主nginx.conf
#运行用户
user nobody nobody;
#启动进程,通常设置成和cpu的数量相等
worker_processes 4;
#全局错误日志及PID文件
#error_log /www/nginx/logs/nginx_debug.log debug_http ;
#error_log /www/nginx/logs/nginx_crit.log crit ;
error_log /www/nginx/logs/nginx_error.log error ;
pid /var/run/nginx.pid;
#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 102400;
#工作模式及连接数上限
events
{
use epoll;
#单个后台worker process进程的最大并发链接数
worker_connections 102400;
# 并发总数是 worker_processes 和 worker_connections 的乘积
# 即 max_clients = worker_processes * worker_connections
# 在设置了反向代理的情况下,max_clients = worker_processes * worker_connections / 4 为什么
# 为什么上面反向代理要除以4,应该说是一个经验值
# 根据以上条件,正常情况下的Nginx Server可以应付的最大连接数为:4 * 8000 = 32000
# worker_connections 值的设置跟物理内存大小有关
# 因为并发受IO约束,max_clients的值须小于系统可以打开的最大文件数
# 而系统可以打开的最大文件数和内存大小成正比,一般1GB内存的机器上可以打开的文件数大约是10万左右
# 所以,worker_connections 的值需根据 worker_processes 进程数目和系统可以打开的最大文件总数进行适当地进行设置
# 使得并发总数小于操作系统可以打开的最大文件数目
# 其实质也就是根据主机的物理CPU和内存进行配置
# 当然,理论上的并发总数可能会和实际有所偏差,因为主机还有其他的工作进程需要消耗系统资源。
}
http
{
#设定mime类型,类型由mime.type文件定义
include mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 512;
client_header_buffer_size 32k;
large_client_header_buffers 8 32k;
# 根据自己程序性质决定这块大小 如果存在大的body对象进行数据接收适当调整
client_max_body_size 10m;
client_body_buffer_size 128k;
client_body_temp_path /opt/nginx/client_temp 1 2;
# 开启sendfile函数调用 一般开启
sendfile on;
tcp_nopush on;
keepalive_timeout 10;
tcp_nodelay on;
server_tokens off;
server_name_in_redirect off;
index index.html index.htm index.jsp;
add_header X-UA-Compatible "IE=EmulateIE7";
#add_header X-Cache '$upstream_cache_status from <%= fqdn %>';
####### begin gzip #######
gzip on;
gzip_min_length 20;
gzip_buffers 16 32K;
gzip_http_version 1.0;
gzip_proxied any;
gzip_comp_level 9;
gzip_types text/plain text/css application/javascript text/xml text/javascript application/x-javascript application/json 'application/json; charset=utf-8';
gzip_vary on;
####### end gzip #######
####### start fastcgi #######
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 128k;
fastcgi_buffers 8 128k;
####### end fastcgi #######
####### begin proxy #######
proxy_redirect off;
proxy_connect_timeout 60;
proxy_send_timeout 120;
proxy_read_timeout 120;
proxy_headers_hash_max_size 5120;
proxy_headers_hash_bucket_size 640;
proxy_buffer_size 64k;
proxy_buffers 32 64k;
proxy_busy_buffers_size 64k;
proxy_temp_path /opt/nginx/proxy_temp_dir;
proxy_cache_path /opt/nginx/proxy_cache_dir levels=1:2 keys_zone=cache_one:50m inactive=1m max_size=2g;
proxy_pass_header Set-Cookie;
proxy_set_header Host $host;
#proxy_set_header Cdn-Src-Ip $clientip;
#proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream error timeout http_500 http_502 http_503 http_504;
####### end proxy #######
####### begin temp log #######
log_format access '$remote_addr $time_local "$request" '
'"$status" $body_bytes_sent "$http_referer" '
'$proxy_add_x_forwarded_for $upstream_addr '
'$upstream_response_time $request_time ';
####### end temp log #######
######## begin cluster #######
include /usr/local/nginx/conf/cluster/*.conf;
######## end cluster #######
server
{
listen 127.0.0.1:80;
listen 127.0.0.1:443 ssl;
server_name <%= fqdn %>;
ssl_certificate /usr/local/nginx/cert/xx.pem;
ssl_certificate_key /usr/local/nginx/cert/xx.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location ^~ /nginx_status {
stub_status on;
allow 10.1.1.0/24;
deny all;
}
}
access_log off;
include /usr/local/nginx/conf/include/*.conf;
}
子域名 conf 一般放在nginx 的conf目录下的include目录 在主conf nginx.conf中指定 include位置。
server
{
listen 127.0.0.1:80;
listen 127.0.0.1:443 ssl;
server_name xx1.xx.com xx2.xx.com;
#allow 127.0.0.1;
#deny all;
set $mylight "";
if ($http_accept_encoding ~* gzip) {
set $mylight "gzip";
}
if ($host = 'xx.xx.com') {
rewrite ^/(.*)$ http://xx.xx.com/$1 permanent;
}
ssl_certificate /usr/local/nginx/cert/xx.com.pem;
ssl_certificate_key /usr/local/nginx/cert/xx.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location /actuator {
allow 127.0.0.1/24;
deny all;
}
location / {
root html;
index index.html index.htm;
gzip on;
proxy_next_upstream http_502 http_504 error timeout invalid_header;
#proxy_cache cache_one;
#proxy_cache_valid 200 304 12h;
#proxy_cache_key $host$uri$is_args$args;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://xxx_xxx_com_cluster;
#expires 1d;
}
access_log /www/nginx/logs/xx.xx.com.log access;
}
cluster config 一般放在nginx 的conf目录下的cluster目录
upstream xx1_cluster{
#server 172.x.x.x:80 weight=3;
#server 172.x.x.x2:80 weight=3;
check_http_expect_alive http_2xx http_3xx;
check interval=5000 rise=2 fall=30 timeout=5000 type=http;
check_http_send "GET / HTTP/1.1\r\nConnection: keep-alive\r\nHost: xx1.xx.com\r\n\r\n";
}
upstream xx2_cluster{
#server 172.x.x.x:80 weight=3;
#server 172.x.x.x2:80 weight=3;
check_http_expect_alive http_2xx http_3xx;
check interval=5000 rise=2 fall=30 timeout=5000 type=http;
check_http_send "GET / HTTP/1.1\r\nConnection: keep-alive\r\nHost: xx2.xx.comm\r\n\r\n";
}
扫一扫
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
