这里演示以编译安装的nginx1.16版本:
#配置文件路径:/usr/local/nginx/conf/nginx.conf
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80#user nobody; worker_processes 4; worker_rlimit_nofile 1024000; working_directory /nginx; error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024000; accept_mutex off; } #accept_mutex的意义:当一个新接到达时,如果激活了accept_mutex,那么多个Worker将以串行方式来处理,其中有一个Worker会被唤醒其他的Worker继续保持休眠状态;如果没有激活accept_mutex,那么所有的Worker都会被唤醒,不过只一个Worker能获取新连接,其它的Worker会重新进入休眠状态,这就是「惊群问题」。Nginx缺省激活了acept_mutex,是一种保守的选择。如果关闭了它,可能会引起一定程度的惊群问题,表现为上下文切换增(sar -w)或者负载上升,但是如果你的网站访问量比较大,为了系统的吞吐量,我还是建议大家关闭它。 thread_pool one threads=128 max_queue=0; http { include mime.types; default_type application/octet-stream; server_tokens off; client_header_buffer_size 16k; client_body_buffer_size 512k; client_body_temp_path /dev/shm/client_body_temp; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$body_bytes_sent "$http_referer" ' '"$request_body" ' '"$http_user_agent" "$http_x_forwarded_for"' '$upstream_addr $status $request_time $upstream_response_time' ; log_format json '{"@timestamp":"$time_iso8601",' '"host":"$server_addr",' '"clientip":"$remote_addr",' '"size":$body_bytes_sent,' '"xff":"$http_x_forwarded_for",' '"upstreamhost":"$upstream_addr",' '"status":"$status",' '"responsetime":$request_time,' '"upstreamtime":"$upstream_response_time",' '"http_host":"$host",' '"url":"$uri"}'; map $http_upgrade $connection_upgrade { default upgrade; '' close; } #access_log logs/access.log main; access_log off; sendfile on; tcp_nopush on; tcp_nodelay on; max_ranges 1; #keepalive_timeout 0; keepalive_timeout 300s 300s; keepalive_requests 8192; gzip on; gzip_min_length 10k; gzip_buffers 16 16k; gzip_comp_level 5; gzip_vary on; gzip_types text/plain application/x-javascript text/css application/xml application/javascript image/jpeg image/gif image/png; proxy_cache_path /nginx/cache levels=1:2 keys_zone=first:100m inactive=24h max_size=2G use_temp_path=off; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_set_header Host $host; proxy_set_header x-real-ip $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 1m; proxy_send_timeout 10m; proxy_read_timeout 10m; proxy_buffering on; proxy_buffer_size 256k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; #proxy_next_upstream http_502 http_504 http_404 error timeout invalid_header;
#负载均衡http配置:
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40upstream iewebservice { server 10.230.248.115:9529 weight=1 max_fails=2; server 10.230.248.116:9529 weight=1 max_fails=2; } server { listen 80 default_server; server_name _; location /ngx_status { stub_status on; access_log off; allow 127.0.0.1; allow 10.3.22.153; deny all; } } #上面的server模块是全局指向 #下面的server模块是针对upstream server { listen 80; server_name crm2.wuliusys.com; rewrite ^/(.*) https://crm2.wuliusys.com/$1 permanent; } #匹配成功后跳转到指定域,执行永久301跳转 server { listen 80; server_name iewebservice.rfddc.com; #charset koi8-r; #access_log logs/host.access.log main; location / { root html; proxy_pass http://iewebservice; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } }
#负载均衡https配置
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67upstream backend-crm { server 10.230.4.11:8081 weight=1 max_fails=2; server 10.230.3.34:8081 weight=1 max_fails=2; } server { listen 443; client_max_body_size 15M; server_name crm2.wuliusys.com; client_header_timeout 5m; client_body_timeout 5m; send_timeout 5m; ssl on; ssl_certificate /etc/nginx/cert/server.crt; ssl_certificate_key /etc/nginx/cert/key.txt; #这里的证书要存放到指定的路径下 ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; proxy_set_header X-Forwarded-Proto https; proxy_redirect http:// https://; #charset koi8-r; error_log logs/crm2.error.log; #access_log logs/crm2.access.log; location / { proxy_http_version 1.1; proxy_set_header Connection ""; proxy_set_header Host $host; proxy_set_header x-real-ip $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://backend-crm; } location ~* ".(jpg|jpeg|png|gif|html|css|js)$" { proxy_http_version 1.1; proxy_set_header Connection ""; proxy_set_header Host $host; proxy_set_header x-real-ip $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 5m; proxy_send_timeout 10m; proxy_read_timeout 10m; proxy_buffering on; proxy_buffer_size 256k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; proxy_next_upstream http_502 http_504 http_404 error timeout invalid_header; proxy_cache first; proxy_cache_valid 200 24h; proxy_cache_valid 302 10m; add_header X-Cache-Status $upstream_cache_status; proxy_pass http://backend-crm; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } location = /404-3.png { root html; } }
最后
以上就是魔幻柠檬最近收集整理的关于nginx.conf文件配置实用案例的全部内容,更多相关nginx内容请搜索靠谱客的其他文章。
本图文内容来源于网友提供,作为学习参考使用,或来自网络收集整理,版权属于原作者所有。
发表评论 取消回复