#user nobody;
worker_processes auto;
worker_rlimit_nofile 10000;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 20000;
use epoll;
multi_accept on;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request"'
'$status $body_bytes_sent "$http_referer" '
'"$upstream_addr" "$http_x_forwarded_for"';
(日志输出内容格式'$remote_addr是覆盖行的。如果前级做了代理。取的就是前级代理行的
$proxy_add_x_forwarded_for是叠加行的,每做一次代理,加上一个ip
$http_x_forwarded_for就是获取当前请求的head头)
access_log logs/access.log main;//日志地址
sendfile on;
#tcp_nopush on;
keepalive_timeout 0;
#keepalive_timeout 10;
client_header_timeout 10;
client_body_timeout 10;
send_timeout 10;
#gzip on;
reset_timedout_connection on;
server_tokens off;
tcp_nopush on;
tcp_nodelay on;
open_file_cache max=100000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
upstream server(名称,后面引用) {
#sticky;
#ip_hash;
server ip 端口 weight=2 srun_id=1;
server ip 端口 weight=1 srun_id=2;
server ip 端口 weight=1 srun_id=3;
jvm_route $cookie_JSESSIONID|sessionid reverse;
}
proxy_cache_path /opt/nginx/cache/scache levels=1:2:1 keys_zone=scache:20m max_size=1g;
server {
listen 80;
listen 443 ssl;
server_name 上面引用名称;
ssl_certificate 证书地址;
ssl_certificate_key 证书密钥地址;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA;
ssl_dhparam /opt/nginx/cert/dhparam.pem;
ssl_prefer_server_ciphers on;
#charset koi8-r;
access_log logs/access.log main;
location /cas {
proxy_pass http://域名或者ip;
#proxy_set_header X-Real-IP $remote_addr;无代理取真实ip,被代理后则被取代
proxy_set_header x-forwarded-for $http_x_forwarded_for;取当前真是x-forwarded-for ip
proxy_connect_timeout 300;
proxy_read_timeout 300;
proxy_send_timeout 300;
proxy_cache scache;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html; 共享页面路径
}
location /{
index 404;
}
}
}