nginx 文件服务器
一、效果
为方便研发部同事下载常用windows ,linux 服务软件,ISO,计划用nginx搭建网络文件服务器,面向公司内网暴露。最终效果比较理想。
需要满足一下几个功能
1、满足页面下载功能,wget下载功能
2、文件原始格式存放,不会被修改
二、nginx 配置
nginx部署不赘述,仅展示配置文件
2.1 主配置文件
user nobody;
worker_processes 4;
worker_rlimit_nofile 65535;
error_log /data/logs/nginx_error.log;
pid /var/run/nginx.pid;
events {
use epoll;
multi_accept on;
worker_connections 65535; #65535;
}
http {
charset utf-8;
default_type application/octet-stream;
#vhost_traffic_status_zone;
#vhost_traffic_status_filter_by_host on;
add_header X-Content-Type-Options value;
add_header X-Download-Options value;
add_header X-XSS-Protection value;
add_header X-Permitted-Cross-Domain-Policies value;
add_header Content-Security-Policy value;
add_header Referer-Policy value;
add_header Strict-Transport-Security value;
add_header X-Frame-Options SAMEORIGIN always;
aio on;
directio 512;
output_buffers 2 128k;
aio_write on;
server_names_hash_bucket_size 128;
client_header_buffer_size 64k;
large_client_header_buffers 8 64k;
client_max_body_size 1024m;
client_body_buffer_size 512k;
client_header_timeout 300s;
client_body_timeout 300s;
etag off;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
keepalive_timeout 300s;
# keepalive_disable none;
send_timeout 300s;
proxy_read_timeout 300s;
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
log_subrequest on;
open_file_cache max=1000 inactive=60s;
open_log_file_cache max=1000 inactive=30s valid=10m min_uses=2;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
reset_timedout_connection on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 128k;
fastcgi_buffers 8 128k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
fastcgi_intercept_errors on;
fastcgi_ignore_client_abort on;
gzip on;
gzip_min_length 1k;
gzip_buffers 8 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain text/xml text/css text/javascript application/x-javascript application/xml application/json application/xml+rss;
gzip_vary on;
gunzip on;
gunzip_buffers 32 8k;
gzip_static on;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'"$request_method http://$host$request_uri" '
'$status $body_bytes_sent $request_time "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'$upstream_response_time $upstream_status $upstream_cache_status';
log_format www_access '$remote_addr - [$time_local] "$request" '
'$status $bytes_sent "$http_referer" $request_time "$http_user_agent" '
'$upstream_status $upstream_response_time $http_x_forwarded_for - "$connection_requests" $upstream_addr';
map $http_origin $cors_list {
default https://192.168.1.1;
"~ https://192.168.1.31" https://192.168.1.31;
"~ https://192.168.1.11" https://192.168.1.11;
}
include mime.types;
include vhost/*.conf;
# include sites/*.conf;
}
stream {
tcp_nodelay on;
preread_buffer_size 512k;
preread_timeout 600s;
proxy_protocol_timeout 600s;
variables_hash_bucket_size 512;
variables_hash_max_size 4096;
# limit_conn_log_level warn; ###info | notice | warn | error;
log_format stream_access '$remote_addr - [$time_local] $bytes_received $bytes_sent $hostname $session_time $connection '
'$status $protocol $upstream_bytes_received $upstream_bytes_sent $upstream_connect_time $upstream_session_time';
log_format proxy_access '$remote_addr - [$time_local] $protocol $bytes_sent $bytes_received $session_time "$upstream_addr" $connection '
'$status $upstream_bytes_sent $upstream_bytes_received $upstream_connect_time $upstream_session_time';
include site/*.conf;
}
2.2 子配置文件
server {
listen 80;
index index.html index.htm;
server_name 192.168.200.231;
root /data/software;
underscores_in_headers on;
allow 192.168.1.0/24;
deny all;
location / {
add_header X-Frame-Options SAMEORIGIN always;
add_header Strict-Transport-Security max-age=63072000;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
}
access_log /data/logs/nginx_access.log www_access;
}
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
}
access_log /data/logs/nginx_access.log www_access;
}