nginx

try_files

location / {
    try_files $uri $uri/ /index.html;
}

443 强转

if ($ssl_protocol = "") { return 302 https://$host$request_uri; }

vhost配置

listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /usr/local/openresty/nginx/conf/ssl/xxx.com.pem;
ssl_certificate_key /usr/local/openresty/nginx/conf/ssl/xxx.com.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256;
ssl_conf_command Ciphersuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256;
ssl_conf_command Options PrioritizeChaCha;
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_buffer_size 2k;
add_header Strict-Transport-Security max-age=15768000;
ssl_stapling on;
ssl_stapling_verify on;
server_name xxx;
access_log xxx.log combined;
index index.html index.htm index.php;
root xxx;

if ($ssl_protocol = "") { return 302 https://$host$request_uri; }
location ~ [^/]\.php(/|$) {
  #fastcgi_pass remote_php_ip:9000;
  fastcgi_pass unix:/dev/shm/php-cgi.sock;
  fastcgi_index index.php;
  include fastcgi.conf;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
  expires 30d;
  access_log off;
}
location ~ .*\.(js|css)?$ {
  expires 7d;
  access_log off;
}
location ~ /(\.user\.ini|\.ht|\.git|\.svn|\.project|LICENSE|README\.md|\.env) {
  deny all;
}
location /.well-known {
  allow all;
}

499问题

proxy_ignore_client_abort  on;
# 确定在客户端关闭连接时是否应关闭与代理服务器的连接,而不在等待响应
proxy_read_timeout 600;
proxy_send_timeout 600;
# 如果超时(默认60s),Nginx 会主动断开连接,记录504

7层负载

upstream xxx.cn {
	server  10.x:3050  weight=10 max_fails=3 fail_timeout=3s;
	server  10.x:3050  weight=10 max_fails=3 fail_timeout=3s;

   	check interval=1000 rise=2 fall=3 timeout=5000 type=http default_down=false;
   	check_http_send "GET /services/route/ping HTTP/1.0\r\n\r\n";
   	check_http_expect_alive http_2xx http_3xx;
}

server {
	listen	80;
	server_name  xx.cn;
	index index.html index.htm;
	access_log  /var/log/nginx/xxx.cn.access.log  main;
	error_log   /var/log/nginx/xxx.error.log warn;
	
	location ~ ^/NginxStatus/ {
			stub_status on;
			access_log on;
		}
	location / {
		proxy_redirect off ;
		proxy_set_header Host $host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header REMOTE-HOST $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_connect_timeout 600;
		proxy_send_timeout 600;
		proxy_read_timeout 600;
		proxy_ignore_client_abort on;
		proxy_buffer_size 1600k;
		proxy_buffers 4 3200k;
		proxy_busy_buffers_size 6400k;
		proxy_temp_file_write_size 6400k;
		proxy_max_temp_file_size 128m;
		proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
		proxy_pass	http://xxx.cn;
	}
}

format json log

log_format main  escape=json '{ "time_local": "$time_local", '
                        '"remote_user": "$remote_user", '
                        '"remote_addr": "$remote_addr", '
                        '"http_referer": "$http_referer", '
                        '"request": "$request", '
                        '"method": "$request_method", '
                        '"url_path": "$request_uri", '
                        '"request_body": "$request_body", '
                        '"status": $status, '
                        '"level": "$level",'
                        '"body_bytes_sent": $body_bytes_sent, '
                        '"http_user_agent": "$http_user_agent", '
                        '"http_host": "$http_host", '
                        '"http_requestid": "$http_requestid", '
                        '"http_authorization": "$http_authorization", '
                        '"business": "ngx_access-$http_host", '
                        '"http_x_forwarded_for": "$http_x_forwarded_for", '
                        '"upstream_addr": "$upstream_addr",'
                        '"trace_id": "$trace_id",'
                        '"upstream_response_time": "$upstream_response_timer",'
                        '"ssl_protocol": "$ssl_protocol",'
                        '"request_time": $request_time'
                        ' }';
posted @ 2023-01-05 16:14  Callum  阅读(25)  评论(0编辑  收藏  举报