Nginx初步配置

编辑

简介

Nginx (“engine x”) 是一个轻量级，高性能的HTTP和反向代理服务器，也是一个IMAP/POP3/SMTP服务器。Nginx是由Igor Sysoev为俄罗斯访问量第二的Rambler.ru站点开发的，第一个公开版本0.1.0发布于2004年10月4日。其将源代码以类BSD许可证的形式发布，因它的稳定性、丰富的功能集、示例配置文件和低系统资源的消耗而闻名，其特点是占有内存少，并发能力强。

一个nginx.conf例子

这是官网上的一个配置，参照该配置，可以初步一窥nginx设置

user  www www;     # 运行nginx的用户及用户组
worker_processes  2;   #启动的进程数
pid /var/run/nginx.pid;   #pid文件位置

# [ debug | info | notice | warn | error | crit ]
error_log  /var/log/nginx.error_log  info;  #日志存放及日志等级设置

events {
  worker_connections   2000;   #每个进程最大的连接数 默认1024
  # use [ kqueue | rtsig | epoll | /dev/poll | select | poll ] ;
  use kqueue;   #使用的处理机制 epoll可以容纳更多请求
}

http {
  include       conf/mime.types;    # 加载mime 
  default_type  application/octet-stream;  #默认文件类型

  log_format main      '$remote_addr - $remote_user [$time_local]  '
    '"$request" $status $bytes_sent '
    '"$http_referer" "$http_user_agent" '
    '"$gzip_ratio"';    #设置日志格式

  log_format download  '$remote_addr - $remote_user [$time_local]  '
    '"$request" $status $bytes_sent '
    '"$http_referer" "$http_user_agent" '
    '"$http_range" "$sent_http_content_range"';

  client_header_timeout  3m;
  client_body_timeout    3m;
  send_timeout           3m;

  client_header_buffer_size    1k;
  large_client_header_buffers  4 4k;

  gzip on;
  gzip_min_length  1100;
  gzip_buffers     4 8k;
  gzip_types       text/plain;   #设置压缩

  output_buffers   1 32k;
  postpone_output  1460;

  sendfile         on;
  tcp_nopush       on;

  tcp_nodelay      on;
  send_lowat       12000;

  keepalive_timeout  75 20;

  # lingering_time     30;
  # lingering_timeout  10;
  # reset_timedout_connection  on;


  server {    #server段
    listen        one.example.com;
    server_name   one.example.com  www.one.example.com;

    access_log   /var/log/nginx.access_log  main;

    location / {   #location段
      proxy_pass         http://127.0.0.1/;  #设置代理
      proxy_redirect     off;

      proxy_set_header   Host             $host;
      proxy_set_header   X-Real-IP        $remote_addr;
      # proxy_set_header  X-Forwarded-For  $proxy_add_x_forwarded_for;

      client_max_body_size       10m;
      client_body_buffer_size    128k;

      client_body_temp_path      /var/nginx/client_body_temp;

      proxy_connect_timeout      90;
      proxy_send_timeout         90;
      proxy_read_timeout         90;
      proxy_send_lowat           12000;

      proxy_buffer_size          4k;
      proxy_buffers              4 32k;
      proxy_busy_buffers_size    64k;
      proxy_temp_file_write_size 64k;

      proxy_temp_path            /var/nginx/proxy_temp;

      charset  koi8-r;
    }

    error_page  404  /404.html;  #定义404页面

    location /404.html {
      root  /spool/www;

      charset         on;
      source_charset  koi8-r;
    }

    location /old_stuff/ {
      rewrite   ^/old_stuff/(.*)$  /new_stuff/$1  permanent;  #rewrite重定向
    }

    location /download/ {
      valid_referers  none  blocked  server_names  *.example.com;

      if ($invalid_referer) {    #if判断条件
        #rewrite   ^/   http://www.example.com/;
        return   403;
      }

      # rewrite_log  on;
      # rewrite /download/*/mp3/*.any_ext to /download/*/mp3/*.mp3
      rewrite ^/(download/.*)/mp3/(.*)\..*$ /$1/mp3/$2.mp3 break;

      root         /spool/www;
      # autoindex    on;
      access_log   /var/log/nginx-download.access_log  download;
    }

    location ~* ^.+\.(jpg|jpeg|gif)$ {   #为静态资源设置缓存
      root         /spool/www;
      access_log   off;
      expires      30d;
    }
  }
}

负载均衡

http {
  upstream myproject {
    server 127.0.0.1:8000 weight=3;
    server 127.0.0.1:8001;
    server 127.0.0.1:8002;
    server 127.0.0.1:8003;
  }

  server {
    listen 80;
    server_name www.domain.com;
    location / {
      proxy_pass http://myproject;
    }
  }
}

反向代理及缓存

http {
    proxy_cache_path  /data/nginx/cache  levels=1:2    keys_zone=STATIC:10m
    inactive=24h  max_size=1g;
    server {
        location / {
            proxy_pass             http://1.2.3.4;
            proxy_set_header       Host $host;
            proxy_cache            STATIC;
            proxy_cache_valid      200  1d;
            proxy_cache_use_stale  error timeout invalid_header updating
                                   http_500 http_502 http_503 http_504;
        }
    }
}

重定向

http {

    server {
    	listen 80;
    	server_name www.domain.com;
        return 301 https://www.domain.com$request_uri;
    }
}

反向代理某G

server {
	listen 443 ssl http2;
	server_name google.domain.com;

	root /usr/share/nginx/html;
	index index.html index.htm;

	ssl on;
	ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;

    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

    ssl_ciphers  HIGH:!aNULL:!MD5;

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/letsencrypt/dhparams.pem;

	location / {
	        proxy_pass https://www.replace.com/;
	}
}

http/2支持

http/2 至少需nginx 1.9版本以上， 编译时openssl版本建议也使用比较高版本不低于 1.0.2

补充链接: https://www.zybuluo.com/phper/note/89391

将可能用到的第三方http请求进行反响代理

location ~ "^/proxy/(.*)$" {
        resolver 8.8.8.8;
        proxy_pass http://$1;
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        expires 7d;
}

add a fallback to my proxy in nginx

https://serverfault.com/questions/765483/how-to-add-a-fallback-to-my-proxy-in-nginx

server {
    listen       8080;
    server_name  mydomain;
    access_log   /log/path/logging.log;
    error_page   400 401 402 403 404 405 500 501 502 503 504  @error_page;

    location     @error_page {
        root       /var/www/html/;
        rewrite ^  https://domain.com/error/index.html;
        break;
    }

    location / {
        proxy_redirect          off;
        proxy_pass_header       Server;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Scheme $scheme;
        proxy_set_header        Host $http_host;
        proxy_set_header        X-NginX-Proxy true;
        proxy_connect_timeout   5;
        proxy_read_timeout      240;
        proxy_intercept_errors  on;

        proxy_pass              http://127.0.0.1:1337;
    }
}

This will redirect all traffic from maindomain:8080 to https://domain.com/error/index.html if the service on http://127.0.0.1:1337 is unavailable(all errors).