#定义Nginx运行的用户和用户组
user root;
#user nobody;
#nginx进程数,建议设置为等于CPU总核心数
worker_processes 2;
worker_cpu_affinity 01 10;
error_log /usr/local/nginx/logs/nginx_error.log crit;
#pid /usr/local/nginx/nginx.pid;
#工作模式与连接数上限
worker_rlimit_nofile 65535;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
#参考事件模型,use [ kqueue | rtsig | epoll | /dev/poll | select | poll ]; epoll模型是Linux 2.6以上版本内核中的高性能网络I/O模型,如果跑在FreeBSD上面,就用kqueue模型
use epoll;
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
charset utf-8;
#设定请求缓冲
#server_names_hash_bucket_size 128;
#client_header_buffer_size 2k;
#large_client_header_buffers 4 4k;
#client_max_body_size 8m;
sendfile on;
tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 60;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
#这个指令为FastCGI 缓存指定一个路径,目录结构等级,关键字区域存储时间和非活动删除时间。
fastcgi_cache_path /usr/local/nginx/fastcgi_cache levels=1:2 keys_zone=TEST:10m inactive=5m;
#指定连接到后端FastCGI 的超时时间
fastcgi_connect_timeout 300;
#向FastCGI 传送请求的超时时间,这个值是指已经完成两次握手后向FastCGI 传送请求的超时时间
fastcgi_send_timeout 300;
#接收FastCGI 应答的超时时间,这个值是指已经完成两次握手后接收FastCGI 应答的超时时间
fastcgi_read_timeout 300;
#指定读取FastCGI 应答第一部分需要用多大的缓冲区,一般第一部分应答不会超过1k,由于页面大小为4k,所以这里设置为4k
fastcgi_buffer_size 16k;
#指定本地需要用多少和多大的缓冲区来缓冲FastCGI 的应答
fastcgi_buffers 16 16k;
#默认值是fastcgi_buffer的2倍
fastcgi_busy_buffers_size 16k;
##写入缓存文件使用多大的数据块,默认值是fastcgi_buffer的2倍
fastcgi_temp_file_write_size 16k;
#开启fastcgi缓存并为其指定为TEST名称,降低cpu负载,防止502错误发生
fastcgi_cache TEST;
#应答代码缓存时间,200和302应答缓存为1小时,301一天,其他1分钟
fastcgi_cache_valid 200 302 1h;
fastcgi_cache_valid 301 1d;
#为指定的应答代码指定缓存时间,如上例中将200,302 301应答缓存一小时,其他为1分钟
fastcgi_cache_valid any 1m;
#设置链接请求几次就被缓存
fastcgi_cache_min_uses 2;
#定义哪些情况下用过期缓存
fastcgi_cache_use_stale error timeout invalid_header http_500;
#注意一定要加上$request_method作为cache key,否则如果HEAD类型的先请求会导致后面的GET请求返回为空
fastcgi_cache_key $request_method://$host$request_uri;
##cache##
proxy_connect_timeout 5;
proxy_read_timeout 60;
proxy_send_timeout 5;
proxy_buffer_size 16k;
proxy_buffers 4 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
#设置临时目录
proxy_temp_path /usr/local/nginx/temp_dir;
#设置缓存目录为二级目录,共享内存区大小,非活动时间,最大容量,注意临时目录要跟缓存目录在同一个分区。
proxy_cache_path /usr/local/nginx/cache levels=1:2 keys_zone=cache_one:200m inactive=1d max_size=1g;
##end##
open_file_cache max=204800 inactive=20s;
open_file_cache_min_uses 1;
open_file_cache_valid 30s;
tcp_nodelay on;
gzip on;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
gzip_min_length 1k; #最小压缩文件大小
gzip_buffers 4 16k; #压缩缓冲区
gzip_http_version 1.1; #压缩版本(默认1.1,前端如果是squid2.5请使用1.0)
gzip_comp_level 2; #压缩等级
#压缩类型,默认就已经包含text/html,所以下面就不用再写了,写上去也不会有问题,但是会有一个warn。
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
#负载均衡设置 用于负载均衡location(URL 匹配特定位置的设置)
upstream myServer{
server 192.168.1.112:7001 weight=7;
server 192.168.1.113:7002 weight=3;
#server 192.168.1.112:7001 srun_id=tomcat01;
#server 192.168.1.113:7002 srun_id=tomcat02;
#jvm_route $cookie_JSESSIONID|sessionid reverse;
#ip_hash;
}
#主要用于指定 "主机" 和 "端口"
server {
listen 80 default_server;
server_name xxx.xxx.cn xxx.cn;
#charset koi8-r;
#access_log on;
#access_log /usr/local/nginx/logs/host.access.log;
rewrite ^(.*)$ https://$host$1 permanent;
}
#static file
server {
#listen 80 default_server;
listen 443 ssl;
server_name xxx.xxx.cn;
#ssl
ssl on;
ssl_certificate /etc/ssl/crt/server.cer;
ssl_certificate_key /etc/ssl/crt/server.key;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AES128+EECDH:AES128+EDH;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
location ~ .*\.(gif|jpg|png|css|js|flv|ico|swf)(.*) {
proxy_pass http://myServer;
proxy_redirect off;
proxy_set_header Host $host;
#设置缓存共享内存区块,也就是keys_zone名称。
proxy_cache cache_one;
#设置http状态码为200,302缓存时间为1小时。
proxy_cache_valid 200 302 1h;
proxy_cache_valid 301 1d;
proxy_cache_valid any 1m;
#设置失期时间,为10天
expires 30d;
}
}
# HTTPS server
server {
listen 443 ssl;
server_name xxx.xxx.cn xxx.cn;
#ssl
ssl on;
ssl_certificate /etc/ssl/crt/server.cer;
ssl_certificate_key /etc/ssl/crt/server.key;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AES128+EECDH:AES128+EDH;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
root /root/soft/item/web;
#location / {
# root /root/soft/item/web;
# index index.html index.htm;
#}
#location ~ .*\.(gif|jpg|png|css|js|flv|ico|swf)(.*) {
# proxy_pass http://myServer;
# #root /root/soft/item/web;
# #设置失期时间,为30天
# expires 30d;
#}
location /pltweb {
add_header Strict-Transport-Security max-age=63072000;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
proxy_pass http://myServer;
proxy_set_header Host $host:80;
#proxy_redirect off;
#proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Via "nginx";
#proxy_cookie_path /pltweb /;
#proxy_set_header Cookie $http_cookie;
#root html;
#index index.html index.htm;
}
error_page 404 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
#server {
# listen *:80 default_server;
# server_name _;
# location /flx_nginx
# {
# stub_status on;
# access_log off;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
user root;
#user nobody;
#nginx进程数,建议设置为等于CPU总核心数
worker_processes 2;
worker_cpu_affinity 01 10;
error_log /usr/local/nginx/logs/nginx_error.log crit;
#pid /usr/local/nginx/nginx.pid;
#工作模式与连接数上限
worker_rlimit_nofile 65535;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
#参考事件模型,use [ kqueue | rtsig | epoll | /dev/poll | select | poll ]; epoll模型是Linux 2.6以上版本内核中的高性能网络I/O模型,如果跑在FreeBSD上面,就用kqueue模型
use epoll;
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
charset utf-8;
#设定请求缓冲
#server_names_hash_bucket_size 128;
#client_header_buffer_size 2k;
#large_client_header_buffers 4 4k;
#client_max_body_size 8m;
sendfile on;
tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 60;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
#这个指令为FastCGI 缓存指定一个路径,目录结构等级,关键字区域存储时间和非活动删除时间。
fastcgi_cache_path /usr/local/nginx/fastcgi_cache levels=1:2 keys_zone=TEST:10m inactive=5m;
#指定连接到后端FastCGI 的超时时间
fastcgi_connect_timeout 300;
#向FastCGI 传送请求的超时时间,这个值是指已经完成两次握手后向FastCGI 传送请求的超时时间
fastcgi_send_timeout 300;
#接收FastCGI 应答的超时时间,这个值是指已经完成两次握手后接收FastCGI 应答的超时时间
fastcgi_read_timeout 300;
#指定读取FastCGI 应答第一部分需要用多大的缓冲区,一般第一部分应答不会超过1k,由于页面大小为4k,所以这里设置为4k
fastcgi_buffer_size 16k;
#指定本地需要用多少和多大的缓冲区来缓冲FastCGI 的应答
fastcgi_buffers 16 16k;
#默认值是fastcgi_buffer的2倍
fastcgi_busy_buffers_size 16k;
##写入缓存文件使用多大的数据块,默认值是fastcgi_buffer的2倍
fastcgi_temp_file_write_size 16k;
#开启fastcgi缓存并为其指定为TEST名称,降低cpu负载,防止502错误发生
fastcgi_cache TEST;
#应答代码缓存时间,200和302应答缓存为1小时,301一天,其他1分钟
fastcgi_cache_valid 200 302 1h;
fastcgi_cache_valid 301 1d;
#为指定的应答代码指定缓存时间,如上例中将200,302 301应答缓存一小时,其他为1分钟
fastcgi_cache_valid any 1m;
#设置链接请求几次就被缓存
fastcgi_cache_min_uses 2;
#定义哪些情况下用过期缓存
fastcgi_cache_use_stale error timeout invalid_header http_500;
#注意一定要加上$request_method作为cache key,否则如果HEAD类型的先请求会导致后面的GET请求返回为空
fastcgi_cache_key $request_method://$host$request_uri;
##cache##
proxy_connect_timeout 5;
proxy_read_timeout 60;
proxy_send_timeout 5;
proxy_buffer_size 16k;
proxy_buffers 4 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
#设置临时目录
proxy_temp_path /usr/local/nginx/temp_dir;
#设置缓存目录为二级目录,共享内存区大小,非活动时间,最大容量,注意临时目录要跟缓存目录在同一个分区。
proxy_cache_path /usr/local/nginx/cache levels=1:2 keys_zone=cache_one:200m inactive=1d max_size=1g;
##end##
open_file_cache max=204800 inactive=20s;
open_file_cache_min_uses 1;
open_file_cache_valid 30s;
tcp_nodelay on;
gzip on;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
gzip_min_length 1k; #最小压缩文件大小
gzip_buffers 4 16k; #压缩缓冲区
gzip_http_version 1.1; #压缩版本(默认1.1,前端如果是squid2.5请使用1.0)
gzip_comp_level 2; #压缩等级
#压缩类型,默认就已经包含text/html,所以下面就不用再写了,写上去也不会有问题,但是会有一个warn。
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
#负载均衡设置 用于负载均衡location(URL 匹配特定位置的设置)
upstream myServer{
server 192.168.1.112:7001 weight=7;
server 192.168.1.113:7002 weight=3;
#server 192.168.1.112:7001 srun_id=tomcat01;
#server 192.168.1.113:7002 srun_id=tomcat02;
#jvm_route $cookie_JSESSIONID|sessionid reverse;
#ip_hash;
}
#主要用于指定 "主机" 和 "端口"
server {
listen 80 default_server;
server_name xxx.xxx.cn xxx.cn;
#charset koi8-r;
#access_log on;
#access_log /usr/local/nginx/logs/host.access.log;
rewrite ^(.*)$ https://$host$1 permanent;
}
#static file
server {
#listen 80 default_server;
listen 443 ssl;
server_name xxx.xxx.cn;
#ssl
ssl on;
ssl_certificate /etc/ssl/crt/server.cer;
ssl_certificate_key /etc/ssl/crt/server.key;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AES128+EECDH:AES128+EDH;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
location ~ .*\.(gif|jpg|png|css|js|flv|ico|swf)(.*) {
proxy_pass http://myServer;
proxy_redirect off;
proxy_set_header Host $host;
#设置缓存共享内存区块,也就是keys_zone名称。
proxy_cache cache_one;
#设置http状态码为200,302缓存时间为1小时。
proxy_cache_valid 200 302 1h;
proxy_cache_valid 301 1d;
proxy_cache_valid any 1m;
#设置失期时间,为10天
expires 30d;
}
}
# HTTPS server
server {
listen 443 ssl;
server_name xxx.xxx.cn xxx.cn;
#ssl
ssl on;
ssl_certificate /etc/ssl/crt/server.cer;
ssl_certificate_key /etc/ssl/crt/server.key;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AES128+EECDH:AES128+EDH;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
root /root/soft/item/web;
#location / {
# root /root/soft/item/web;
# index index.html index.htm;
#}
#location ~ .*\.(gif|jpg|png|css|js|flv|ico|swf)(.*) {
# proxy_pass http://myServer;
# #root /root/soft/item/web;
# #设置失期时间,为30天
# expires 30d;
#}
location /pltweb {
add_header Strict-Transport-Security max-age=63072000;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
proxy_pass http://myServer;
proxy_set_header Host $host:80;
#proxy_redirect off;
#proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Via "nginx";
#proxy_cookie_path /pltweb /;
#proxy_set_header Cookie $http_cookie;
#root html;
#index index.html index.htm;
}
error_page 404 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
#server {
# listen *:80 default_server;
# server_name _;
# location /flx_nginx
# {
# stub_status on;
# access_log off;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}