nginx 总结
下载地址:http://nginx.org/download/
NGINX_FILE=nginx-1.14.0.tar.gz NGINX_FILE_DIR=nginx-1.14.0 if [ "$1" -eq "1" ];then yum install -y gcc-c++ pcre pcre-devel zlib zlib-devel openssl openssl-devel --setopt=protected_multilib=false; if [ $? -eq 0 ];then groupadd -g 888 www; useradd -g www www -s /sbin/nologin -u 888; tar zxvf $NGINX_FILE; cd $NGINX_FILE_DIR; if [ $? -eq 0 ];then ./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-stream_ssl_module --with-http_ssl_module --with-stream; if [ $? -eq 0 ];then make && make install; echo "\033[32m $NGINX_FILE_DIR install success \033[0m" if [ $? -eq 0 ];then cd ../ cp init.d.nginx /etc/init.d/nginx chmod 777 /etc/init.d/nginx sed -i '65,71s/#//' /usr/local/nginx/conf/nginx.conf sed -i '66s/html/\/var\/www\/html/' /usr/local/nginx/conf/nginx.conf sed -i 's/scripts$fastcgi_script_name/$document_root$fastcgi_script_name/g' /usr/local/nginx/conf/nginx.conf echo "\033[32m $NGINX_FILE_DIR install done \033[0m" else echo "\033[32m conf moddify failed \033[0m" fi else echo "\033[32m make install failed \033[0m" exit 0 fi else echo "\033[32m configure failed \033[0m" exit 0 fi fi fi
1.配置在http段针对全局 http{ limit_req_zone $binary_remote_addr zone=one:10m rate=2r/s; 单个IP每秒限制2个请求 limit_req zone=one burst=5 nodelay; 请求突刺5个,无延迟 limit_req_status 503; 限流返回状态码 }; 2. 配置在server段针对固定location http{ limit_req_zone $binary_remote_addr zone=one:10m rate=2r/s; 单个IP每秒限制2个请求 server { location /py { limit_req zone=one burst=5 nodelay; 请求突刺5个,无延迟 limit_req_log_level warn; 日志级别设置为warn limit_req_status 503; 限流返回状态码 } } };
http{ #限流并发 upstream node{ server 127.0.0.1:8080 max_conns=1; } } Server{ location /py { proxy_pass http://node/;注意:如果少了一个/ 会将请求转发到8080的/py路径下 } error_page 502 503 https://fund/b.html; 限流界面 }
需求后端无法上网,前端能上网,后端通过前端nginx反向代理访问
1、前端配置识别路径后转发(适合https转发) server{ listen 80; server_name localhost; location /centos { proxy_pass http://mirrors.163.com/centos/; } } 例子2: location ^~ /mp/ { #proxy_cache api_cache; proxy_set_header Host mp.weixin.qq.com; rewrite /mp/(.+)$ /$1 break; proxy_pass https://mp.weixin.qq.com; }
2、前端配置根据请求域名转发(适合http转发)
例子1: server{ listen 80; server_name mirrors.163.com; location /centos { proxy_pass http://mirrors.163.com; } }
无法访问数据库只能通过前端机器去访问,首先前端机器开启3306端口映射将请求直接转发到对应内网机器的3306端口。
#user nobody; worker_processes 1; stream{ proxy_timeout 30m; server{ listen 3306; proxy_pass 192.168.1.30:3306; } }
1、访问某个项目路径转发到后端对应端口 location ^~ /wxInterfaceFnt { proxy_pass http://192.168.3.196; proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } 2、访问php文件转发到对应的php解析 location ^~ /wxInterfaceFnt { root /var/www/html; fastcgi_pass 192.168.3.196:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /$document_root$fastcgi_script_name; include fastcgi_params; } 后端修改配置文件 php-fpm.conf 后端nginx listen = 127.0.0.1:9000 listen = 192.168.3.196:9000 location ~ \.php$ { root /var/www/html; fastcgi_pass 192.168.3.196:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /$document_root$fastcgi_script_name; include fastcgi_params; }
1、项目限制IP,同时允许的IP需要能够访问php location ^~ /jiaoyin_diaries_fnt/app/manage/ { allow 119.; allow 221.; allow 180.; allow 119.; deny all; location ~ \.php$ { root /var/www/html; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } }
需求:负载机器转发到前端的是内网请求,需要修改配置 服务器 A 的转发配置(负载) location ^~ /namesg/ { proxy_pass http://172.16.16.11; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; } 服务器 B 的 nginx.conf log 配置(前端) log_format my_format '$http_x_real_ip -' '$remote_addr- [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log logs/access.log my_format;
访问报错:
1\转发到php-fpm的请求提示file not found
Nginx配置 root /var/www/html;
ssl配置
ssl on;
ssl_certificate /usr/local/nginx/conf/sogood.crt;
ssl_certificate_key /usr/local/nginx/conf/sogood.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:-LOW:!aNULL:!eNULL;
ssl_prefer_server_ciphers on;
上传文件限制(Request Entity Too Large)
http { include mime.types; default_type application/octet-stream; include blacklist.conf; #文件上传大小,默认1M client_max_body_size 20m;
2\nginx
upstream sent too big header while reading response header from upstream
server{
proxy_buffer_size 64k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
}
3\nginx 出现504 Gateway Time-out的解决方法
转发到其他端口超时设置
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
php转发超时设置
keepalive_timeout 300;
fastcgi_connect_timeout 6000;
fastcgi_send_timeout 6000;
fastcgi_read_timeout 6000;
fastcgi_buffer_size 256k;
fastcgi_buffers 8 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
限流配置参考
https://www.jianshu.com/p/2cf3d9609af3
https://www.cnblogs.com/biglittleant/p/8979915.html
https://blog.csdn.net/qq_31226223/article/details/78766314
