nginx http 通用配置

文档说明:只记录关键地方;

nginx 配置文件nginx.conf


user  nginx;
worker_processes  auto;
worker_cpu_affinity auto;
error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  10240;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main escape=json '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for" '
                      'host:"$host" '
                      'request_uri:"$request_uri" '
                      'upstream_addr: "$upstream_addr" '
                      'upstream_response_time: "$upstream_response_time" '

                      ;


    # underscores_in_headers on;

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;
    server_tokens off;
    resolver  223.5.5.5 223.6.6.6 2400:3200::1 2400:3200:baba::1 ;
    # 关闭IPV6解析
    # resolver  223.5.5.5 223.6.6.6 2400:3200::1 2400:3200:baba::1  ipv6=off;

    gzip  on;
    gzip_vary on;
    gzip_comp_level 6;
    gzip_buffers 4 16k;
    gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/xml text/javascript application/json image/png image/gif image/jpeg;


    proxy_buffer_size  1024k;
    proxy_buffers   32 1024k;
    proxy_busy_buffers_size 1024k;
    proxy_temp_file_write_size 1024k;
    client_body_buffer_size 1024k;
    server_names_hash_bucket_size 256;
    client_max_body_size 50M;

    map_hash_bucket_size 256;

    map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
    }
  
    include /etc/nginx/conf.d/*.conf;
}


nginx default.conf


server {
    listen       80;
    listen  [::]:80;
    server_name your-domain;
    rewrite ^(.*) https://$server_name$1 permanent;
}


server {
    listen       443 ssl http2;
    listen  [::]:443 ssl http2;
    server_name  your-domain;

    charset utf-8;

    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";
    add_header Content-Security-Policy upgrade-insecure-requests;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    add_header Referrer-Policy "no-referrer";

    location / {
            root   html;
            index  index.html index.htm;
        }
    }
}



server {
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;
    server_name _;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_reject_handshake on; #非服务器名称的 SSL 握手直接拒绝
    return 444;
}

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name _;
    return 444;
}

指定类型的文件设置缓存


location ~* \.(css|js|png|jpg|jpeg|gif|gz|svg|mp4|ogg|ogv|webm|htc|xml|woff)$ {
    
        access_log off;
        add_header    Cache-Control  max-age=360000;
 }

参考文档

  1. nginx features
  2. nginx documentation
  3. ngx_http_proxy_module
  4. HTTP安全
  5. nginx解决跨域关键点
  6. nginx端口复用
  7. nginx获得客户端IP地址和使用的端口
  8. 拷贝nginx容器内配置文件到容器外
  9. nginx TLSv1.3配置
  10. SSL web配置参考网站(SSL Configuration Generator)
  11. nginx中自带的一些变量参数说明
  12. nginx regular-expression
  13. Nginx 位置正则表达式用法
  14. Nginx 位置正则表达式 验证
  15. 正则表达式
  16. 跨源资源共享(CORS)
  17. Nginx与安全有关的几个配置
  18. Nginx的几个常用配置和技巧
  19. ngx_stream_core_module
  20. Module ngx_stream_upstream_module
  21. Module ngx_stream_access_module
  22. ngx_http_proxy_module
  23. nginx 根据服务器名称选择上游 ngx_stream_ssl_preread_module
  24. nginx tcp-udp-load-balancer
  25. nginx 的http_proxy_connect_module模块使用
  26. IP Transparency and Direct Server Return with NGINX
  27. iptables四表五链
  28. 四表五链
  29. 过渡到 nftables
posted @ 2022-10-29 12:04  jingjingxyk  阅读(572)  评论(0编辑  收藏  举报