文档说明:只记录关键地方;
nginx 配置文件nginx.conf
| |
| user nginx; |
| worker_processes auto; |
| worker_cpu_affinity auto; |
| error_log /var/log/nginx/error.log warn; |
| pid /var/run/nginx.pid; |
| |
| |
| events { |
| worker_connections 10240; |
| } |
| |
| |
| http { |
| include /etc/nginx/mime.types; |
| default_type application/octet-stream; |
| |
| log_format main escape=json '$remote_addr - $remote_user [$time_local] "$request" ' |
| '$status $body_bytes_sent "$http_referer" ' |
| '"$http_user_agent" "$http_x_forwarded_for" ' |
| 'host:"$host" ' |
| 'request_uri:"$request_uri" ' |
| 'upstream_addr: "$upstream_addr" ' |
| 'upstream_response_time: "$upstream_response_time" ' |
| |
| ; |
| |
| |
| |
| |
| access_log /var/log/nginx/access.log main; |
| |
| sendfile on; |
| |
| |
| keepalive_timeout 65; |
| server_tokens off; |
| resolver 223.5.5.5 223.6.6.6 2400:3200::1 2400:3200:baba::1 ; |
| |
| |
| |
| gzip on; |
| gzip_vary on; |
| gzip_comp_level 6; |
| gzip_buffers 4 16k; |
| gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/xml text/javascript application/json image/png image/gif image/jpeg; |
| |
| |
| proxy_buffer_size 1024k; |
| proxy_buffers 32 1024k; |
| proxy_busy_buffers_size 1024k; |
| proxy_temp_file_write_size 1024k; |
| client_body_buffer_size 1024k; |
| server_names_hash_bucket_size 256; |
| client_max_body_size 50M; |
| |
| map_hash_bucket_size 256; |
| |
| map $http_upgrade $connection_upgrade { |
| default upgrade; |
| '' close; |
| } |
| |
| include /etc/nginx/conf.d/*.conf; |
| } |
| |
| |
nginx default.conf
| |
| server { |
| listen 80; |
| listen [::]:80; |
| server_name your-domain; |
| rewrite ^(.*) https://$server_name$1 permanent; |
| } |
| |
| |
| server { |
| listen 443 ssl http2; |
| listen [::]:443 ssl http2; |
| server_name your-domain; |
| |
| charset utf-8; |
| |
| add_header X-Frame-Options "SAMEORIGIN"; |
| add_header X-XSS-Protection "1; mode=block"; |
| add_header X-Content-Type-Options "nosniff"; |
| add_header Content-Security-Policy upgrade-insecure-requests; |
| add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; |
| add_header Referrer-Policy "no-referrer"; |
| |
| location / { |
| root html; |
| index index.html index.htm; |
| } |
| } |
| } |
| |
| |
| |
| server { |
| listen 443 ssl http2 default_server; |
| listen [::]:443 ssl http2 default_server; |
| server_name _; |
| ssl_protocols TLSv1.2 TLSv1.3; |
| ssl_reject_handshake on; |
| return 444; |
| } |
| |
| server { |
| listen 80 default_server; |
| listen [::]:80 default_server; |
| server_name _; |
| return 444; |
| } |
| |
指定类型的文件设置缓存
| |
| location ~* \.(css|js|png|jpg|jpeg|gif|gz|svg|mp4|ogg|ogv|webm|htc|xml|woff)$ { |
| |
| access_log off; |
| add_header Cache-Control max-age=360000; |
| } |
| |
参考文档
- nginx features
- nginx documentation
- ngx_http_proxy_module
- HTTP安全
- nginx解决跨域关键点
- nginx端口复用
- nginx获得客户端IP地址和使用的端口
- 拷贝nginx容器内配置文件到容器外
- nginx TLSv1.3配置
- SSL web配置参考网站(SSL Configuration Generator)
- nginx中自带的一些变量参数说明
- nginx regular-expression
- Nginx 位置正则表达式用法
- Nginx 位置正则表达式 验证
- 正则表达式
- 跨源资源共享(CORS)
- Nginx与安全有关的几个配置
- Nginx的几个常用配置和技巧
- ngx_stream_core_module
- Module ngx_stream_upstream_module
- Module ngx_stream_access_module
- ngx_http_proxy_module
- nginx 根据服务器名称选择上游 ngx_stream_ssl_preread_module
- nginx tcp-udp-load-balancer
- nginx 的http_proxy_connect_module模块使用
- IP Transparency and Direct Server Return with NGINX
- iptables四表五链
- 四表五链
- 过渡到 nftables
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 10年+ .NET Coder 心语 ── 封装的思维:从隐藏、稳定开始理解其本质意义
· 地球OL攻略 —— 某应届生求职总结
· 周边上新:园子的第一款马克杯温暖上架
· Open-Sora 2.0 重磅开源!
· 提示词工程——AI应用必不可少的技术