一、Nginx是什么?
1、Nginx (engine x) 是一个高性能的HTTP和反向代理web服务器,同时也提供了IMAP/POP3/SMTP服务。
2、Nginx是一款轻量级的Web 服务器/反向代理服务器及电子邮件(IMAP/POP3)代理服务器,在BSD-like 协议下发行。其特点是占有内存少,并发能力强,事实上nginx的并发能力在同类型的网页服务器中表现较好,中国大陆使用nginx网站用户有:百度、京东、新浪、网易、腾讯、淘宝等。
3、Nginx 是高性能的 HTTP 和反向代理的web服务器,处理高并发能力是十分强大的,能经受高负 载的考验,有报告表明能支持高达 50,000 个并发连接数。
4、Nginx支持热部署,启动简单,可以做到7*24不间断运行。几个月都不需要重新启动。
以下是一个反向代理的配置实例:
全局配置:
user www;
worker_processes auto;
error_log /usr/local/tengine/logs/error.log;
events {
worker_connections 65535;
}
http {
server_tokens off;
include mime.types;
default_type application/octet-stream;
log_format main '[$time_local] $remote_addr "$http_x_forwarded_for" $remote_port $remote_user '
'$host $upstream_addr $upstream_status $upstream_response_time $upstream_cache_status '
'"$request" $status $request_time $body_bytes_sent "$http_referer" "$http_user_agent" ';
access_log /usr/local/tengine/logs/${host}_access.log main;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
gzip on;
gzip_min_length 2k;
gzip_comp_level 7;
gzip_types gzip_types text/css text/javascript application/javascript application/x-javascript application/xml image/png image/bmp image/jpeg image/jpg;
server {
listen 80 default_server;
return 403 ;
}
include vhost/*.conf;
include upstream/*.conf;
}
具体upstreamr配置:
upstream one_upstream {
server 10.7.88.108;
}
具体server配置:
server {
listen 80;
server_name one.work.com;
rewrite ^(.*) https://$server_name$1 permanent; (强转https)
}
server {
listen 443 ssl;
server_name one.work.com;
index index.html index.htm index.php;
include sslone.conf; (ssl证书配置)
ssl_protocols TLSv1.2;
ssl_ciphers ECDSA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!DH:!RC4;
ssl_prefer_server_ciphers on;
location / {
proxy_pass one_upstream;
include proxy.conf;
client_max_body_size 100m;
}
}
具体proxy.conf配置:
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 256k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
proxy_max_temp_file_size 8m;
proxy_headers_hash_bucket_size 128;
proxy_headers_hash_max_size 1024;
具体ssl.conf配置:
ssl on;
ssl_certificate /usr/local/tengine/certs/one.work.com.pem;
ssl_certificate_key /usr/local/tengine/certs/one.work.com.key;