nginx 配置管理 - 简单也复杂
由于涉及到h5与后端交互,跨域问题,所以公司的开放测试服务器让我们自己搞nginx。顺便提升一下nginx的实践。
nginx的安装,没什么难度了,百度一堆,如果源码安装就一步步来吧。(最简单的方式:yum install nginx (centos), apt-get install nginx(ubuntu))
nginx.conf,作为最外层的配置文件,主要设置一些基础的配置就好了,如内存配置,日志格式配置,线程配置等,最后使用一个include conf.d/* 将其他配置文件包含进来即可。
【nginx.conf 基础配置】
user nginx; worker_processes auto; error_log /data/var/log/nginx/error.log debug; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } # load modules compiled as Dynamic Shared Object (DSO) # #dso { # load ngx_http_fastcgi_module.so; # load ngx_http_rewrite_module.so; #} http { include mime.types; default_type application/octet-stream; autoindex off; server_tokens off; server_names_hash_bucket_size 128; client_header_buffer_size 32k; large_client_header_buffers 4 32k; client_max_body_size 20m; client_body_buffer_size 256k; sendfile on; tcp_nopush on; keepalive_timeout 60; tcp_nodelay on; fastcgi_connect_timeout 300; fastcgi_send_timeout 300; fastcgi_read_timeout 300; fastcgi_buffer_size 128k; fastcgi_buffers 32 256k; fastcgi_busy_buffers_size 256k; fastcgi_temp_file_write_size 256k; gzip on; gzip_disable "msie6"; gzip_vary on; gzip_comp_level 2; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.1; gzip_types text/plain application/x-javascript text/css application/xml application/javascript; log_format main '$request_time $upstream_response_time $remote_addr - $upstream_addr [$time_local] ' '"$host" "$request" $status $bytes_sent ' '"$http_referer" "$http_user_agent" "$gzip_ratio" "$http_x_forwarded_for" - "$server_addr" '; access_log /data/var/log/nginx/access.log main; include conf.d/*.conf; }
【conf.d/*, 具体的域名配置,http://】
upstream 3ctest_x123_com { server 192.168.1.103:81; keepalive 8; } upstream mytest_x123_com { server 192.168.1.103:80; keepalive 8; } upstream 3capi_x123_com { server 192.168.1.103:9002; keepalive 8; } upstream yhapi_x123_com { server 192.168.1.103:8089; keepalive 8; } server { listen 80; server_name 3ctest.x123.com; location / { proxy_pass http://3ctest_x123_com; proxy_set_header Host $host; proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 60; proxy_read_timeout 600; proxy_send_timeout 600; } } server { listen 80; server_name mytest.x123.com; location / { proxy_pass http://mytest_x123_com; proxy_set_header Host $host; proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 60; proxy_read_timeout 600; proxy_send_timeout 600; } } server { listen 80; server_name 3capi.x123.com; location / { proxy_pass http://3capi_x123_com; proxy_set_header Host $host; proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 60; proxy_read_timeout 600; proxy_send_timeout 600; } } server { listen 80; server_name yhapi.x123.com; location / { proxy_pass http://yhapi_x123_com; proxy_set_header Host $host; proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 60; proxy_read_timeout 600; proxy_send_timeout 600; } } server { listen 80; server_name 192.168.1.22; location / { proxy_pass http://192.168.1.22; proxy_set_header Host $host; proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 60; proxy_read_timeout 600; proxy_send_timeout 600; } } upstream 192.168.1.22 { server 192.168.1.22:88; keepalive 8; }
【Https:// 配置】
server { listen 443 ssl; server_name wx.mysite1.com; ssl on; ssl_certificate /etc/nginx/conf.d/ssl/mysite1.crt; ssl_certificate_key /etc/nginx/conf.d/ssl/mysite1.key; ssl_session_cache shared:SSL:200m; ssl_session_timeout 20m; ssl_prefer_server_ciphers on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; location / { #proxy_set_header Host $http_host; #proxy_set_header Host $http_host; #proxy_set_header X-Forwarded-For $remote_addr; # online #proxy_redirect http://192.168.1.22/ http://$http_host/; #proxy_pass http://shmc.mysite1.com; #proxy_pass http://192.168.1.22/; #index index.html; #root /data/www/; # if ( $cookie_COOKIE ~* "(.*)$") { # set $all_cookie $1; # } # proxy_set_header Cookie "$http_cookie; node_id=018"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; add_header Access-Control-Allow-Origin *; proxy_pass http://192.168.1.22; proxy_redirect off; } } server { listen 80; server_name wx.mysite1.com; location / { proxy_set_header Host $host; # online #proxy_redirect http://192.168.1.22/ http://$http_host/; #proxy_pass http://shmc.mysite1.com; proxy_pass http://192.168.1.22/; #index index.html; #root /data/www/; } }
如上参考,应该可以解决大部分配置情况。
需要注意的是,nginx作为反向代理服务器,很多变量需要作特别转发,如ip地址,有问题可以先查看日志,如果语法错误,则不会被保存,这个比较好!
nginx作为负载均衡的重要软件,略加掌握总归是好的吧。
其实也不难,但是没有实战的谈话总是显得苍白无力!要做到好也不简单,一个简单的优化,可以让你的用户体验更好,服务器利用率更高,有得搞!
勉励吧诸君!
不要害怕今日的苦,你要相信明天,更苦!