nginx 配置
本文主讲nginx的配置
nginx的安装,详见:nginx 安装、配置、负载均衡、反向代理<一>
准备工作: 一台能联公网的CentOS 7.x服务器
# root 登录(因为要使用80端口,一般情况下需要root权限)
cd /etc/nginx
# 备份一下原来的nginx.conf文件__很重要!!!__
cp nginx.conf nginx.conf.cp
# 检查一下nginx安装正确
systemctl status mginx
# 编辑nginx.conf配置文件
# 在此重申一遍,一定要做好备份工作,不然自己配置的有问题只能找别人要一份备份文件(文末有)或者重装了
vi nginx.conf
nginx.conf配置文件可配置项说明
全局配置项 | 主要功能 | 配置说明 |
---|---|---|
user | 配置nginx用户 | 直接使用root操作nginx可以不配置 |
worker_processes | 开启的nginx进程数 | 一般根据自己服务器内核数的1~2倍设置 |
error_log | 日志文件存放的地方 | 需要查看日志的才需要去配置 |
pid | 存放nginx进程pid的地方 | |
worker_connections | 单个进程允许的最大并发连接数 | 根据服务器性能配置 |
upstream | nginx负载均衡配置 | 具体配置如下 |
http | web服务器配置 | 具体配置项如下 |
http(s)配置项 | 值 | 配置说明 |
---|---|---|
gzip | on/off | 是否打开gzip压缩,具体gzip压缩下面详述 |
server | 虚拟主机的web服务配置 | 具体配置见下面负载均衡和反向代理 |
listen | 80/443 | 监听服务器实体主机的访问端口 |
server_name | 域名 | 可以访问到这台主机的域名 |
location | server代理的内部服务或者其他域的服务 | |
负载均衡配置
upstream <命名,eg:backend_test> {
#ip_hash; # 当负载两台以上用ip来hash解决session的问题
server 192.168.10.100:8080 max_fails=2 fail_timeout=30s ;
server 192.168.10.101:8080 max_fails=2 fail_timeout=30s ;
}
# server段配合负载均衡的设置
server {
listen 80;
server_name www.aliyuntest.com; #要访问的域名,这里用的测试域名,如果有多个,用逗号分开
charset utf8;
location / {
proxy_pass http://backend_test; #这里backend_test是上面的负载的名称,映射到代理服务器
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
- 以上,配置完负载均衡,在浏览器访问
www.aliyuntest.com
会被均衡到我们配置的两个IP上的服务上
反向代理配置
server {
listen 80;
server_name app.aliyuntest.com; #反向代理到另一个域名(可以使同一个域名下的多个二级域名)
charset utf8;
#charset koi8-r;
#access_log logs/host.access.log main;
location / { # 这里的 / 表示的是访问的 app.aliyuntest.com/
proxy_pass http://110.110.110.110:8000; #这里可以填本机开启的服务,也可以填其他机器开启的服务,格式http://Ip:port或者http://域名:port (端口为80的不用写,为443的也不写,但要把http改为https)
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
- 以上,负载均衡配置的server部分,其实也是一个反向代理的过程
- 反向代理中比较重要的就是
location
字段的配置,一般情况下,这些配置足够了,更多详细的配置请百度
gzip 压缩
gzip on; # 开启gzip压缩
gzip_min_length 1k; # 压缩的临界值,大于1K的才压缩
gzip_buffers 4 512k; # gzip压缩的内存大小
#gzip_http_version 1.0; # 用了nginx反向代理的默认是http/1.1,需要http:/1.0的取消注释
gzip_comp_level 6; # 压缩级别,越大压缩的越小,服务器压力越大
gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png application/javascript; # 压缩文件格式,浏览器-控制台-network-http请求的Respose-Headers中查看content-type字段
gzip_vary off;
gzip_disable "MSIE [1-6]\."; # IE6不使用gzip压缩
# 检测gzip是否开启成功
curl -I -H "Accept-Encoding: gzip, deflate" "http://域名/路由"
初始状态的 nginx.conf 配置文件内容可免费复制使用-,-
#user nobody;
worker_processes 1;
#error_log /var/log/nginx/error.log;
#error_log /var/log/nginx/error.log notice;
#error_log /var/log/nginx/error.log info;
#pid /var/run/nginx/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / {
root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
配置了反向代理的 nginx.conf 配置文件内容仅供参考
#user nobody;
worker_processes 4;
#error_log /var/log/nginx/error.log;
#error_log /var/log/nginx/error.log notice;
#error_log /var/log/nginx/error.log info;
#pid /var/run/nginx/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 512k;
#gzip_http_version 1.0;
gzip_comp_level 6;
gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png application/javascript;
gzip_vary off;
gzip_disable "MSIE [1-6]\.";
server {
listen 80;
server_name app.aliyun_test.com;
charset utf8;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / {
proxy_pass http://110.110.110.110:8000; #这里proxy_test是上面的负载的名称,映射到代理服务器,可以是ip加端口, 或url
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 80;
server_name www.aliyun_test.top;
charset utf8;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / {
proxy_pass http://www.my_aliyun_test.cn; #这里proxy_test是上面的负载的名称,映射到代理服务器,可以是ip加端口, 或url
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}