- 浏览: 565371 次
- 性别:
- 来自: 北京
文章分类
- 全部博客 (267)
- 随笔 (4)
- Spring (13)
- Java (61)
- HTTP (3)
- Windows (1)
- CI(Continuous Integration) (3)
- Dozer (1)
- Apache (11)
- DB (7)
- Architecture (41)
- Design Patterns (11)
- Test (5)
- Agile (1)
- ORM (3)
- PMP (2)
- ESB (2)
- Maven (5)
- IDE (1)
- Camel (1)
- Webservice (3)
- MySQL (6)
- CentOS (14)
- Linux (19)
- BI (3)
- RPC (2)
- Cluster (9)
- NoSQL (7)
- Oracle (25)
- Loadbalance (7)
- Web (5)
- tomcat (1)
- freemarker (1)
- 制造 (0)
最新评论
-
panamera:
如果设置了连接需要密码,Dynamic Broker-Clus ...
ActiveMQ 集群配置 -
panamera:
请问你的最后一种模式Broker-C节点是不是应该也要修改持久 ...
ActiveMQ 集群配置 -
maosheng:
longshao_feng 写道楼主使用 文件共享 模式的ma ...
ActiveMQ 集群配置 -
longshao_feng:
楼主使用 文件共享 模式的master-slave,produ ...
ActiveMQ 集群配置 -
tanglanwen:
感触很深,必定谨记!
少走弯路的十条忠告
Nginx 配置详解
- 博客分类:
- Loadbalance
## 定义Nginx运行的用户和用户组,如果用户组省略,用户组名默认为用户名
## Syntax:user user [group];
## Default:user nobody nobody;
## Context:main
user nginx ngnix;
## nginx进程数,建议设置为等于CPU总核心数,
## The auto parameter is supported starting from versions 1.3.8 and 1.2.5.
## Syntax:worker_processes number | auto;
## Default:worker_processes 1;
## Context:main
worker_processes 4;
## 全局错误日志定义类型,
## log level: [debug | info | notice | warn | error | crit | alert | emerg]
## Syntax:error_log file | stderr | syslog:server=address[,parameter=value]|
## memory:size [debug | info | notice | warn | error | crit | alert | emerg];
## Default:error_log logs/error.log error;
## Context:main, http, stream, server, location
#error_log logs/error.log;
#error_log logs/error.log notice;
error_log logs/error.log info;
## 进程文件
## Syntax:pid file;
## Default:pid nginx.pid;
## Context:main
pid logs/nginx.pid;
## 一个nginx进程打开的最多文件描述符数目,理论值应该是最多打开文件数
##(系统的值ulimit -n)与nginx进程数相除,但是nginx分配请求并不均匀,
## 所以建议与ulimit -n的值保持一致。
## Syntax:worker_rlimit_nofile number;
## Default:—
## Context:main
worker_rlimit_nofile 65535;
## 工作模式与连接数上限
## Syntax:events { ... }
## Default:—
## Context:main
events {
## 参考事件模型,use [ kqueue | rtsig | epoll | /dev/poll | select | poll ];
## epoll模型是Linux 2.6以上版本内核中的高性能网络I/O模型,
## 如果跑在FreeBSD上面,就用kqueue模型。
## Syntax:use method;
## Default:—
## Context:events
use epoll;
## 单个进程最大连接数(最大连接数=连接数*进程数)
## Syntax:worker_connections number;
## Default:worker_connections 512;
## Context:events
worker_connections 20000;
}
## 设定http服务器
## Syntax:http { ... }
## Default:—
## Context:main
http {
## Includes another file, or files matching the specified mask,
## into configuration. Included files should consist of syntactically correct
## directives and blocks.
## Syntax: include file | mask;
## Default:—
## Context:any
include mime.types;
## 定义响应的默认MIME类型
## Syntax: default_type mime-type;
## Default:default_type text/plain;
## Context:http, server, location
default_type application/octet-stream;
## 指定响应头信息域Content-Type的编码格式
## If this charset is different from the charset specified in the
## source_charset directive, a conversion is performed.
## The parameter off cancels the addition of charset to
## the “Content-Type” response header field.
## Syntax:charset charset | off;
## Default:charset off;
## Context:http, server, location, if in location
charset utf-8;
## 服务器名字的hash表大小
## Sets the bucket size for the server names hash tables.
## The default value depends on the size of the processor’s cache line
## Syntax: server_names_hash_bucket_size size;
## Default:server_names_hash_bucket_size 32|64|128;
## Context:http
server_names_hash_bucket_size 128;
##设置读客户端请求头信息的缓存大小
## Sets buffer size for reading client request header. For most requests,
## a buffer of 1K bytes is enough. However, if a request includes long
## cookies, or comes from a WAP client, it may not fit into 1K.
## If a request line or a request header field does not fit into this buffer
## then larger buffers
## Syntax: client_header_buffer_size size;
## Default:client_header_buffer_size 1k;
## Context:http, server
client_header_buffer_size 32k;
## 设置读大的客户端请求头信息的缓存的最大个数和缓存的大小
## Sets the maximum number and size of buffers used for reading large
## client request header. A request line cannot exceed the size of one buffer,
## or the 414 (Request-URI Too Large) error is returned to the client. A
## request header field cannot exceed the size of one buffer as well,
## or the 400 (Bad Request) error is returned to the client. Buffers are
## allocated only on demand. By default, the buffer size is equal to 8K bytes.
## If after the end of request processing a connection is transitioned into
## the keep-alive state, these buffers are released.
## Syntax: large_client_header_buffers number size;
## Default: large_client_header_buffers 4 8k;
## Context: http, server
large_client_header_buffers 4 64k;
## 设置客户端请求报文体的最大允许值,设置size为0,不检查客户端请求报文体的大小
## Sets the maximum allowed size of the client request body, specified in the
## “Content-Length” request header field. If the size in a request exceeds
## the configured value, the 413 (Request Entity Too Large) error is returned
## to the client. Please be aware that browsers cannot correctly display
## this error.
## Syntax: client_max_body_size size;
## Default: client_max_body_size 1m;
## Context: http, server, location
client_max_body_size 8m;
## 日志格式设定
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
## 定义本虚拟主机的访问日志
access_log logs/access.log main;
## 开启高效文件传输模式,sendfile指令指定nginx是否调用sendfile函数来输出文件,
## 对于普通应用设为 on,如果用来进行下载等应用磁盘IO重负载应用,可设置为off,
## 以平衡磁盘与网络I/O处理速度,降低系统的负载。
## 注意:如果图片显示不正常把这个改成off。
## Enables or disables the use of sendfile().
## Syntax:sendfile on | off;
## Default:sendfile off;
## Context:http, server, location, if in location
sendfile on;
## 开启目录列表访问,合适下载服务器,默认关闭。
## Enables or disables the directory listing output.
## Syntax: autoindex on | off;
## Default: autoindex off;
## Context: http, server, location
autoindex on;
## 防止网络阻塞,这个选项仅当sendfile开启时才生效
## Syntax: tcp_nopush on | off;
## Default: tcp_nopush off;
## Context: http, server, location
## Enables or disables the use of the TCP_NOPUSH socket option on FreeBSD or
## the TCP_CORK socket option on Linux.
tcp_nopush on;
## 防止网络阻塞
## Enables or disables the use of the TCP_NODELAY option. The option is
## enabled only when a connection is transitioned into the keep-alive state.
## Syntax: tcp_nodelay on | off;
## Default: tcp_nodelay on;
## Context: http, server, location
tcp_nodelay on;
## 长连接超时时间,单位是秒
## The first parameter sets a timeout during which a keep-alive client
## connection will stay open on the server side. The zero value disables
## keep-alive client connections. The optional second parameter sets a value
## in the “Keep-Alive: timeout=time” response header field.
## Two parameters may differ.
## The “Keep-Alive: timeout=time” header field is recognized by Mozilla and
## Konqueror. MSIE closes keep-alive connections by itself in
## about 60 seconds.
## Syntax: keepalive_timeout timeout [header_timeout];
## Default: keepalive_timeout 75s;
## Context: http, server, location
keepalive_timeout 120;
#gzip模块设置
## 开启或关闭gzip压缩输出
## Enables or disables gzipping of responses.
## Syntax: gzip on | off;
## Default: gzip off;
## Context: http, server, location, if in location
gzip on;
## 最小压缩文件大小
## Sets the minimum length of a response that will be gzipped.
## The length is determined only from the “Content-Length”
## response header field.
## Syntax: gzip_min_length length;
## Default: gzip_min_length 20;
## Context: http, server, location
gzip_min_length 1k;
## 压缩缓冲区个数和大小设置
## Sets the number and size of buffers used to compress a response.
## By default, the buffer size is equal to one memory page.
## This is either 4K or 8K, depending on a platform.
## Syntax: gzip_buffers number size;
## Default: gzip_buffers 32 4k|16 8k;
## Context: http, server, location
gzip_buffers 4 16k;
## 压缩的HTTP版本(默认1.1,前端如果是squid2.5请使用1.0)
## Sets the minimum HTTP version of a request required to compress a response.
## Syntax: gzip_http_version 1.0 | 1.1;
## Default: gzip_http_version 1.1;
## Context: http, server, location
gzip_http_version 1.0;
## 压缩等级
## Sets a gzip compression level of a response. Acceptable values are in
## the range from 1 to 9.
## Syntax: gzip_comp_level level;
## Default: gzip_comp_level 1;
## Context: http, server, location
gzip_comp_level 2;
## 压缩类型,默认就已经包含text/html,所以下面就不用再写了,
## 写上去也不会有问题,但是会有一个warn。
## Enables gzipping of responses for the specified MIME types in addition to
## “text/html”. The special value “*” matches any MIME type (0.8.29).
## Responses with the “text/html” type are always compressed.
## Syntax: gzip_types mime-type ...;
## Default: gzip_types text/html;
## Context: http, server, location
gzip_types text/plain application/x-javascript text/css application/xml;
## Enables or disables inserting the “Vary: Accept-Encoding”
## response header field if the directives gzip, gzip_static, or gunzip are active.
## Syntax: gzip_vary on | off;
## Default: gzip_vary off;
## Context: http, server, location
gzip_vary on;
## Defines a group of servers. Servers can listen on different ports.
## In addition, servers listening on TCP and UNIX-domain sockets can be mixed.
## Example:
## upstream backend {
## server backend1.example.com weight=5;
## server 127.0.0.1:8080 max_fails=3 fail_timeout=30s;
## server unix:/tmp/backend3;
## server backup1.example.com backup;
## }
## By default, requests are distributed between the servers using a weighted
## round-robin balancing method. In the above example, each 7 requests will be
## distributed as follows: 5 requests go to backend1.example.com and one
## request to each of the second and third servers. If an error occurs during
## communication with a server, the request will be passed to the next server,
## and so on until all of the functioning servers will be tried. If a
## successful response could not be obtained from any of the servers, the
## client will receive the result of the communication with the last server.
## Syntax: upstream name { ... }
## Default: —
## Context: http
upstream localhost {
## Defines the address and other parameters of a server. The address can
## be specified as a domain name or IP address, with an optional port,
## or as a UNIX-domain socket path specified after the “unix:” prefix.
## If a port is not specified, the port 80 is used. A domain name that
## resolves to several IP addresses defines multiple servers at once.
## The following parameters can be defined:
## weight=number
## sets the weight of the server, by default, 1.
## weight是权重,可以根据机器配置定义权重。
## weigth参数表示权值,权值越高被分配到的几率越大
## max_fails=number
## sets the number of unsuccessful attempts to communicate
## with the server that should happen in the duration set by
## the fail_timeout parameter to consider the server
## unavailable for a duration also set by the fail_timeout
## parameter. By default, the number of unsuccessful attempts
## is set to 1. The zero value disables the accounting of
## attempts. What is considered an unsuccessful attempt is
## defined by the proxy_next_upstream, fastcgi_next_upstream,
## uwsgi_next_upstream, scgi_next_upstream,
## and memcached_next_upstream directives.
## fail_timeout=time
## sets
## the time during which the specified number of
## unsuccessful attempts to communicate with the server
## should happen to consider the server unavailable;
## and the period of time the server will be considered
## unavailable.By default, the parameter is set to 10 seconds.
## backup
## marks the server as a backup server. It will be passed
## requests when the primary servers are unavailable.
## down
## marks the server as permanently unavailable.
## Syntax:server address [parameters];
## Default:—
## Context:upstream
server 192.168.80.121:8080 weight=3;
server 192.168.80.122:8080 weight=2;
server 192.168.80.123:8080 weight=3;
}
## 虚拟主机的配置
## Sets configuration for a virtual server. There is no clear separation
## between IP-based (based on the IP address) and name-based
## (based on the “Host” request header field) virtual servers.
## Instead, the listen directives describe all addresses and ports that
## should accept connections for the server, and the server_name directive
## lists all server names.
## Syntax: server { ... }
## Default: —
## Context: http
server {
## 监听端口
##Syntax: listen address[:port] [default_server] [ssl] [spdy]
## [proxy_protocol] [setfib=number] [fastopen=number]
## [backlog=number] [rcvbuf=size] [sndbuf=size]
## [accept_filter=filter] [deferred] [bind] [ipv6only=on|off]
## [so_keepalive=on|off|[keepidle]:[keepintvl]:[keepcnt]];
## listen port [default_server] [ssl] [spdy]
## [proxy_protocol]
## [setfib=number] [fastopen=number] [backlog=number] [rcvbuf=size]
## [sndbuf=size] [accept_filter=filter] [deferred] [bind]
## [ipv6only=on|off] [so_keepalive=on|off|[keepidle]:[keepintvl]:
## [keepcnt]];
## listen unix:path [default_server] [ssl] [spdy]
## [proxy_protocol] [backlog=number] [rcvbuf=size] [sndbuf=size]
## [accept_filter=filter] [deferred] [bind] [so_keepalive=on|off|
## [keepidle]:[keepintvl]:[keepcnt]];
##Default:listen *:80 | *:8000;
##Context:server
##Sets the address and port for IP, or the path for a UNIX-domain socket
##on which the server will accept requests. Both address and port, or only
##address or only port can be specified.
##If only address is given, the port 80 is used
listen 8080;
## Sets names of a virtual server,域名可以有多个,用空格隔开
## Syntax:server_name name ...;
## Default:server_name "";
## Context:server
##The first name becomes the primary server name.
server_name example.com www.example.com;
## Defines files that will be used as an index
## Syntax:index file ...;
## Default:index index.html;
## Context:http, server, location
index index.html index.htm
##Sets the root directory for requests.
##Syntax:root path;
##Default:root html;
##Context:http, server, location, if in location
##For example, with the following configuration
## location /i/ {
## root /data/w3;
## }
## The /data/w3/i/top.gif file will be sent in response to the
## “/i/top.gif” request.
## The path value can contain variables, except $document_root
## and $realpath_root.
## A path to the file is constructed by merely adding a URI to
## the value of the root directive.
root /data0/htdocs
##Sets configuration depending on a request URI
##Syntax:location [ = | ~ | ~* | ^~ ] uri { ... }
## location @name { ... }
##Default: —
##Context:server, location
##A location can either be defined by a prefix string, or by a regular
##expression. Regular expressions are specified with the preceding “~*”
##modifier (for case-insensitive matching), or the “~” modifier (for
##case-sensitive matching). To find location matching a given request,
##nginx first checks locations defined using the prefix strings (prefix
##locations). Among them, the location with the longest matching prefix is
##selected and remembered. Then regular expressions are checked, in the
##order of their appearance in the configuration file. The search of
##regular expressions terminates on the first match, and the corresponding
##configuration is used. If no match with a regular expression is found
##then the configuration of the prefix location remembered earlier
##is used.
##Let’s illustrate the above by an example:
## location = / {
## [ configuration A ]
## }
## location / {
## [ configuration B ]
## }
## location /documents/ {
## [ configuration C ]
## }
## location ^~ /images/ {
## [ configuration D ]
## }
## location ~* \.(gif|jpg|jpeg)$ {
## [ configuration E ]
## }
## The “/” request will match configuration A, the “/index.html”
## request will match configuration B, the “/documents/document.html”
## request will match configuration C, the “/images/1.gif” request will
## match configuration D, and the “/documents/1.jpg” request will
## match configuration E.
## 对 "/" 启用反向代理
location / {
##后端的Web服务器可以通过X-Forwarded-For获取用户真实IP
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
##以下是一些反向代理的配置,可选。
proxy_set_header Host $host:8080;
proxy_redirect off;
##允许客户端请求的最大单文件字节数
client_max_body_size 10m;
##缓冲区代理缓冲用户端请求的最大字节数
client_body_buffer_size 128k;
##nginx跟后端服务器连接超时时间(代理连接超时)
proxy_connect_timeout 90;
##后端服务器数据回传时间(代理发送超时)
proxy_send_timeout 90;
##连接成功后,后端服务器响应时间(代理接收超时)
proxy_read_timeout 90;
##设置代理服务器(nginx)保存用户头信息的缓冲区大小
proxy_buffer_size 4k;
##proxy_buffers缓冲区,网页平均在32k以下的设置
proxy_buffers 4 32k;
##高负荷下缓冲大小(proxy_buffers*2)
proxy_busy_buffers_size 64k;
##设定缓存文件夹大小,大于这个值,将从upstream服务器传
proxy_temp_file_write_size 64k;
## Sets the address of a proxied server
## Syntax: proxy_pass address;
## Default: —
## Context: server
proxy_pass http://localhost;
}
##本地动静分离反向代理配置
##所有jsp的页面均交由tomcat或glassfish处理
location ~ .(jsp|jspx|do)?$ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080;
}
##所有静态文件由nginx直接读取不经过tomcat或glassfish
##图片缓存时间设置
location ~ .*.(htm|html|gif|jpg|jpeg|png|bmp|swf|ioc|rar|zip|txt|flv|mid|doc|ppt|pdf|xls|mp3|wma)$
{
expires 15d;
}
##JS和CSS缓存时间设置
location ~ .*.(js|css)?$
{
expires 1h;
}
##Syntax:error_page code ... [=[response]] uri;
##Default:—
##Context:http, server, location, if in location
## Defines the URI that will be shown for the specified errors. error_page
## directives are inherited from the previous level only if there are no
## error_page directives defined on the current level. A uri value can
## contain variables.
## Example:
## error_page 404 /404.html;
## error_page 500 502 503 504 /50x.html;
## Furthermore, it is possible to change the response code to another
## using the “=response” syntax, for example:
## error_page 404 =200 /empty.gif;
#error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
##redirect server error pages to the static page /50x.html
location = /50x.html {
root html;
}
##设定查看Nginx状态的地址
location /NginxStatus {
stub_status on;
access_log on;
auth_basic "NginxStatus";
auth_basic_user_file conf/htpasswd;
#htpasswd文件的内容可以用apache提供的htpasswd工具来产生。
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
# }
}
更详细的模块参数请参考: http://nginx.org/en/docs/dirindex.html
配置完成后,检查一下nginx配置文件是否可用,有successful表示可用。
$ nginx -t // 检查nginx配置文件
配置正确后,重新加载配置文件使配置生效:
$ nginx -s reload // 使配置生效
nginx配置https访问
server {
listen 443;
server_name bjubi.com; // 你的域名
client_max_body_size 30m;
ssl on;
ssl_certificate cert/214292799730473.crt;// 改成你的证书的名字
ssl_certificate_key cert/214292799730473.key;// 你的证书的名字
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_session_timeout 10m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 sslv3;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://120.22.85.211:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_max_temp_file_size 512m;
}
}
server {
listen 80;
server_name bjubi.com;// 你的域名
rewrite ^(.*)$ https://$host$1 permanent;// 把http的域名请求转成https
}
## Syntax:user user [group];
## Default:user nobody nobody;
## Context:main
user nginx ngnix;
## nginx进程数,建议设置为等于CPU总核心数,
## The auto parameter is supported starting from versions 1.3.8 and 1.2.5.
## Syntax:worker_processes number | auto;
## Default:worker_processes 1;
## Context:main
worker_processes 4;
## 全局错误日志定义类型,
## log level: [debug | info | notice | warn | error | crit | alert | emerg]
## Syntax:error_log file | stderr | syslog:server=address[,parameter=value]|
## memory:size [debug | info | notice | warn | error | crit | alert | emerg];
## Default:error_log logs/error.log error;
## Context:main, http, stream, server, location
#error_log logs/error.log;
#error_log logs/error.log notice;
error_log logs/error.log info;
## 进程文件
## Syntax:pid file;
## Default:pid nginx.pid;
## Context:main
pid logs/nginx.pid;
## 一个nginx进程打开的最多文件描述符数目,理论值应该是最多打开文件数
##(系统的值ulimit -n)与nginx进程数相除,但是nginx分配请求并不均匀,
## 所以建议与ulimit -n的值保持一致。
## Syntax:worker_rlimit_nofile number;
## Default:—
## Context:main
worker_rlimit_nofile 65535;
## 工作模式与连接数上限
## Syntax:events { ... }
## Default:—
## Context:main
events {
## 参考事件模型,use [ kqueue | rtsig | epoll | /dev/poll | select | poll ];
## epoll模型是Linux 2.6以上版本内核中的高性能网络I/O模型,
## 如果跑在FreeBSD上面,就用kqueue模型。
## Syntax:use method;
## Default:—
## Context:events
use epoll;
## 单个进程最大连接数(最大连接数=连接数*进程数)
## Syntax:worker_connections number;
## Default:worker_connections 512;
## Context:events
worker_connections 20000;
}
## 设定http服务器
## Syntax:http { ... }
## Default:—
## Context:main
http {
## Includes another file, or files matching the specified mask,
## into configuration. Included files should consist of syntactically correct
## directives and blocks.
## Syntax: include file | mask;
## Default:—
## Context:any
include mime.types;
## 定义响应的默认MIME类型
## Syntax: default_type mime-type;
## Default:default_type text/plain;
## Context:http, server, location
default_type application/octet-stream;
## 指定响应头信息域Content-Type的编码格式
## If this charset is different from the charset specified in the
## source_charset directive, a conversion is performed.
## The parameter off cancels the addition of charset to
## the “Content-Type” response header field.
## Syntax:charset charset | off;
## Default:charset off;
## Context:http, server, location, if in location
charset utf-8;
## 服务器名字的hash表大小
## Sets the bucket size for the server names hash tables.
## The default value depends on the size of the processor’s cache line
## Syntax: server_names_hash_bucket_size size;
## Default:server_names_hash_bucket_size 32|64|128;
## Context:http
server_names_hash_bucket_size 128;
##设置读客户端请求头信息的缓存大小
## Sets buffer size for reading client request header. For most requests,
## a buffer of 1K bytes is enough. However, if a request includes long
## cookies, or comes from a WAP client, it may not fit into 1K.
## If a request line or a request header field does not fit into this buffer
## then larger buffers
## Syntax: client_header_buffer_size size;
## Default:client_header_buffer_size 1k;
## Context:http, server
client_header_buffer_size 32k;
## 设置读大的客户端请求头信息的缓存的最大个数和缓存的大小
## Sets the maximum number and size of buffers used for reading large
## client request header. A request line cannot exceed the size of one buffer,
## or the 414 (Request-URI Too Large) error is returned to the client. A
## request header field cannot exceed the size of one buffer as well,
## or the 400 (Bad Request) error is returned to the client. Buffers are
## allocated only on demand. By default, the buffer size is equal to 8K bytes.
## If after the end of request processing a connection is transitioned into
## the keep-alive state, these buffers are released.
## Syntax: large_client_header_buffers number size;
## Default: large_client_header_buffers 4 8k;
## Context: http, server
large_client_header_buffers 4 64k;
## 设置客户端请求报文体的最大允许值,设置size为0,不检查客户端请求报文体的大小
## Sets the maximum allowed size of the client request body, specified in the
## “Content-Length” request header field. If the size in a request exceeds
## the configured value, the 413 (Request Entity Too Large) error is returned
## to the client. Please be aware that browsers cannot correctly display
## this error.
## Syntax: client_max_body_size size;
## Default: client_max_body_size 1m;
## Context: http, server, location
client_max_body_size 8m;
## 日志格式设定
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
## 定义本虚拟主机的访问日志
access_log logs/access.log main;
## 开启高效文件传输模式,sendfile指令指定nginx是否调用sendfile函数来输出文件,
## 对于普通应用设为 on,如果用来进行下载等应用磁盘IO重负载应用,可设置为off,
## 以平衡磁盘与网络I/O处理速度,降低系统的负载。
## 注意:如果图片显示不正常把这个改成off。
## Enables or disables the use of sendfile().
## Syntax:sendfile on | off;
## Default:sendfile off;
## Context:http, server, location, if in location
sendfile on;
## 开启目录列表访问,合适下载服务器,默认关闭。
## Enables or disables the directory listing output.
## Syntax: autoindex on | off;
## Default: autoindex off;
## Context: http, server, location
autoindex on;
## 防止网络阻塞,这个选项仅当sendfile开启时才生效
## Syntax: tcp_nopush on | off;
## Default: tcp_nopush off;
## Context: http, server, location
## Enables or disables the use of the TCP_NOPUSH socket option on FreeBSD or
## the TCP_CORK socket option on Linux.
tcp_nopush on;
## 防止网络阻塞
## Enables or disables the use of the TCP_NODELAY option. The option is
## enabled only when a connection is transitioned into the keep-alive state.
## Syntax: tcp_nodelay on | off;
## Default: tcp_nodelay on;
## Context: http, server, location
tcp_nodelay on;
## 长连接超时时间,单位是秒
## The first parameter sets a timeout during which a keep-alive client
## connection will stay open on the server side. The zero value disables
## keep-alive client connections. The optional second parameter sets a value
## in the “Keep-Alive: timeout=time” response header field.
## Two parameters may differ.
## The “Keep-Alive: timeout=time” header field is recognized by Mozilla and
## Konqueror. MSIE closes keep-alive connections by itself in
## about 60 seconds.
## Syntax: keepalive_timeout timeout [header_timeout];
## Default: keepalive_timeout 75s;
## Context: http, server, location
keepalive_timeout 120;
#gzip模块设置
## 开启或关闭gzip压缩输出
## Enables or disables gzipping of responses.
## Syntax: gzip on | off;
## Default: gzip off;
## Context: http, server, location, if in location
gzip on;
## 最小压缩文件大小
## Sets the minimum length of a response that will be gzipped.
## The length is determined only from the “Content-Length”
## response header field.
## Syntax: gzip_min_length length;
## Default: gzip_min_length 20;
## Context: http, server, location
gzip_min_length 1k;
## 压缩缓冲区个数和大小设置
## Sets the number and size of buffers used to compress a response.
## By default, the buffer size is equal to one memory page.
## This is either 4K or 8K, depending on a platform.
## Syntax: gzip_buffers number size;
## Default: gzip_buffers 32 4k|16 8k;
## Context: http, server, location
gzip_buffers 4 16k;
## 压缩的HTTP版本(默认1.1,前端如果是squid2.5请使用1.0)
## Sets the minimum HTTP version of a request required to compress a response.
## Syntax: gzip_http_version 1.0 | 1.1;
## Default: gzip_http_version 1.1;
## Context: http, server, location
gzip_http_version 1.0;
## 压缩等级
## Sets a gzip compression level of a response. Acceptable values are in
## the range from 1 to 9.
## Syntax: gzip_comp_level level;
## Default: gzip_comp_level 1;
## Context: http, server, location
gzip_comp_level 2;
## 压缩类型,默认就已经包含text/html,所以下面就不用再写了,
## 写上去也不会有问题,但是会有一个warn。
## Enables gzipping of responses for the specified MIME types in addition to
## “text/html”. The special value “*” matches any MIME type (0.8.29).
## Responses with the “text/html” type are always compressed.
## Syntax: gzip_types mime-type ...;
## Default: gzip_types text/html;
## Context: http, server, location
gzip_types text/plain application/x-javascript text/css application/xml;
## Enables or disables inserting the “Vary: Accept-Encoding”
## response header field if the directives gzip, gzip_static, or gunzip are active.
## Syntax: gzip_vary on | off;
## Default: gzip_vary off;
## Context: http, server, location
gzip_vary on;
## Defines a group of servers. Servers can listen on different ports.
## In addition, servers listening on TCP and UNIX-domain sockets can be mixed.
## Example:
## upstream backend {
## server backend1.example.com weight=5;
## server 127.0.0.1:8080 max_fails=3 fail_timeout=30s;
## server unix:/tmp/backend3;
## server backup1.example.com backup;
## }
## By default, requests are distributed between the servers using a weighted
## round-robin balancing method. In the above example, each 7 requests will be
## distributed as follows: 5 requests go to backend1.example.com and one
## request to each of the second and third servers. If an error occurs during
## communication with a server, the request will be passed to the next server,
## and so on until all of the functioning servers will be tried. If a
## successful response could not be obtained from any of the servers, the
## client will receive the result of the communication with the last server.
## Syntax: upstream name { ... }
## Default: —
## Context: http
upstream localhost {
## Defines the address and other parameters of a server. The address can
## be specified as a domain name or IP address, with an optional port,
## or as a UNIX-domain socket path specified after the “unix:” prefix.
## If a port is not specified, the port 80 is used. A domain name that
## resolves to several IP addresses defines multiple servers at once.
## The following parameters can be defined:
## weight=number
## sets the weight of the server, by default, 1.
## weight是权重,可以根据机器配置定义权重。
## weigth参数表示权值,权值越高被分配到的几率越大
## max_fails=number
## sets the number of unsuccessful attempts to communicate
## with the server that should happen in the duration set by
## the fail_timeout parameter to consider the server
## unavailable for a duration also set by the fail_timeout
## parameter. By default, the number of unsuccessful attempts
## is set to 1. The zero value disables the accounting of
## attempts. What is considered an unsuccessful attempt is
## defined by the proxy_next_upstream, fastcgi_next_upstream,
## uwsgi_next_upstream, scgi_next_upstream,
## and memcached_next_upstream directives.
## fail_timeout=time
## sets
## the time during which the specified number of
## unsuccessful attempts to communicate with the server
## should happen to consider the server unavailable;
## and the period of time the server will be considered
## unavailable.By default, the parameter is set to 10 seconds.
## backup
## marks the server as a backup server. It will be passed
## requests when the primary servers are unavailable.
## down
## marks the server as permanently unavailable.
## Syntax:server address [parameters];
## Default:—
## Context:upstream
server 192.168.80.121:8080 weight=3;
server 192.168.80.122:8080 weight=2;
server 192.168.80.123:8080 weight=3;
}
## 虚拟主机的配置
## Sets configuration for a virtual server. There is no clear separation
## between IP-based (based on the IP address) and name-based
## (based on the “Host” request header field) virtual servers.
## Instead, the listen directives describe all addresses and ports that
## should accept connections for the server, and the server_name directive
## lists all server names.
## Syntax: server { ... }
## Default: —
## Context: http
server {
## 监听端口
##Syntax: listen address[:port] [default_server] [ssl] [spdy]
## [proxy_protocol] [setfib=number] [fastopen=number]
## [backlog=number] [rcvbuf=size] [sndbuf=size]
## [accept_filter=filter] [deferred] [bind] [ipv6only=on|off]
## [so_keepalive=on|off|[keepidle]:[keepintvl]:[keepcnt]];
## listen port [default_server] [ssl] [spdy]
## [proxy_protocol]
## [setfib=number] [fastopen=number] [backlog=number] [rcvbuf=size]
## [sndbuf=size] [accept_filter=filter] [deferred] [bind]
## [ipv6only=on|off] [so_keepalive=on|off|[keepidle]:[keepintvl]:
## [keepcnt]];
## listen unix:path [default_server] [ssl] [spdy]
## [proxy_protocol] [backlog=number] [rcvbuf=size] [sndbuf=size]
## [accept_filter=filter] [deferred] [bind] [so_keepalive=on|off|
## [keepidle]:[keepintvl]:[keepcnt]];
##Default:listen *:80 | *:8000;
##Context:server
##Sets the address and port for IP, or the path for a UNIX-domain socket
##on which the server will accept requests. Both address and port, or only
##address or only port can be specified.
##If only address is given, the port 80 is used
listen 8080;
## Sets names of a virtual server,域名可以有多个,用空格隔开
## Syntax:server_name name ...;
## Default:server_name "";
## Context:server
##The first name becomes the primary server name.
server_name example.com www.example.com;
## Defines files that will be used as an index
## Syntax:index file ...;
## Default:index index.html;
## Context:http, server, location
index index.html index.htm
##Sets the root directory for requests.
##Syntax:root path;
##Default:root html;
##Context:http, server, location, if in location
##For example, with the following configuration
## location /i/ {
## root /data/w3;
## }
## The /data/w3/i/top.gif file will be sent in response to the
## “/i/top.gif” request.
## The path value can contain variables, except $document_root
## and $realpath_root.
## A path to the file is constructed by merely adding a URI to
## the value of the root directive.
root /data0/htdocs
##Sets configuration depending on a request URI
##Syntax:location [ = | ~ | ~* | ^~ ] uri { ... }
## location @name { ... }
##Default: —
##Context:server, location
##A location can either be defined by a prefix string, or by a regular
##expression. Regular expressions are specified with the preceding “~*”
##modifier (for case-insensitive matching), or the “~” modifier (for
##case-sensitive matching). To find location matching a given request,
##nginx first checks locations defined using the prefix strings (prefix
##locations). Among them, the location with the longest matching prefix is
##selected and remembered. Then regular expressions are checked, in the
##order of their appearance in the configuration file. The search of
##regular expressions terminates on the first match, and the corresponding
##configuration is used. If no match with a regular expression is found
##then the configuration of the prefix location remembered earlier
##is used.
##Let’s illustrate the above by an example:
## location = / {
## [ configuration A ]
## }
## location / {
## [ configuration B ]
## }
## location /documents/ {
## [ configuration C ]
## }
## location ^~ /images/ {
## [ configuration D ]
## }
## location ~* \.(gif|jpg|jpeg)$ {
## [ configuration E ]
## }
## The “/” request will match configuration A, the “/index.html”
## request will match configuration B, the “/documents/document.html”
## request will match configuration C, the “/images/1.gif” request will
## match configuration D, and the “/documents/1.jpg” request will
## match configuration E.
## 对 "/" 启用反向代理
location / {
##后端的Web服务器可以通过X-Forwarded-For获取用户真实IP
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
##以下是一些反向代理的配置,可选。
proxy_set_header Host $host:8080;
proxy_redirect off;
##允许客户端请求的最大单文件字节数
client_max_body_size 10m;
##缓冲区代理缓冲用户端请求的最大字节数
client_body_buffer_size 128k;
##nginx跟后端服务器连接超时时间(代理连接超时)
proxy_connect_timeout 90;
##后端服务器数据回传时间(代理发送超时)
proxy_send_timeout 90;
##连接成功后,后端服务器响应时间(代理接收超时)
proxy_read_timeout 90;
##设置代理服务器(nginx)保存用户头信息的缓冲区大小
proxy_buffer_size 4k;
##proxy_buffers缓冲区,网页平均在32k以下的设置
proxy_buffers 4 32k;
##高负荷下缓冲大小(proxy_buffers*2)
proxy_busy_buffers_size 64k;
##设定缓存文件夹大小,大于这个值,将从upstream服务器传
proxy_temp_file_write_size 64k;
## Sets the address of a proxied server
## Syntax: proxy_pass address;
## Default: —
## Context: server
proxy_pass http://localhost;
}
##本地动静分离反向代理配置
##所有jsp的页面均交由tomcat或glassfish处理
location ~ .(jsp|jspx|do)?$ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080;
}
##所有静态文件由nginx直接读取不经过tomcat或glassfish
##图片缓存时间设置
location ~ .*.(htm|html|gif|jpg|jpeg|png|bmp|swf|ioc|rar|zip|txt|flv|mid|doc|ppt|pdf|xls|mp3|wma)$
{
expires 15d;
}
##JS和CSS缓存时间设置
location ~ .*.(js|css)?$
{
expires 1h;
}
##Syntax:error_page code ... [=[response]] uri;
##Default:—
##Context:http, server, location, if in location
## Defines the URI that will be shown for the specified errors. error_page
## directives are inherited from the previous level only if there are no
## error_page directives defined on the current level. A uri value can
## contain variables.
## Example:
## error_page 404 /404.html;
## error_page 500 502 503 504 /50x.html;
## Furthermore, it is possible to change the response code to another
## using the “=response” syntax, for example:
## error_page 404 =200 /empty.gif;
#error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
##redirect server error pages to the static page /50x.html
location = /50x.html {
root html;
}
##设定查看Nginx状态的地址
location /NginxStatus {
stub_status on;
access_log on;
auth_basic "NginxStatus";
auth_basic_user_file conf/htpasswd;
#htpasswd文件的内容可以用apache提供的htpasswd工具来产生。
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
# }
}
更详细的模块参数请参考: http://nginx.org/en/docs/dirindex.html
配置完成后,检查一下nginx配置文件是否可用,有successful表示可用。
$ nginx -t // 检查nginx配置文件
配置正确后,重新加载配置文件使配置生效:
$ nginx -s reload // 使配置生效
nginx配置https访问
server {
listen 443;
server_name bjubi.com; // 你的域名
client_max_body_size 30m;
ssl on;
ssl_certificate cert/214292799730473.crt;// 改成你的证书的名字
ssl_certificate_key cert/214292799730473.key;// 你的证书的名字
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_session_timeout 10m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 sslv3;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://120.22.85.211:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_max_temp_file_size 512m;
}
}
server {
listen 80;
server_name bjubi.com;// 你的域名
rewrite ^(.*)$ https://$host$1 permanent;// 把http的域名请求转成https
}
发表评论
-
LVS+Keepalived 实现集群负载均衡
2015-11-23 16:23 1843IP配置信息: LVS-DR-Master ... -
Haproxy+Keepalived+MySQL Cluster实现负载均衡
2015-11-19 15:52 1393由于在生产环境使用了mysqlcluster,需要实现高可用负 ... -
LVS Nginx HAProxy 比较
2015-11-13 16:33 2620负载均衡 (Load Balancing) 建立在现有网络结构 ... -
Nginx 引入线程池 性能提升9倍
2015-07-03 15:17 7751. 引言 正如我们所知 ... -
Nginx 如何实现高性能和可扩展性
2015-07-03 14:46 821NGINX的整体架构的特点 ... -
Nginx 安装启动
2015-05-12 12:57 1297选择Nginx的理由 高并发连接: 官方测试N ...
相关推荐
以下是对"windows下 php+nginx配置详解"的详细说明。 首先,我们需要安装Nginx。Nginx是一款高性能的HTTP和反向代理服务器,以其稳定性和高并发处理能力著称。下载适用于Windows的Nginx安装包,然后按照安装向导...
### Nginx 配置详解 #### 一、Nginx 概述 Nginx 是一款由 Igor Sysoev 开发的高性能 Web 和反向代理服务器,最初是为了俄罗斯访问量排名第二的网站 Rambler.ru 而设计。自 2004 年发布以来,Nginx 已经通过开源...
nginx 配置详解 Nginx 配置文件(nginx.conf)是 Nginx 服务器的核心配置文件,用于控制 Nginx 服务器的行为和性能。本文将对 Nginx 配置文件中的各个配置项进行详细的解释和注释。 用户和工作进程 * `user nginx...
【Nginx 配置详解】在 CentOS 6.5 环境下,配置 Nginx 1.6.2 可以实现多种高级功能,包括 SSL 双向认证、负载均衡和反向代理。以下是一份详细的配置步骤指南。 ### 1. 安装与准备 首先,确保你的系统是 CentOS 6.5...
Nginx (engine x) 是一个轻量级高性能的HTTP和反向代理服务器,同时也是一个通用 代理服务器 (TCP/UDP/...搭建好nginx服务器并启动过后,我们先看nginx默认配置,再逐个介绍不同使用场景。 默认配置 Nginx 安装目录
里面有资源,有文档详细说明,以及安装步骤,我是结合两个文档一起操作的,只能在linux系统下,Windows系统需要安装虚拟机,操作两遍后,目前基本上十来分钟就可以搞定了
### Nginx 配置详解 + 负载均衡 + HTTPS 协议 #### 一、SSL证书申请 SSL证书是实现HTTPS的关键组件之一,它主要用于保护网站与用户之间的数据传输安全。文中提到两种常见的SSL证书类型:OpenSSL和StartSSL。在此...
**三、Nginx配置详解** Nginx的配置文件通常位于`/etc/nginx/nginx.conf`或`/usr/local/nginx/conf/nginx.conf`。配置主要分为全局块、events块、http块、server块和location块。 1. **全局块**:设置影响nginx...
### Nginx配置文件详解 #### 一、引言 Nginx是一款广泛使用的高性能Web服务器及反向代理服务器,以其高效稳定而著称。它不仅适用于简单的静态页面服务,还可以作为动态应用服务器的反向代理,实现负载均衡等功能。...
Nginx配置文件(nginx.conf)配置详解 Nginx配置文件(nginx.conf)是Nginx服务器的核心配置文件,用于定义Nginx服务器的行为和配置。下面是Nginx配置文件的详细配置解释: 用户和组 Nginx配置文件中指定了用户和组,...
### Window下Nginx配置详解 #### 一、前言 一直以来,许多开发者都认为Nginx只能在Linux环境下运行,实际上,在Windows系统中同样可以部署并高效运行Nginx。随着网站流量的增长,单台服务器可能无法满足需求,此时...
Nginx 配置文件 nginx.conf 详解 Nginx 配置文件 nginx.conf 是 Nginx 服务器的核心配置文件,它控制着 Nginx 服务器的行为和性能。在这个配置文件中,我们可以设置服务器的用户和组、工作进程数、错误日志、进程...
对nginx配置文件nginx.conf各个表示的意思进行解释,方便新人学习
### Nginx 部署配置详解:Proxy Read Timeout #### 概述 在Nginx的配置过程中,为了确保服务器能够稳定、高效地处理来自客户端的请求,我们需要合理设置与代理相关的超时参数。这些参数包括但不限于`proxy_connect...
Nginx配置详解 在IT领域,Nginx是一个广泛使用的高性能HTTP服务器和反向代理服务器,同时也支持IMAP/POP3/SMTP协议。由Igor Sysoev为Rambler.ru网站开发,Nginx以其高稳定性、丰富的功能、易于配置的文件以及对系统...
### Vue前端项目部署之Nginx配置详解 #### 一、引言 随着前端技术的发展,Vue.js作为一款流行的前端框架被广泛应用于Web应用开发之中。对于开发者来说,如何将开发完成的应用部署到生产环境是必不可少的一环。本文...
【Nginx配置详解】 Nginx是一款高性能的HTTP和反向代理服务器,因其轻量级、高效能和高并发处理能力,在软件开发领域中被广泛使用。与Apache服务器相比,Nginx采用异步非阻塞的事件驱动模型,这使得它在处理大量...