nginx 配置小结

#用户

user  webapp;

#工作进程数量

worker_processes  8;

#平均分配到CPU（当前是8核）

worker_cpu_affinity 10000000 01000000 00100000 00010000 00001000 00000100 00000010 00000001;

#worker_cpu_affinity auto;

#错误日志记录

error_log  logs/error.log;

#error_log  logs/error.log  notice;

#error_log  logs/error.log  info;

pid        logs/nginx.pid;

worker_rlimit_nofile 10240;

#事件类型

events {

use epoll;

#每个进程的最大连接数

worker_connections  15000;

multi_accept on;

}

http {

include       mime.types;

default_type  application/octet-stream;

# 修改默认服务器类型标签，避免某些安全隐患

server_tokens off;

server_tag ‘NULL‘;

#定义日志格式

#log_format  main  ‘$remote_addr - $remote_user [$time_local] "$request" ‘

#                  ‘$status $body_bytes_sent "$http_referer" ‘

#                  ‘"$http_user_agent" "$http_x_forwarded_for"‘;

#access_log  logs/access.log  main;

#设定请求缓冲

client_header_buffer_size    32k;

large_client_header_buffers 4 4k;

sendfile        on;

tcp_nopush     on;

tcp_nodelay     on;

#keepalive_timeout  0;

keepalive_timeout  65;

server_tokens off;

open_file_cache     max=65535       inactive=20s;

open_file_cache_valid       30s;

open_file_cache_min_uses    1;

#开启gzip模块

gzip  on;

gzip_min_length  1000;

gzip_buffers     4 16k;

gzip_comp_level 4;

gzip_types  text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;

gzip_vary   on;

gzip_disable        "MSIE [1-6]\.";

fastcgi_intercept_errors on;

#定义负载均衡后端服务器

upstream TOMCAT {

server 192.168.1.1:8081 max_fails=1;

server 192.168.1.1:8082 max_fails=1;

server 192.168.1.1:8083 max_fails=1;

server 192.168.1.1:8084 max_fails=1;

ip_hash;

#负载均衡健康检查  需要安装nginx_upstream_check_module

check interval=3000 rise=2 fall=5 timeout=1000  type=http;

#check_http_send "GET  / HTTP/1.0\r\n\r\n";

#check_http_expect_alive http_2xx http_3xx;

}

#limit模块限制

limit_req_zone  $binary_remote_addr  zone=zone_name:20m    rate=5r/s;

# 服务器定义

server {

listen       8080;

#定义多个端口

#listen     9090;

server_name  192.168.1.1 localhost;

set $addr $remote_addr;

proxy_store off;

error_page 404   /404.html;

charset  utf-8;

#设定上传文件的最大尺寸

client_max_body_size    20m;

#定义时间参数，用作日志生成

if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})") {

set $year $1;

set $month $2;

set $day $3;

}

#日志，指定目录及日期，可自动按天生成

access_log  /nfs/nginxlog/nginx-$year-$month-$day-access.log;

# 指定HTTP访问方式：非GET或者POST方式，返回403;一般为Web、WAP使用

if ($request_method !~ ^(GET|POST)$) {

return 403;

}

#判断客户端地址

if ($remote_Addr != ‘4.4.4.4‘ ){

return 403;

}

if ($remote_Addr = ‘2.2.2.2‘ ) || ($remote_Addr = ‘3.3.3.3‘ ) {

........;

}else{

return 403;

}

#可以根据判断结果设定参数值，再根据参数值确定具体操作

if ($request_uri ~ \.(conf|xml)$) {

set $seo 2;

}

if ($seo = 2) {

proxy_pass http://192.168.1.2:8080;

rewrite ^.*$ /api/1$request_uri;

break;

}

#判断用户访问的客户端类型

if ( $http_user_agent ~* "(Android|iPhone|Windows Phone|UC|Kindle)" ){

rewrite ^(.*) http://www.xxx.cn/yy/ permanent;

}

#设置参数初始值，并在进行判断后赋值

set $SESSIONID "-";

if ( $http_cookie ~* "WAP_SESSIONID=([^;]+)(?:;|$)" ){

set $SESSIONID $1;

}

#匹配用户访问url路径，然后进行相应处理

location =/ {

return 404;

}

location ~ ^/(WEB-INF)/ {

deny all;

}

location  ^~  class {

# 匹配任何已 images 开头的任何查询并且停止搜索。任何正则表达式将不会被测试。

deny all;

}

#匹配用户访问的文件类型，符合即指向指定目录

location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|htc|ico)$ {

root /webapp/web/image;

access_log off;

expires      30d;

}

#重定向

location  /content {

rewrite  ^/(.*)$    /lcpproxy/content.php?$1 last;

}

#使用LUA脚本

location /queryCache {

default_type ‘text/plain‘;

content_by_lua_file  /home/fjccwt/nginx/lua/queryCache.lua;

}

#使用python脚本   需要ngx_python模块

location /content_by_python_file {

content_by_python_file /webapp/openresty/hello.py;

}

#反向代理

location /test/ {

limit_req  zone=zone_name   burst=1500  nodelay;

proxy_pass      http://tomcat/test/;

proxy_redirect          off;

proxy_set_header        Host $host:$server_port;

proxy_set_header        X-Real-IP $remote_addr;

proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

client_max_body_size    20m;

client_body_buffer_size 500k;

proxy_max_temp_file_size 0;

proxy_connect_timeout   60;

proxy_send_timeout      60;

proxy_read_timeout      60;

proxy_buffer_size       128k;

proxy_buffers           8 128k;

proxy_busy_buffers_size 256k;

proxy_temp_file_write_size 1024k;

}

#nginx管理配置

location /ngx_status {

stub_status on;

access_log off;

#设定NGINX管理平台访问密码

#auth_basic              "NginxStatus";

#auth_basic_user_file    htpasswd;

allow 127.0.0.1;

deny all;

}

}

#HTTPS配置

server {

listen       8443;

server_name  localhost;

ssl                  on;

ssl_certificate      /webapp/softs/sslkey/server.crt;

ssl_certificate_key  /webapp/softs/sslkey/server.key;

ssl_session_timeout  5m;

ssl_protocols  SSLv2 TLSv1;

ssl_ciphers  HIGH:!aNULL:!MD5;

ssl_prefer_server_ciphers   on;

if ($request_method !~ ^(GET|HEAD|POST)$ ) {

return 403;

}

location / {

root   html;

index  index.html index.htm;

}

}

# another virtual host using mix of IP-, name-, and port-based configuration

#

#server {

#    listen       8000;

#    listen       somename:8080;

#    server_name  somename  alias  another.alias;

#    location / {

#        root   html;

#        index  index.html index.htm;

#    }

#}

# HTTPS server

#

#server {

#    listen       443 ssl;

#    server_name  localhost;

#    ssl_certificate      cert.pem;

#    ssl_certificate_key  cert.key;

#    ssl_session_cache    shared:SSL:1m;

#    ssl_session_timeout  5m;

#    ssl_ciphers  HIGH:!aNULL:!MD5;

#    ssl_prefer_server_ciphers  on;

#    location / {

#        root   html;

#        index  index.html index.htm;

#    }

#}

}