Nginx初步配置
编辑
简介
Nginx ("engine x") 是一个轻量级,高性能的HTTP和反向代理服务器,也是一个IMAP/POP3/SMTP服务器。Nginx是由Igor Sysoev为俄罗斯访问量第二的Rambler.ru站点开发的,第一个公开版本0.1.0发布于2004年10月4日。其将源代码以类BSD许可证的形式发布,因它的稳定性、丰富的功能集、示例配置文件和低系统资源的消耗而闻名,其特点是占有内存少,并发能力强。
一个nginx.conf例子
这是官网上的一个配置,参照该配置,可以初步一窥nginx设置
user www www; # 运行nginx的用户及用户组
worker_processes 2; #启动的进程数
pid /var/run/nginx.pid; #pid文件位置
# [ debug | info | notice | warn | error | crit ]
error_log /var/log/nginx.error_log info; #日志存放及日志等级设置
events {
worker_connections 2000; #每个进程最大的连接数 默认1024
# use [ kqueue | rtsig | epoll | /dev/poll | select | poll ] ;
use kqueue; #使用的处理机制 epoll可以容纳更多请求
}
http {
include conf/mime.types; # 加载mime
default_type application/octet-stream; #默认文件类型
log_format main '$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$gzip_ratio"'; #设置日志格式
log_format download '$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$http_range" "$sent_http_content_range"';
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
client_header_buffer_size 1k;
large_client_header_buffers 4 4k;
gzip on;
gzip_min_length 1100;
gzip_buffers 4 8k;
gzip_types text/plain; #设置压缩
output_buffers 1 32k;
postpone_output 1460;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
send_lowat 12000;
keepalive_timeout 75 20;
# lingering_time 30;
# lingering_timeout 10;
# reset_timedout_connection on;
server { #server段
listen one.example.com;
server_name one.example.com www.one.example.com;
access_log /var/log/nginx.access_log main;
location / { #location段
proxy_pass http://127.0.0.1/; #设置代理
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
client_body_temp_path /var/nginx/client_body_temp;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_send_lowat 12000;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_temp_path /var/nginx/proxy_temp;
charset koi8-r;
}
error_page 404 /404.html; #定义404页面
location /404.html {
root /spool/www;
charset on;
source_charset koi8-r;
}
location /old_stuff/ {
rewrite ^/old_stuff/(.*)$ /new_stuff/$1 permanent; #rewrite重定向
}
location /download/ {
valid_referers none blocked server_names *.example.com;
if ($invalid_referer) { #if判断条件
#rewrite ^/ http://www.example.com/;
return 403;
}
# rewrite_log on;
# rewrite /download/*/mp3/*.any_ext to /download/*/mp3/*.mp3
rewrite ^/(download/.*)/mp3/(.*)\..*$ /$1/mp3/$2.mp3 break;
root /spool/www;
# autoindex on;
access_log /var/log/nginx-download.access_log download;
}
location ~* ^.+\.(jpg|jpeg|gif)$ { #为静态资源设置缓存
root /spool/www;
access_log off;
expires 30d;
}
}
}
负载均衡
http {
upstream myproject {
server 127.0.0.1:8000 weight=3;
server 127.0.0.1:8001;
server 127.0.0.1:8002;
server 127.0.0.1:8003;
}
server {
listen 80;
server_name www.domain.com;
location / {
proxy_pass http://myproject;
}
}
}
反向代理及缓存
http {
proxy_cache_path /data/nginx/cache levels=1:2 keys_zone=STATIC:10m
inactive=24h max_size=1g;
server {
location / {
proxy_pass http://1.2.3.4;
proxy_set_header Host $host;
proxy_cache STATIC;
proxy_cache_valid 200 1d;
proxy_cache_use_stale error timeout invalid_header updating
http_500 http_502 http_503 http_504;
}
}
}
重定向
http {
server {
listen 80;
server_name www.domain.com;
return 301 https://www.domain.com$request_uri;
}
}
反向代理某G
server {
listen 443 ssl http2;
server_name google.domain.com;
root /usr/share/nginx/html;
index index.html index.htm;
ssl on;
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/letsencrypt/dhparams.pem;
location / {
proxy_pass https://www.replace.com/;
}
}
http/2支持
http/2 至少需nginx 1.9版本以上, 编译时openssl版本建议也使用比较高版本不低于 1.0.2
补充链接: https://www.zybuluo.com/phper/note/89391
将可能用到的第三方http请求进行反响代理
location ~ "^/proxy/(.*)$" {
resolver 8.8.8.8;
proxy_pass http://$1;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
expires 7d;
}
add a fallback to my proxy in nginx
https://serverfault.com/questions/765483/how-to-add-a-fallback-to-my-proxy-in-nginx
server {
listen 8080;
server_name mydomain;
access_log /log/path/logging.log;
error_page 400 401 402 403 404 405 500 501 502 503 504 @error_page;
location @error_page {
root /var/www/html/;
rewrite ^ https://domain.com/error/index.html;
break;
}
location / {
proxy_redirect off;
proxy_pass_header Server;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_connect_timeout 5;
proxy_read_timeout 240;
proxy_intercept_errors on;
proxy_pass http://127.0.0.1:1337;
}
}
This will redirect all traffic from maindomain:8080 to https://domain.com/error/index.html if the service on http://127.0.0.1:1337 is unavailable(all errors).
