配置文件位于{nginx目录}/conf/nginx.conf
# 全局块
# 指定能运行Nginx的用户和组,只能在全局块配置
# user [user] [group]
# nobody代表所有用户都能运行Nginx
# user nobody;
# 指定工作进程数 (一般是CPU个数),auto是自动模式,只能在全局块配置
# worker_processes auto
worker_processes 4;
# error_log logs/error.log info;
# 指定进程id文件的存储路径
# pid logs/nginx.pid;
# event块,对Nginx性能影响大,需要反复实践
events {
# linux下使用epoll IO模型,还可以是select、poll、kqueue等,看操作系统支持程度
use epoll;
# 默认开启状态,防止多个进程争抢一个连接 off关闭
#accept_mutex on;
# 默认关闭状态,一个工作进程只能同时接受一个新连接
#multi_accept off;
# 每个工作进程同时启用的最大连接数,不能超过系统支持的最大打开文件数,ulimit -n(可以修改)
worker_connections 1024;
}
# http块
http {
# include用来包含其他的配置文件,可支持通配符查找可以放在nginx.conf的任何位置
include mime.types;
# 默认类型,不加此命令默认类型为text/plain,可以在http、server、location块配置
default_type application/octet-stream;
# 格式化日志
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
# 隐藏响应头的nginx版本号
server_tokens off;
# 目录列表访问,默认off
autoindex off;
# 调用sendfile函数传输文件(零拷贝),可在http、server、location块配置
sendfile on;
# sendfile的最大数据量,0是不限制大小,默认是0
# sendfile_max_chunk 128k;
# 开启gzip压缩
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_comp_level 8;
gzip_types text/plain application/javascript tex t/css application/json
text/javascript image/svg+xml image/png;
gzip_vary off;
# 开启socket的TCP_CORK,仅对sendfile有效
tcp_nopush on;
tcp_nodelay on;
# http长连接超时时间,60指header_timeout,即http响应头的Keep-Alive:timeout=header_timeout
# keepalive_timeout 65 60;
keepalive_timeout 65;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
# 允许客户端请求的最大单文件字节大小
client_max_body_size 100m;
# 客户端请求头部的缓冲区大小
client_header_buffer_size 4k;
# 客户端请求体的缓冲区大小
# client_body_buffer_size 256k;
# nginx与后端服务器连接的超时时间
proxy_connect_timeout 300;
# 后端服务器回传数据的超时时间
proxy_send_timeout 300;
# 后端服务器等待处理完成的超时时间
proxy_read_timeout 300;
# nginx保存用户头信息的缓冲区大小
proxy_buffer_size 4k;
# proxy_buffers缓冲区
proxy_buffers 4 32k;
# 高负荷下缓冲大小(proxy_buffers*2)
proxy_busy_buffers_size 64k;
# 获取真实的客户端信息
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# main为日志格式
access_log /var/log/nginx/access.log main;
# 日志级别 [debug | info | notice | warn | error | crit | alert | emerg]
# debug日志需要 ./configure --with-debug开启
error_log /var/log/nginx/error.log;
# 用来做负载均衡
# 支持4种方式,轮询、权重、ip_hash、url_hash
upstream myserver {
server 10.0.8.5:8080 weight=3 max_fails=3 fail_timeout=10s;
server 10.0.8.6:8080 weight=2 max_fails=3 fail_timeout=10s;
}
#server块,一个http块里可以有多个
server {
# 监听
listen 443 ssl;
# 配置虚拟主机的名称,可以是ip或域名,可以有多个,按空格隔开
# 例如server_name AA* BBB *CC; *是通配符
server_name slias.com.cn;
# 需要安装https模块
#ssl on;
# https证书路径,crt、pem等
ssl_certificate ../ssl/slias.com.cn_bundle.pem;
# 证书私钥路径
ssl_certificate_key ../ssl/slias.com.cn.key;
# ssl超时时间
ssl_session_timeout 5m;
# ssl的加密算法
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
# ssl协议支持的版本
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
#charset koi8-r;
# 一个server块可以包含多个location块
# = 是严格匹配
# ^~ 匹配与uri相似度最高的location
# ~是区分大小写的正则表达式匹配
# ~*是不区分大小写的正则表达式匹配
# location [= | ~ | ~* ^~] uri {
# root是设置资源的根目录
# root html;
# index index.html index.htm;
# }
# 反向代理
location / {
proxy_pass http://myserver;
# 处理响应头中的Location头
proxy_redirect http:// https://;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
server {
listen 80;
server_name slias.com.cn;
# 重写url,permanent是301永久重定向
rewrite ^(.*)$ https://${server_name}$1 permanent;
}
}