Nginx常常用于反向代理和负载均衡,代理模式包括http、stream、mail、tcp等。本文重点讲述http模块的常用参数,以及代理PHP站点、Websocket的基本优化。
以下是nginx基本配置:
user nginx; worker_processes 4; #参数值:CPU核心数量,或者auto error_log /var/log/nginx/error.log; #全局错误日志:缺省、warn、notice、info pid /var/run/nginx.pid; events { worker_connections 65536; #每个worker_processes最大并发链接数 use epoll; #多路复用IO,提高nginx性能 multi_accept on; }
配置http模块
以下是http模块中常见的参数配置:
http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; # 以json格式保存日志 log_format json '{"server_name":"$server_name",' '"remote_ip":"$remote_addr",' '"user_ip":"$http_x_real_ip",' '"user_req":"$request",' '"http_code":"$status",' '"body_bytes_sents":"$body_bytes_sent",' '"req_time":"$request_time",' '"log_time":"$time_iso8601",' '"@timestamp": "$time_local",' '"referer": "$http_referer",' '"x_forwarded": "$http_x_forwarded_for",' '"agent":"$http_user_agent"}'; access_log /var/log/nginx/access.log json; sendfile on; #调用sendfile函数输出文件 tcp_nopush on; #使用socke的TCP_CORK的选项,先启用sendfile gzip on; #开启gzip压缩 gzip_disable "MSIE [1-6]."; #对MSIE浏览器禁用压缩 keepalive_timeout 600; #连接超时时间 client_header_buffer_size 128k; #请求缓冲大小 large_client_header_buffers 4 128k; client_max_body_size 100m; #上传文件大小 server_tokens off; #隐藏nginx版本号 # 打开文件指定缓存,建议和打开文件数一致,规定时间内没被请求后删除缓存 # open_file_cache max=65535 inactive=60s; open_file_cache_valid 80s; open_file_cache_min_uses 1; #代理全局设置# proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 600; proxy_read_timeout 600; proxy_send_timeout 600; proxy_buffer_size 64k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; proxy_ignore_client_abort on; proxy_intercept_errors on; #阻止应答HTTP400及更高的错误代码 # 设置内存缓存:200M,1天无访问则删除,硬盘空间30G # proxy_cache_path /data0/proxy_cache_dir levels=1:2 keys_zone=cache_one:200m inactive=1d max_size=30g; include /etc/nginx/conf.d/*.conf }
以下是解析PHP的配置:
upstream www { server 192.168.1.50:8080 weight=10 max_fails=3 fail_timeout=30s; server 192.168.1.50:8081 weight=20 down; server 192.168.1.50:8082 weight=30 backup; ip_hash; #负载模式:ip_hash、url_hash、consistent_hash、fair #consistent_hash $defurlkey; #ip_hash/url_hash/fair/consistent_hash为单选 } server { listen 80; server_name olzl.net; #定义访问域名 root /www/olzl; #定义网站根目录 index index.html index.php; #定义首页文件 error_page 500 502 503 504 /50x.html; #定义错误页 # 定义301跳转,如http自动跳转至https return 301 https://www.olzl.top$request_uri; location / { proxy_pass http://www; # 禁止直接访问根目录下的文件,谨慎使用 if (!-e $request_filename) { rewrite ^([_0-9a-zA-Z-]+)?(/wp-.*) $2 last; rewrite ^([_0-9a-zA-Z-]+)?(/.*\.php)$ $2 last; rewrite ^ /index.php last; } } location ~ ^/(images|javascript|js|css|flash|media|static)/ { expires 30d; #处理静态文件过期时间 } location ~ /.ht { deny all; #禁止访问"ht**"类型的文件 } location /NginxStatus { stub_status on; #设定查看Nginx状态的地址,配合监控系统 access_log on; auth_basic "NginxStatus"; auth_basic_user_file conf/htpasswd; } location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; #PHP-FPM服务的IP及PORT fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; include fastcgi_params; include fastcgi.conf; } # 访问规则:IP白名单模式 allow 10.10.0.0/16; allow 172.16.222.0/24; deny all; }
以下是SSL的基本配置:
server { listen 443 ssl http2; server_name olzl.net www.olzl.net; root /web/https; index index.html index.php; ssl_certificate /etc/nginx/ssl/nginx.crt; #证书:.crt、.pem ssl_certificate_key /etc/nginx/ssl/nginx.key; ssl_session_cache shared:sslcache:20m; ssl_session_timeout 10m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; access_log logs/nginx.access.log; rewrite ^(.*)$ http://$host$1 permanent; #启用rewrite rewrite_log on; #启用rewrite日志 }
以下是代理显性Websocket的配置:
server { listen 80; server_name websocket.olzl.top; location / { proxy_pass http://192.168.1.50:8083; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; } } map $http_upgrade $connection_upgrade { default upgrade; '' close; }
原创文章禁止转载:技术学堂 » Nginx优化全攻略之HTTP模块