## 定义Nginx运行的用户和用户组,如果用户组省略,用户组名默认为用户名
## Syntax:user user [group];
## Default:user nobody nobody;
## Context:main
[b]user nginx ngnix[/b];
## nginx进程数,建议设置为等于CPU总核心数,
## The auto parameter is supported starting from versions 1.3.8 and 1.2.5.
## Syntax:worker_processes number | auto;
## Default:worker_processes 1;
## Context:main
[b]worker_processes 4;[/b]
## 全局错误日志定义类型,
## log level: [debug | info | notice | warn | error | crit | alert | emerg]
## Syntax:error_log file | stderr | syslog:server=address[,parameter=value]|
## memory:size [debug | info | notice | warn | error | crit | alert | emerg];
## Default:error_log logs/error.log error;
## Context:main, http, stream, server, location
#error_log logs/error.log;
#error_log logs/error.log notice;
[b]error_log logs/error.log info;[/b]
## 进程文件
## Syntax:pid file;
## Default:pid nginx.pid;
## Context:main
[b]pid logs/nginx.pid;[/b]
## 一个nginx进程打开的最多文件描述符数目,理论值应该是最多打开文件数
##(系统的值ulimit -n)与nginx进程数相除,但是nginx分配请求并不均匀,
## 所以建议与ulimit -n的值保持一致。
## Syntax:worker_rlimit_nofile number;
## Default:—
## Context:main
[b]worker_rlimit_nofile 65535;[/b]
## 工作模式与连接数上限
## Syntax:events { ... }
## Default:—
## Context:main
events {
## 参考事件模型,use [ kqueue | rtsig | epoll | /dev/poll | select | poll ];
## epoll模型是Linux 2.6以上版本内核中的高性能网络I/O模型,
## 如果跑在FreeBSD上面,就用kqueue模型。
## Syntax:use method;
## Default:—
## Context:events
[b]use epoll;[/b]
## 单个进程最大连接数(最大连接数=连接数*进程数)
## Syntax:worker_connections number;
## Default:worker_connections 512;
## Context:events
[b]worker_connections 20000;[/b]
}
## 设定http服务器
## Syntax:http { ... }
## Default:—
## Context:main
http {
## Includes another file, or files matching the specified mask,
## into configuration. Included files should consist of syntactically correct
## directives and blocks.
## Syntax: include file | mask;
## Default:—
## Context:any
[b]include mime.types;[/b]
## 定义响应的默认MIME类型
## Syntax: default_type mime-type;
## Default:default_type text/plain;
## Context:http, server, location
[b]default_type application/octet-stream;[/b]
## 指定响应头信息域Content-Type的编码格式
## If this charset is different from the charset specified in the
## source_charset directive, a conversion is performed.
## The parameter off cancels the addition of charset to
## the “Content-Type” response header field.
## Syntax:charset charset | off;
## Default:charset off;
## Context:http, server, location, if in location
[b]charset utf-8;[/b]
## 服务器名字的hash表大小
## Sets the bucket size for the server names hash tables.
## The default value depends on the size of the processor’s cache line
## Syntax: server_names_hash_bucket_size size;
## Default:server_names_hash_bucket_size 32|64|128;
## Context:http
[b] server_names_hash_bucket_size 128; [/b]
##设置读客户端请求头信息的缓存大小
## Sets buffer size for reading client request header. For most requests,
## a buffer of 1K bytes is enough. However, if a request includes long
## cookies, or comes from a WAP client, it may not fit into 1K.
## If a request line or a request header field does not fit into this buffer
## then larger buffers
## Syntax: client_header_buffer_size size;
## Default:client_header_buffer_size 1k;
## Context:http, server
[b] client_header_buffer_size 32k;[/b]
## 设置读大的客户端请求头信息的缓存的最大个数和缓存的大小
## Sets the maximum number and size of buffers used for reading large
## client request header. A request line cannot exceed the size of one buffer,
## or the 414 (Request-URI Too Large) error is returned to the client. A
## request header field cannot exceed the size of one buffer as well,
## or the 400 (Bad Request) error is returned to the client. Buffers are
## allocated only on demand. By default, the buffer size is equal to 8K bytes.
## If after the end of request processing a connection is transitioned into
## the keep-alive state, these buffers are released.
## Syntax: large_client_header_buffers number size;
## Default: large_client_header_buffers 4 8k;
## Context: http, server
[b]large_client_header_buffers 4 64k;[/b]
## 设置客户端请求报文体的最大允许值,设置size为0,不检查客户端请求报文体的大小
## Sets the maximum allowed size of the client request body, specified in the
## “Content-Length” request header field. If the size in a request exceeds
## the configured value, the 413 (Request Entity Too Large) error is returned
## to the client. Please be aware that browsers cannot correctly display
## this error.
## Syntax: client_max_body_size size;
## Default: client_max_body_size 1m;
## Context: http, server, location
[b]client_max_body_size 8m; [/b]
## 日志格式设定
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
## 定义本虚拟主机的访问日志
[b]access_log logs/access.log main;[/b]
## 开启高效文件传输模式,sendfile指令指定nginx是否调用sendfile函数来输出文件,
## 对于普通应用设为 on,如果用来进行下载等应用磁盘IO重负载应用,可设置为off,
## 以平衡磁盘与网络I/O处理速度,降低系统的负载。
## 注意:如果图片显示不正常把这个改成off。
## Enables or disables the use of sendfile().
## Syntax:sendfile on | off;
## Default:sendfile off;
## Context:http, server, location, if in location
[b]sendfile on;[/b]
## 开启目录列表访问,合适下载服务器,默认关闭。
## Enables or disables the directory listing output.
## Syntax: autoindex on | off;
## Default: autoindex off;
## Context: http, server, location
[b]autoindex on;[/b]
## 防止网络阻塞,这个选项仅当sendfile开启时才生效
## Syntax: tcp_nopush on | off;
## Default: tcp_nopush off;
## Context: http, server, location
## Enables or disables the use of the TCP_NOPUSH socket option on FreeBSD or
## the TCP_CORK socket option on Linux.
[b]tcp_nopush on;[/b]
## 防止网络阻塞
## Enables or disables the use of the TCP_NODELAY option. The option is
## enabled only when a connection is transitioned into the keep-alive state.
## Syntax: tcp_nodelay on | off;
## Default: tcp_nodelay on;
## Context: http, server, location
[b]tcp_nodelay on;[/b]
## 长连接超时时间,单位是秒
## The first parameter sets a timeout during which a keep-alive client
## connection will stay open on the server side. The zero value disables
## keep-alive client connections. The optional second parameter sets a value
## in the “Keep-Alive: timeout=time” response header field.
## Two parameters may differ.
## The “Keep-Alive: timeout=time” header field is recognized by Mozilla and
## Konqueror. MSIE closes keep-alive connections by itself in
## about 60 seconds.
## Syntax: keepalive_timeout timeout [header_timeout];
## Default: keepalive_timeout 75s;
## Context: http, server, location
[b]keepalive_timeout 120;[/b]
#gzip模块设置
## 开启或关闭gzip压缩输出
## Enables or disables gzipping of responses.
## Syntax: gzip on | off;
## Default: gzip off;
## Context: http, server, location, if in location
[b] gzip on; [/b]
## 最小压缩文件大小
## Sets the minimum length of a response that will be gzipped.
## The length is determined only from the “Content-Length”
## response header field.
## Syntax: gzip_min_length length;
## Default: gzip_min_length 20;
## Context: http, server, location
[b]gzip_min_length 1k; [/b]
## 压缩缓冲区个数和大小设置
## Sets the number and size of buffers used to compress a response.
## By default, the buffer size is equal to one memory page.
## This is either 4K or 8K, depending on a platform.
## Syntax: gzip_buffers number size;
## Default: gzip_buffers 32 4k|16 8k;
## Context: http, server, location
[b]gzip_buffers 4 16k; [/b]
## 压缩的HTTP版本(默认1.1,前端如果是squid2.5请使用1.0)
## Sets the minimum HTTP version of a request required to compress a response.
## Syntax: gzip_http_version 1.0 | 1.1;
## Default: gzip_http_version 1.1;
## Context: http, server, location
[b]gzip_http_version 1.0;[/b]
## 压缩等级
## Sets a gzip compression level of a response. Acceptable values are in
## the range from 1 to 9.
## Syntax: gzip_comp_level level;
## Default: gzip_comp_level 1;
## Context: http, server, location
[b]gzip_comp_level 2;[/b]
## 压缩类型,默认就已经包含text/html,所以下面就不用再写了,
## 写上去也不会有问题,但是会有一个warn。
## Enables gzipping of responses for the specified MIME types in addition to
## “text/html”. The special value “*” matches any MIME type (0.8.29).
## Responses with the “text/html” type are always compressed.
## Syntax: gzip_types mime-type ...;
## Default: gzip_types text/html;
## Context: http, server, location
[b]gzip_types text/plain application/x-javascript text/css application/xml;[/b]
## Enables or disables inserting the “Vary: Accept-Encoding”
## response header field if the directives gzip, gzip_static, or gunzip are active.
## Syntax: gzip_vary on | off;
## Default: gzip_vary off;
## Context: http, server, location
[b]gzip_vary on;[/b]
## Defines a group of servers. Servers can listen on different ports.
## In addition, servers listening on TCP and UNIX-domain sockets can be mixed.
## Example:
## upstream backend {
## server backend1.example.com weight=5;
## server 127.0.0.1:8080 max_fails=3 fail_timeout=30s;
## server unix:/tmp/backend3;
## server backup1.example.com backup;
## }
## By default, requests are distributed between the servers using a weighted
## round-robin balancing method. In the above example, each 7 requests will be
## distributed as follows: 5 requests go to backend1.example.com and one
## request to each of the second and third servers. If an error occurs during
## communication with a server, the request will be passed to the next server,
## and so on until all of the functioning servers will be tried. If a
## successful response could not be obtained from any of the servers, the
## client will receive the result of the communication with the last server.
## Syntax: upstream name { ... }
## Default: —
## Context: http
upstream localhost {
## Defines the address and other parameters of a server. The address can
## be specified as a domain name or IP address, with an optional port,
## or as a UNIX-domain socket path specified after the “unix:” prefix.
## If a port is not specified, the port 80 is used. A domain name that
## resolves to several IP addresses defines multiple servers at once.
## The following parameters can be defined:
## weight=number
## sets the weight of the server, by default, 1.
## weight是权重,可以根据机器配置定义权重。
## weigth参数表示权值,权值越高被分配到的几率越大
## max_fails=number
## sets the number of unsuccessful attempts to communicate
## with the server that should happen in the duration set by
## the fail_timeout parameter to consider the server
## unavailable for a duration also set by the fail_timeout
## parameter. By default, the number of unsuccessful attempts
## is set to 1. The zero value disables the accounting of
## attempts. What is considered an unsuccessful attempt is
## defined by the proxy_next_upstream, fastcgi_next_upstream,
## uwsgi_next_upstream, scgi_next_upstream,
## and memcached_next_upstream directives.
## fail_timeout=time
## sets
## the time during which the specified number of
## unsuccessful attempts to communicate with the server
## should happen to consider the server unavailable;
## and the period of time the server will be considered
## unavailable.By default, the parameter is set to 10 seconds.
## backup
## marks the server as a backup server. It will be passed
## requests when the primary servers are unavailable.
## down
## marks the server as permanently unavailable.
## Syntax:server address [parameters];
## Default:—
## Context:upstream
[b]server 192.168.80.121:8080 weight=3;
server 192.168.80.122:8080 weight=2;
server 192.168.80.123:8080 weight=3; [/b]
}
## 虚拟主机的配置
## Sets configuration for a virtual server. There is no clear separation
## between IP-based (based on the IP address) and name-based
## (based on the “Host” request header field) virtual servers.
## Instead, the listen directives describe all addresses and ports that
## should accept connections for the server, and the server_name directive
## lists all server names.
## Syntax: server { ... }
## Default: —
## Context: http
server {
## 监听端口
##Syntax: [b]listen[/b] address[:port] [default_server] [ssl] [spdy]
## [proxy_protocol] [setfib=number] [fastopen=number]
## [backlog=number] [rcvbuf=size] [sndbuf=size]
## [accept_filter=filter] [deferred] [bind] [ipv6only=on|off]
## [so_keepalive=on|off|[keepidle]:[keepintvl]:[keepcnt]];
## [b]listen[/b] port [default_server] [ssl] [spdy]
## [proxy_protocol]
## [setfib=number] [fastopen=number] [backlog=number] [rcvbuf=size]
## [sndbuf=size] [accept_filter=filter] [deferred] [bind]
## [ipv6only=on|off] [so_keepalive=on|off|[keepidle]:[keepintvl]:
## [keepcnt]];
## [b] listen[/b] unix:path [default_server] [ssl] [spdy]
## [proxy_protocol] [backlog=number] [rcvbuf=size] [sndbuf=size]
## [accept_filter=filter] [deferred] [bind] [so_keepalive=on|off|
## [keepidle]:[keepintvl]:[keepcnt]];
##Default:listen *:80 | *:8000;
##Context:server
##Sets the address and port for IP, or the path for a UNIX-domain socket
##on which the server will accept requests. Both address and port, or only
##address or only port can be specified.
##If only address is given, the port 80 is used
[b]listen 8080;[/b]
## Sets names of a virtual server,域名可以有多个,用空格隔开
## Syntax:server_name name ...;
## Default:server_name "";
## Context:server
##The first name becomes the primary server name.
[b]server_name example.com www.example.com;[/b]
## Defines files that will be used as an index
## Syntax:index file ...;
## Default:index index.html;
## Context:http, server, location
[b]index index.html index.htm[/b]
##Sets the root directory for requests.
##Syntax:root path;
##Default:root html;
##Context:http, server, location, if in location
##For example, with the following configuration
## location /i/ {
## root /data/w3;
## }
## The /data/w3/i/top.gif file will be sent in response to the
## “/i/top.gif” request.
## The path value can contain variables, except $document_root
## and $realpath_root.
## A path to the file is constructed by merely adding a URI to
## the value of the root directive.
[b]root /data0/htdocs[/b]
##Sets configuration depending on a request URI
##Syntax:location [ = | ~ | ~* | ^~ ] uri { ... }
## location @name { ... }
##Default: —
##Context:server, location
##A location can either be defined by a prefix string, or by a regular
##expression. Regular expressions are specified with the preceding “~*”
##modifier (for case-insensitive matching), or the “~” modifier (for
##case-sensitive matching). To find location matching a given request,
##nginx first checks locations defined using the prefix strings (prefix
##locations). Among them, the location with the longest matching prefix is
##selected and remembered. Then regular expressions are checked, in the
##order of their appearance in the configuration file. The search of
##regular expressions terminates on the first match, and the corresponding
##configuration is used. If no match with a regular expression is found
##then the configuration of the prefix location remembered earlier
##is used.
##Let’s illustrate the above by an example:
## location = / {
## [ configuration A ]
## }
## location / {
## [ configuration B ]
## }
## location /documents/ {
## [ configuration C ]
## }
## location ^~ /images/ {
## [ configuration D ]
## }
## location ~* \.(gif|jpg|jpeg)$ {
## [ configuration E ]
## }
## The “/” request will match configuration A, the “/index.html”
## request will match configuration B, the “/documents/document.html”
## request will match configuration C, the “/images/1.gif” request will
## match configuration D, and the “/documents/1.jpg” request will
## match configuration E.
## 对 "/" 启用反向代理
location / {
##后端的Web服务器可以通过X-Forwarded-For获取用户真实IP
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
##以下是一些反向代理的配置,可选。
[b]proxy_set_header Host $host:8080;[/b]
[b]proxy_redirect off;[/b]
##允许客户端请求的最大单文件字节数
[b]client_max_body_size 10m;[/b]
##缓冲区代理缓冲用户端请求的最大字节数
[b]client_body_buffer_size 128k;[/b]
##nginx跟后端服务器连接超时时间(代理连接超时)
[b]proxy_connect_timeout 90;[/b]
##后端服务器数据回传时间(代理发送超时)
[b]proxy_send_timeout 90;[/b]
##连接成功后,后端服务器响应时间(代理接收超时)
[b]proxy_read_timeout 90;[/b]
##设置代理服务器(nginx)保存用户头信息的缓冲区大小
[b]proxy_buffer_size 4k;[/b]
##proxy_buffers缓冲区,网页平均在32k以下的设置
proxy_buffers 4 32k;
##高负荷下缓冲大小(proxy_buffers*2)
[b]proxy_busy_buffers_size 64k;[/b]
##设定缓存文件夹大小,大于这个值,将从upstream服务器传
[b]proxy_temp_file_write_size 64k;[/b]
## Sets the address of a proxied server
## Syntax: proxy_pass address;
## Default: —
## Context: server
proxy_pass http://localhost;
}
##本地动静分离反向代理配置
##所有jsp的页面均交由tomcat或glassfish处理
location ~ .(jsp|jspx|do)?$ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080;
}
##所有静态文件由nginx直接读取不经过tomcat或glassfish
##图片缓存时间设置
location ~ .*.(htm|html|gif|jpg|jpeg|png|bmp|swf|ioc|rar|zip|txt|flv|mid|doc|ppt|pdf|xls|mp3|wma)$
{
expires 15d;
}
##JS和CSS缓存时间设置
location ~ .*.(js|css)?$
{
expires 1h;
}
##Syntax:error_page code ... [=[response]] uri;
##Default:—
##Context:http, server, location, if in location
## Defines the URI that will be shown for the specified errors. error_page
## directives are inherited from the previous level only if there are no
## error_page directives defined on the current level. A uri value can
## contain variables.
## Example:
## error_page 404 /404.html;
## error_page 500 502 503 504 /50x.html;
## Furthermore, it is possible to change the response code to another
## using the “=response” syntax, for example:
## error_page 404 =200 /empty.gif;
#error_page 404 /404.html;
[b]error_page 500 502 503 504 /50x.html;[/b]
##redirect server error pages to the static page /50x.html
location = /50x.html {
root html;
}
##设定查看Nginx状态的地址
location /NginxStatus {
stub_status on;
access_log on;
auth_basic "NginxStatus";
auth_basic_user_file conf/htpasswd;
#htpasswd文件的内容可以用apache提供的htpasswd工具来产生。
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
# }
}
更详细的模块参数请参考: http://nginx.org/en/docs/dirindex.html
配置完成后,检查一下nginx配置文件是否可用,有successful表示可用。
$ nginx -t // 检查nginx配置文件
配置正确后,重新加载配置文件使配置生效:
$ nginx -s reload // 使配置生效
[b]nginx配置https访问[/b]
server {
listen 443;
server_name bjubi.com; // 你的域名
client_max_body_size 30m;
ssl on;
ssl_certificate cert/214292799730473.crt;// 改成你的证书的名字
ssl_certificate_key cert/214292799730473.key;// 你的证书的名字
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_session_timeout 10m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 sslv3;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://120.22.85.211:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_max_temp_file_size 512m;
}
}
server {
listen 80;
server_name bjubi.com;// 你的域名
rewrite ^(.*)$ https://$host$1 permanent;// 把http的域名请求转成https
}
## Syntax:user user [group];
## Default:user nobody nobody;
## Context:main
[b]user nginx ngnix[/b];
## nginx进程数,建议设置为等于CPU总核心数,
## The auto parameter is supported starting from versions 1.3.8 and 1.2.5.
## Syntax:worker_processes number | auto;
## Default:worker_processes 1;
## Context:main
[b]worker_processes 4;[/b]
## 全局错误日志定义类型,
## log level: [debug | info | notice | warn | error | crit | alert | emerg]
## Syntax:error_log file | stderr | syslog:server=address[,parameter=value]|
## memory:size [debug | info | notice | warn | error | crit | alert | emerg];
## Default:error_log logs/error.log error;
## Context:main, http, stream, server, location
#error_log logs/error.log;
#error_log logs/error.log notice;
[b]error_log logs/error.log info;[/b]
## 进程文件
## Syntax:pid file;
## Default:pid nginx.pid;
## Context:main
[b]pid logs/nginx.pid;[/b]
## 一个nginx进程打开的最多文件描述符数目,理论值应该是最多打开文件数
##(系统的值ulimit -n)与nginx进程数相除,但是nginx分配请求并不均匀,
## 所以建议与ulimit -n的值保持一致。
## Syntax:worker_rlimit_nofile number;
## Default:—
## Context:main
[b]worker_rlimit_nofile 65535;[/b]
## 工作模式与连接数上限
## Syntax:events { ... }
## Default:—
## Context:main
events {
## 参考事件模型,use [ kqueue | rtsig | epoll | /dev/poll | select | poll ];
## epoll模型是Linux 2.6以上版本内核中的高性能网络I/O模型,
## 如果跑在FreeBSD上面,就用kqueue模型。
## Syntax:use method;
## Default:—
## Context:events
[b]use epoll;[/b]
## 单个进程最大连接数(最大连接数=连接数*进程数)
## Syntax:worker_connections number;
## Default:worker_connections 512;
## Context:events
[b]worker_connections 20000;[/b]
}
## 设定http服务器
## Syntax:http { ... }
## Default:—
## Context:main
http {
## Includes another file, or files matching the specified mask,
## into configuration. Included files should consist of syntactically correct
## directives and blocks.
## Syntax: include file | mask;
## Default:—
## Context:any
[b]include mime.types;[/b]
## 定义响应的默认MIME类型
## Syntax: default_type mime-type;
## Default:default_type text/plain;
## Context:http, server, location
[b]default_type application/octet-stream;[/b]
## 指定响应头信息域Content-Type的编码格式
## If this charset is different from the charset specified in the
## source_charset directive, a conversion is performed.
## The parameter off cancels the addition of charset to
## the “Content-Type” response header field.
## Syntax:charset charset | off;
## Default:charset off;
## Context:http, server, location, if in location
[b]charset utf-8;[/b]
## 服务器名字的hash表大小
## Sets the bucket size for the server names hash tables.
## The default value depends on the size of the processor’s cache line
## Syntax: server_names_hash_bucket_size size;
## Default:server_names_hash_bucket_size 32|64|128;
## Context:http
[b] server_names_hash_bucket_size 128; [/b]
##设置读客户端请求头信息的缓存大小
## Sets buffer size for reading client request header. For most requests,
## a buffer of 1K bytes is enough. However, if a request includes long
## cookies, or comes from a WAP client, it may not fit into 1K.
## If a request line or a request header field does not fit into this buffer
## then larger buffers
## Syntax: client_header_buffer_size size;
## Default:client_header_buffer_size 1k;
## Context:http, server
[b] client_header_buffer_size 32k;[/b]
## 设置读大的客户端请求头信息的缓存的最大个数和缓存的大小
## Sets the maximum number and size of buffers used for reading large
## client request header. A request line cannot exceed the size of one buffer,
## or the 414 (Request-URI Too Large) error is returned to the client. A
## request header field cannot exceed the size of one buffer as well,
## or the 400 (Bad Request) error is returned to the client. Buffers are
## allocated only on demand. By default, the buffer size is equal to 8K bytes.
## If after the end of request processing a connection is transitioned into
## the keep-alive state, these buffers are released.
## Syntax: large_client_header_buffers number size;
## Default: large_client_header_buffers 4 8k;
## Context: http, server
[b]large_client_header_buffers 4 64k;[/b]
## 设置客户端请求报文体的最大允许值,设置size为0,不检查客户端请求报文体的大小
## Sets the maximum allowed size of the client request body, specified in the
## “Content-Length” request header field. If the size in a request exceeds
## the configured value, the 413 (Request Entity Too Large) error is returned
## to the client. Please be aware that browsers cannot correctly display
## this error.
## Syntax: client_max_body_size size;
## Default: client_max_body_size 1m;
## Context: http, server, location
[b]client_max_body_size 8m; [/b]
## 日志格式设定
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
## 定义本虚拟主机的访问日志
[b]access_log logs/access.log main;[/b]
## 开启高效文件传输模式,sendfile指令指定nginx是否调用sendfile函数来输出文件,
## 对于普通应用设为 on,如果用来进行下载等应用磁盘IO重负载应用,可设置为off,
## 以平衡磁盘与网络I/O处理速度,降低系统的负载。
## 注意:如果图片显示不正常把这个改成off。
## Enables or disables the use of sendfile().
## Syntax:sendfile on | off;
## Default:sendfile off;
## Context:http, server, location, if in location
[b]sendfile on;[/b]
## 开启目录列表访问,合适下载服务器,默认关闭。
## Enables or disables the directory listing output.
## Syntax: autoindex on | off;
## Default: autoindex off;
## Context: http, server, location
[b]autoindex on;[/b]
## 防止网络阻塞,这个选项仅当sendfile开启时才生效
## Syntax: tcp_nopush on | off;
## Default: tcp_nopush off;
## Context: http, server, location
## Enables or disables the use of the TCP_NOPUSH socket option on FreeBSD or
## the TCP_CORK socket option on Linux.
[b]tcp_nopush on;[/b]
## 防止网络阻塞
## Enables or disables the use of the TCP_NODELAY option. The option is
## enabled only when a connection is transitioned into the keep-alive state.
## Syntax: tcp_nodelay on | off;
## Default: tcp_nodelay on;
## Context: http, server, location
[b]tcp_nodelay on;[/b]
## 长连接超时时间,单位是秒
## The first parameter sets a timeout during which a keep-alive client
## connection will stay open on the server side. The zero value disables
## keep-alive client connections. The optional second parameter sets a value
## in the “Keep-Alive: timeout=time” response header field.
## Two parameters may differ.
## The “Keep-Alive: timeout=time” header field is recognized by Mozilla and
## Konqueror. MSIE closes keep-alive connections by itself in
## about 60 seconds.
## Syntax: keepalive_timeout timeout [header_timeout];
## Default: keepalive_timeout 75s;
## Context: http, server, location
[b]keepalive_timeout 120;[/b]
#gzip模块设置
## 开启或关闭gzip压缩输出
## Enables or disables gzipping of responses.
## Syntax: gzip on | off;
## Default: gzip off;
## Context: http, server, location, if in location
[b] gzip on; [/b]
## 最小压缩文件大小
## Sets the minimum length of a response that will be gzipped.
## The length is determined only from the “Content-Length”
## response header field.
## Syntax: gzip_min_length length;
## Default: gzip_min_length 20;
## Context: http, server, location
[b]gzip_min_length 1k; [/b]
## 压缩缓冲区个数和大小设置
## Sets the number and size of buffers used to compress a response.
## By default, the buffer size is equal to one memory page.
## This is either 4K or 8K, depending on a platform.
## Syntax: gzip_buffers number size;
## Default: gzip_buffers 32 4k|16 8k;
## Context: http, server, location
[b]gzip_buffers 4 16k; [/b]
## 压缩的HTTP版本(默认1.1,前端如果是squid2.5请使用1.0)
## Sets the minimum HTTP version of a request required to compress a response.
## Syntax: gzip_http_version 1.0 | 1.1;
## Default: gzip_http_version 1.1;
## Context: http, server, location
[b]gzip_http_version 1.0;[/b]
## 压缩等级
## Sets a gzip compression level of a response. Acceptable values are in
## the range from 1 to 9.
## Syntax: gzip_comp_level level;
## Default: gzip_comp_level 1;
## Context: http, server, location
[b]gzip_comp_level 2;[/b]
## 压缩类型,默认就已经包含text/html,所以下面就不用再写了,
## 写上去也不会有问题,但是会有一个warn。
## Enables gzipping of responses for the specified MIME types in addition to
## “text/html”. The special value “*” matches any MIME type (0.8.29).
## Responses with the “text/html” type are always compressed.
## Syntax: gzip_types mime-type ...;
## Default: gzip_types text/html;
## Context: http, server, location
[b]gzip_types text/plain application/x-javascript text/css application/xml;[/b]
## Enables or disables inserting the “Vary: Accept-Encoding”
## response header field if the directives gzip, gzip_static, or gunzip are active.
## Syntax: gzip_vary on | off;
## Default: gzip_vary off;
## Context: http, server, location
[b]gzip_vary on;[/b]
## Defines a group of servers. Servers can listen on different ports.
## In addition, servers listening on TCP and UNIX-domain sockets can be mixed.
## Example:
## upstream backend {
## server backend1.example.com weight=5;
## server 127.0.0.1:8080 max_fails=3 fail_timeout=30s;
## server unix:/tmp/backend3;
## server backup1.example.com backup;
## }
## By default, requests are distributed between the servers using a weighted
## round-robin balancing method. In the above example, each 7 requests will be
## distributed as follows: 5 requests go to backend1.example.com and one
## request to each of the second and third servers. If an error occurs during
## communication with a server, the request will be passed to the next server,
## and so on until all of the functioning servers will be tried. If a
## successful response could not be obtained from any of the servers, the
## client will receive the result of the communication with the last server.
## Syntax: upstream name { ... }
## Default: —
## Context: http
upstream localhost {
## Defines the address and other parameters of a server. The address can
## be specified as a domain name or IP address, with an optional port,
## or as a UNIX-domain socket path specified after the “unix:” prefix.
## If a port is not specified, the port 80 is used. A domain name that
## resolves to several IP addresses defines multiple servers at once.
## The following parameters can be defined:
## weight=number
## sets the weight of the server, by default, 1.
## weight是权重,可以根据机器配置定义权重。
## weigth参数表示权值,权值越高被分配到的几率越大
## max_fails=number
## sets the number of unsuccessful attempts to communicate
## with the server that should happen in the duration set by
## the fail_timeout parameter to consider the server
## unavailable for a duration also set by the fail_timeout
## parameter. By default, the number of unsuccessful attempts
## is set to 1. The zero value disables the accounting of
## attempts. What is considered an unsuccessful attempt is
## defined by the proxy_next_upstream, fastcgi_next_upstream,
## uwsgi_next_upstream, scgi_next_upstream,
## and memcached_next_upstream directives.
## fail_timeout=time
## sets
## the time during which the specified number of
## unsuccessful attempts to communicate with the server
## should happen to consider the server unavailable;
## and the period of time the server will be considered
## unavailable.By default, the parameter is set to 10 seconds.
## backup
## marks the server as a backup server. It will be passed
## requests when the primary servers are unavailable.
## down
## marks the server as permanently unavailable.
## Syntax:server address [parameters];
## Default:—
## Context:upstream
[b]server 192.168.80.121:8080 weight=3;
server 192.168.80.122:8080 weight=2;
server 192.168.80.123:8080 weight=3; [/b]
}
## 虚拟主机的配置
## Sets configuration for a virtual server. There is no clear separation
## between IP-based (based on the IP address) and name-based
## (based on the “Host” request header field) virtual servers.
## Instead, the listen directives describe all addresses and ports that
## should accept connections for the server, and the server_name directive
## lists all server names.
## Syntax: server { ... }
## Default: —
## Context: http
server {
## 监听端口
##Syntax: [b]listen[/b] address[:port] [default_server] [ssl] [spdy]
## [proxy_protocol] [setfib=number] [fastopen=number]
## [backlog=number] [rcvbuf=size] [sndbuf=size]
## [accept_filter=filter] [deferred] [bind] [ipv6only=on|off]
## [so_keepalive=on|off|[keepidle]:[keepintvl]:[keepcnt]];
## [b]listen[/b] port [default_server] [ssl] [spdy]
## [proxy_protocol]
## [setfib=number] [fastopen=number] [backlog=number] [rcvbuf=size]
## [sndbuf=size] [accept_filter=filter] [deferred] [bind]
## [ipv6only=on|off] [so_keepalive=on|off|[keepidle]:[keepintvl]:
## [keepcnt]];
## [b] listen[/b] unix:path [default_server] [ssl] [spdy]
## [proxy_protocol] [backlog=number] [rcvbuf=size] [sndbuf=size]
## [accept_filter=filter] [deferred] [bind] [so_keepalive=on|off|
## [keepidle]:[keepintvl]:[keepcnt]];
##Default:listen *:80 | *:8000;
##Context:server
##Sets the address and port for IP, or the path for a UNIX-domain socket
##on which the server will accept requests. Both address and port, or only
##address or only port can be specified.
##If only address is given, the port 80 is used
[b]listen 8080;[/b]
## Sets names of a virtual server,域名可以有多个,用空格隔开
## Syntax:server_name name ...;
## Default:server_name "";
## Context:server
##The first name becomes the primary server name.
[b]server_name example.com www.example.com;[/b]
## Defines files that will be used as an index
## Syntax:index file ...;
## Default:index index.html;
## Context:http, server, location
[b]index index.html index.htm[/b]
##Sets the root directory for requests.
##Syntax:root path;
##Default:root html;
##Context:http, server, location, if in location
##For example, with the following configuration
## location /i/ {
## root /data/w3;
## }
## The /data/w3/i/top.gif file will be sent in response to the
## “/i/top.gif” request.
## The path value can contain variables, except $document_root
## and $realpath_root.
## A path to the file is constructed by merely adding a URI to
## the value of the root directive.
[b]root /data0/htdocs[/b]
##Sets configuration depending on a request URI
##Syntax:location [ = | ~ | ~* | ^~ ] uri { ... }
## location @name { ... }
##Default: —
##Context:server, location
##A location can either be defined by a prefix string, or by a regular
##expression. Regular expressions are specified with the preceding “~*”
##modifier (for case-insensitive matching), or the “~” modifier (for
##case-sensitive matching). To find location matching a given request,
##nginx first checks locations defined using the prefix strings (prefix
##locations). Among them, the location with the longest matching prefix is
##selected and remembered. Then regular expressions are checked, in the
##order of their appearance in the configuration file. The search of
##regular expressions terminates on the first match, and the corresponding
##configuration is used. If no match with a regular expression is found
##then the configuration of the prefix location remembered earlier
##is used.
##Let’s illustrate the above by an example:
## location = / {
## [ configuration A ]
## }
## location / {
## [ configuration B ]
## }
## location /documents/ {
## [ configuration C ]
## }
## location ^~ /images/ {
## [ configuration D ]
## }
## location ~* \.(gif|jpg|jpeg)$ {
## [ configuration E ]
## }
## The “/” request will match configuration A, the “/index.html”
## request will match configuration B, the “/documents/document.html”
## request will match configuration C, the “/images/1.gif” request will
## match configuration D, and the “/documents/1.jpg” request will
## match configuration E.
## 对 "/" 启用反向代理
location / {
##后端的Web服务器可以通过X-Forwarded-For获取用户真实IP
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
##以下是一些反向代理的配置,可选。
[b]proxy_set_header Host $host:8080;[/b]
[b]proxy_redirect off;[/b]
##允许客户端请求的最大单文件字节数
[b]client_max_body_size 10m;[/b]
##缓冲区代理缓冲用户端请求的最大字节数
[b]client_body_buffer_size 128k;[/b]
##nginx跟后端服务器连接超时时间(代理连接超时)
[b]proxy_connect_timeout 90;[/b]
##后端服务器数据回传时间(代理发送超时)
[b]proxy_send_timeout 90;[/b]
##连接成功后,后端服务器响应时间(代理接收超时)
[b]proxy_read_timeout 90;[/b]
##设置代理服务器(nginx)保存用户头信息的缓冲区大小
[b]proxy_buffer_size 4k;[/b]
##proxy_buffers缓冲区,网页平均在32k以下的设置
proxy_buffers 4 32k;
##高负荷下缓冲大小(proxy_buffers*2)
[b]proxy_busy_buffers_size 64k;[/b]
##设定缓存文件夹大小,大于这个值,将从upstream服务器传
[b]proxy_temp_file_write_size 64k;[/b]
## Sets the address of a proxied server
## Syntax: proxy_pass address;
## Default: —
## Context: server
proxy_pass http://localhost;
}
##本地动静分离反向代理配置
##所有jsp的页面均交由tomcat或glassfish处理
location ~ .(jsp|jspx|do)?$ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080;
}
##所有静态文件由nginx直接读取不经过tomcat或glassfish
##图片缓存时间设置
location ~ .*.(htm|html|gif|jpg|jpeg|png|bmp|swf|ioc|rar|zip|txt|flv|mid|doc|ppt|pdf|xls|mp3|wma)$
{
expires 15d;
}
##JS和CSS缓存时间设置
location ~ .*.(js|css)?$
{
expires 1h;
}
##Syntax:error_page code ... [=[response]] uri;
##Default:—
##Context:http, server, location, if in location
## Defines the URI that will be shown for the specified errors. error_page
## directives are inherited from the previous level only if there are no
## error_page directives defined on the current level. A uri value can
## contain variables.
## Example:
## error_page 404 /404.html;
## error_page 500 502 503 504 /50x.html;
## Furthermore, it is possible to change the response code to another
## using the “=response” syntax, for example:
## error_page 404 =200 /empty.gif;
#error_page 404 /404.html;
[b]error_page 500 502 503 504 /50x.html;[/b]
##redirect server error pages to the static page /50x.html
location = /50x.html {
root html;
}
##设定查看Nginx状态的地址
location /NginxStatus {
stub_status on;
access_log on;
auth_basic "NginxStatus";
auth_basic_user_file conf/htpasswd;
#htpasswd文件的内容可以用apache提供的htpasswd工具来产生。
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
# }
}
更详细的模块参数请参考: http://nginx.org/en/docs/dirindex.html
配置完成后,检查一下nginx配置文件是否可用,有successful表示可用。
$ nginx -t // 检查nginx配置文件
配置正确后,重新加载配置文件使配置生效:
$ nginx -s reload // 使配置生效
[b]nginx配置https访问[/b]
server {
listen 443;
server_name bjubi.com; // 你的域名
client_max_body_size 30m;
ssl on;
ssl_certificate cert/214292799730473.crt;// 改成你的证书的名字
ssl_certificate_key cert/214292799730473.key;// 你的证书的名字
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_session_timeout 10m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 sslv3;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://120.22.85.211:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_max_temp_file_size 512m;
}
}
server {
listen 80;
server_name bjubi.com;// 你的域名
rewrite ^(.*)$ https://$host$1 permanent;// 把http的域名请求转成https
}
3246
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
