect_timeout 1200;
proxy_send_timeout 1200s;
proxy_read_timeout 1200s;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
add_header Cache-Control no-cache;
}
}
}
- 代理配置效果(代理了本机的4个tomcat服务)
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK