技术学堂
Nginx常常用于反向代理和负载均衡,代理模式包括http、stream、mail、tcp等。本文重点讲述http模块的常用参数,以及代理PHP站点、Websocket的基本优化。
以下是nginx基本配置:
user nginx;
worker_processes 4; #参数值:CPU核心数量,或者auto
error_log /var/log/nginx/error.log; #全局错误日志:缺省、warn、notice、info
pid /var/run/nginx.pid;
events {
worker_connections 65536; #每个worker_processes最大并发链接数
use epoll; #多路复用IO,提高nginx性能
multi_accept on;
}
配置http模块
以下是http模块中常见的参数配置:
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
# 以json格式保存日志
log_format json '{"server_name":"$server_name",'
'"remote_ip":"$remote_addr",'
'"user_ip":"$http_x_real_ip",'
'"user_req":"$request",'
'"http_code":"$status",'
'"body_bytes_sents":"$body_bytes_sent",'
'"req_time":"$request_time",'
'"log_time":"$time_iso8601",'
'"@timestamp": "$time_local",'
'"referer": "$http_referer",'
'"x_forwarded": "$http_x_forwarded_for",'
'"agent":"$http_user_agent"}';
access_log /var/log/nginx/access.log json;
sendfile on; #调用sendfile函数输出文件
tcp_nopush on; #使用socke的TCP_CORK的选项,先启用sendfile
gzip on; #开启gzip压缩
gzip_disable "MSIE [1-6]."; #对MSIE浏览器禁用压缩
keepalive_timeout 600; #连接超时时间
client_header_buffer_size 128k; #请求缓冲大小
large_client_header_buffers 4 128k;
client_max_body_size 100m; #上传文件大小
server_tokens off; #隐藏nginx版本号
# 打开文件指定缓存,建议和打开文件数一致,规定时间内没被请求后删除缓存 #
open_file_cache max=65535 inactive=60s;
open_file_cache_valid 80s;
open_file_cache_min_uses 1;
#代理全局设置#
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 600;
proxy_read_timeout 600;
proxy_send_timeout 600;
proxy_buffer_size 64k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_ignore_client_abort on;
proxy_intercept_errors on; #阻止应答HTTP400及更高的错误代码
# 设置内存缓存:200M,1天无访问则删除,硬盘空间30G #
proxy_cache_path /data0/proxy_cache_dir levels=1:2 keys_zone=cache_one:200m inactive=1d max_size=30g;
include /etc/nginx/conf.d/*.conf
}
以下是解析PHP的配置:
upstream www {
server 192.168.1.50:8080 weight=10 max_fails=3 fail_timeout=30s;
server 192.168.1.50:8081 weight=20 down;
server 192.168.1.50:8082 weight=30 backup;
ip_hash; #负载模式:ip_hash、url_hash、consistent_hash、fair
#consistent_hash $defurlkey; #ip_hash/url_hash/fair/consistent_hash为单选
}
server {
listen 80;
server_name olzl.net; #定义访问域名
root /www/olzl; #定义网站根目录
index index.html index.php; #定义首页文件
error_page 500 502 503 504 /50x.html; #定义错误页
# 定义301跳转,如http自动跳转至https
return 301 https://www.olzl.top$request_uri;
location / {
proxy_pass http://www;
# 禁止直接访问根目录下的文件,谨慎使用
if (!-e $request_filename) {
rewrite ^([_0-9a-zA-Z-]+)?(/wp-.*) $2 last;
rewrite ^([_0-9a-zA-Z-]+)?(/.*\.php)$ $2 last;
rewrite ^ /index.php last;
}
}
location ~ ^/(images|javascript|js|css|flash|media|static)/ {
expires 30d; #处理静态文件过期时间
}
location ~ /.ht {
deny all; #禁止访问"ht**"类型的文件
}
location /NginxStatus {
stub_status on; #设定查看Nginx状态的地址,配合监控系统
access_log on;
auth_basic "NginxStatus";
auth_basic_user_file conf/htpasswd;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000; #PHP-FPM服务的IP及PORT
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
include fastcgi_params;
include fastcgi.conf;
}
# 访问规则:IP白名单模式
allow 10.10.0.0/16;
allow 172.16.222.0/24;
deny all;
}
以下是SSL的基本配置:
server {
listen 443 ssl http2;
server_name olzl.net www.olzl.net;
root /web/https;
index index.html index.php;
ssl_certificate /etc/nginx/ssl/nginx.crt; #证书:.crt、.pem
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_session_cache shared:sslcache:20m;
ssl_session_timeout 10m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
access_log logs/nginx.access.log;
rewrite ^(.*)$ http://$host$1 permanent; #启用rewrite
rewrite_log on; #启用rewrite日志
}
以下是代理显性Websocket的配置:
server {
listen 80;
server_name websocket.olzl.top;
location / {
proxy_pass http://192.168.1.50:8083;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
原创文章禁止转载:技术学堂 » Nginx优化全攻略之HTTP模块
