非常有用的nginx配置
2023-02-21 本文已影响0人
liurongming
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name localhost 172.18.5.152;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
#root html;
# index index.html index.htm;
rewrite ^/(.*)$ /man/$1 last;
}
location /man {
alias C:/Users/Public/www;
autoindex on;
}
location /api {
rewrite ^.+api/?(.*)$ /$1 break;
include uwsgi_params;
proxy_pass http://172.18.5.175:9999;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
server {
listen 80;
server_name man.xxx.com;
#access_log /var/log/nginx/pro.log;
location / {
# 传递真实的请求头信息
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# 限制文件大小为1G
client_max_body_size 10240m;
rewrite ^/(.*)$ /man/$1 last;
}
location ~* ^/man/.*$ {
proxy_pass http://172.18.5.152:80;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
解决外网映射端口和nginx监听端口不一致问题,
例如外层是通过路由器映射一个任意端口,例如10080,而nginx依然使用80端口。
此场景,可以这样使用。
1、关闭 absolute_redirect off;
2、或者使用 rewrite /([A-Za-z0-9_%-]+)1/ permanent;
二者选择其一,都可以解决。
location /tsweb/ {
# autoindex on;
absolute_redirect off;
# rewrite \/([A-Za-z0-9_%\-]+)$ $1/ permanent;
# 不缓存html,防止程序更新后缓存继续生效
if ($request_filename ~* .*\.(?:htm|html)$) {
add_header Cache-Control "private, no-store, no-cache, must-revalidate, proxy-revalidate";
access_log on;
}
alias /srv/webapps/tsweb/; # 静态文件nginx处理
index index.html index.htm;
}
案例:
ubuntu 操作系统下,nginx完整配置案例参考
# 开启gzip压缩
# 进入路径:/etc/nginx
root@vbs3-ubt2004-prod-nginx8701:/etc/nginx# cat nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
#gzip on;
gzip on;
gzip_http_version 1.1;
gzip_min_length 1k;
gzip_buffers 40 16k;
gzip_comp_level 4;
gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php application/javascript application/json;
gzip_disable "MSIE [1-6]\.";
gzip_vary on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
root@vbs3-ubt2004-prod-nginx8701:/etc/nginx#/etc/nginx/conf.d
cd /etc/nginx/conf.d 实际业务配置
root@vbs3-ubt2004-prod-nginx8701:/etc/nginx/conf.d# cat jiangsu.conf
upstream hebei_gateway_server {
server 172.168.114.91:8000 weight=1 max_fails=3 fail_timeout=60s;
server 172.168.114.92:8000 weight=1 max_fails=3 fail_timeout=60s;
keepalive 300;
}
server {
listen 80;
server_name 172.168.xx.87 1xx.4.1xx.x6;
# access_log /var/log/nginx/pro.log;
location /{
# 传递真实的请求头信息
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# 限制文件大小为10G
client_max_body_size 10240m;
# 允许跨域
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Headers X-Requested-With;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
# 指定代理服务器
# proxy_pass http://127.0.0.1:8000;
# 域名重写
rewrite ^/(.*)$ /jiangsu/$1 last;
}
location ~ ^/service-.*$ {
# 传递真实的请求头信息
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# 允许跨域
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Headers X-Requested-With;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
# rewrite ^.+api/?(.*)$ /$1 break;
include uwsgi_params;
proxy_pass http://hebei_gateway_server;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# 调优
client_max_body_size 10240m;
client_body_buffer_size 256k;
proxy_connect_timeout 900;
proxy_read_timeout 900;
proxy_send_timeout 900;
proxy_buffer_size 32k;
proxy_buffers 4 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 10m;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location /jiangsu/ {
# autoindex on;
absolute_redirect off;
# 不缓存html,防止程序更新后缓存继续生效
if ($request_filename ~* .*\.(?:htm|html)$) {
add_header Cache-Control "private, no-store, no-cache, must-revalidate, proxy-revalidate";
access_log on;
}
alias /srv/webapps/jiangsu/; # 静态文件nginx处理
index index.html index.htm;
}
location /tsweb/ {
# autoindex on;
absolute_redirect off;
# rewrite \/([A-Za-z0-9_%\-]+)$ $1/ permanent;
# 不缓存html,防止程序更新后缓存继续生效
if ($request_filename ~* .*\.(?:htm|html)$) {
add_header Cache-Control "private, no-store, no-cache, must-revalidate, proxy-revalidate";
access_log on;
}
alias /srv/webapps/tsweb/jiangsu/; # 静态文件nginx处理
index index.html index.htm;
}
}
