Nginx优化全攻略之HTTP模块

Nginx常常用于反向代理和负载均衡,代理模式包括http、stream、mail、tcp等。本文重点讲述http模块的常用参数,以及代理PHP站点、Websocket的基本优化。

以下是nginx基本配置:

user             nginx;
worker_processes 4;                        #参数值:CPU核心数量,或者auto
error_log        /var/log/nginx/error.log; #全局错误日志:缺省、warn、notice、info
pid              /var/run/nginx.pid;

events {
  worker_connections 65536;                #每个worker_processes最大并发链接数
  use            epoll;                    #多路复用IO,提高nginx性能
  multi_accept   on;
}

配置http模块

以下是http模块中常见的参数配置:

http {
  include         /etc/nginx/mime.types;
  default_type    application/octet-stream;

  log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"';
  access_log      /var/log/nginx/access.log main;

  # 以json格式保存日志
  log_format json '{"server_name":"$server_name",'
                  '"remote_ip":"$remote_addr",'
                  '"user_ip":"$http_x_real_ip",'
                  '"user_req":"$request",'
                  '"http_code":"$status",'
                  '"body_bytes_sents":"$body_bytes_sent",'
                  '"req_time":"$request_time",'
                  '"log_time":"$time_iso8601",'
                  '"@timestamp": "$time_local",'
                  '"referer": "$http_referer",'
                  '"x_forwarded": "$http_x_forwarded_for",'
                  '"agent":"$http_user_agent"}';
  access_log      /var/log/nginx/access.log  json;

  sendfile                    on;             #调用sendfile函数输出文件
  tcp_nopush                  on;             #使用socke的TCP_CORK的选项,先启用sendfile
  gzip                        on;             #开启gzip压缩
  gzip_disable                "MSIE [1-6].";  #对MSIE浏览器禁用压缩
  keepalive_timeout           600;            #连接超时时间
  client_header_buffer_size   128k;           #请求缓冲大小
  large_client_header_buffers 4 128k;
  client_max_body_size        100m;           #上传文件大小
  server_tokens               off;            #隐藏nginx版本号

  # 打开文件指定缓存,建议和打开文件数一致,规定时间内没被请求后删除缓存 #
  open_file_cache             max=65535       inactive=60s;
  open_file_cache_valid       80s;
  open_file_cache_min_uses    1;

  #代理全局设置#
  proxy_set_header            Host            $host;
  proxy_set_header            X-Real-IP       $remote_addr;
  proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_connect_timeout       600;
  proxy_read_timeout          600;
  proxy_send_timeout          600;
  proxy_buffer_size           64k;
  proxy_buffers               4 32k;
  proxy_busy_buffers_size     64k;
  proxy_temp_file_write_size  64k;
  proxy_ignore_client_abort   on;
  proxy_intercept_errors      on;             #阻止应答HTTP400及更高的错误代码

  # 设置内存缓存:200M,1天无访问则删除,硬盘空间30G #
  proxy_cache_path /data0/proxy_cache_dir levels=1:2 keys_zone=cache_one:200m inactive=1d max_size=30g;

  include          /etc/nginx/conf.d/*.conf
}

以下是解析PHP的配置:

  upstream www {
    server  192.168.1.50:8080 weight=10 max_fails=3 fail_timeout=30s;
    server  192.168.1.50:8081 weight=20 down;
    server  192.168.1.50:8082 weight=30 backup;
    ip_hash;                                  #负载模式:ip_hash、url_hash、consistent_hash、fair
    #consistent_hash          $defurlkey;     #ip_hash/url_hash/fair/consistent_hash为单选
  }

  server {
    listen      80;
    server_name olzl.net;                     #定义访问域名
    root        /www/olzl;                    #定义网站根目录
    index       index.html index.php;         #定义首页文件
    error_page  500 502 503 504 /50x.html;    #定义错误页

    # 定义301跳转,如http自动跳转至https
    return 301  https://www.olzl.top$request_uri;

    location / {
      proxy_pass http://www;

      # 禁止直接访问根目录下的文件,谨慎使用
      if (!-e $request_filename) {
        rewrite ^([_0-9a-zA-Z-]+)?(/wp-.*) $2 last;
        rewrite ^([_0-9a-zA-Z-]+)?(/.*\.php)$ $2 last;
        rewrite ^ /index.php last;
      }
    }

    location ~ ^/(images|javascript|js|css|flash|media|static)/ {
      expires 30d;                   #处理静态文件过期时间
    }

    location ~ /.ht {
      deny all;                      #禁止访问"ht**"类型的文件
    }

    location /NginxStatus {
      stub_status          on;       #设定查看Nginx状态的地址,配合监控系统
      access_log           on;
      auth_basic           "NginxStatus";
      auth_basic_user_file conf/htpasswd;
    }

    location ~ \.php$ {
      fastcgi_pass  127.0.0.1:9000;  #PHP-FPM服务的IP及PORT
      fastcgi_index index.php;
      fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
      include       fastcgi_params;
      include       fastcgi.conf;
    }

    # 访问规则:IP白名单模式
    allow   10.10.0.0/16;
    allow   172.16.222.0/24;
    deny    all;
  }

以下是SSL的基本配置:

  server {
    listen              443 ssl http2;
    server_name         olzl.net www.olzl.net;
    root                /web/https;
    index               index.html index.php;

    ssl_certificate           /etc/nginx/ssl/nginx.crt; #证书:.crt、.pem
    ssl_certificate_key       /etc/nginx/ssl/nginx.key;
    ssl_session_cache         shared:sslcache:20m;
    ssl_session_timeout       10m;
    ssl_ciphers               ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;

    access_log          logs/nginx.access.log;

    rewrite ^(.*)$      http://$host$1 permanent; #启用rewrite
    rewrite_log         on;                       #启用rewrite日志
  }

以下是代理显性Websocket的配置:

  server {
    listen      80;
    server_name websocket.olzl.top;
    location / {
      proxy_pass         http://192.168.1.50:8083;
      proxy_http_version 1.1;
      proxy_set_header   Upgrade    $http_upgrade;
      proxy_set_header   Connection $connection_upgrade;
    }
  }

  map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
  }

原创文章禁止转载:技术学堂 » Nginx优化全攻略之HTTP模块

精彩评论

2+5=

感谢您的支持与鼓励

支付宝扫一扫打赏

微信扫一扫打赏