user www website;
worker_processes auto;
worker_cpu_affinity auto;
error_log /var/log/nginx/nginx_error.log error;
pid /dev/shm/nginx.pid;
#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 51200;
dso {
load ngx_http_footer_filter_module.so;
load ngx_http_limit_conn_module.so;
load ngx_http_limit_req_module.so;
load ngx_http_sysguard_module.so;
load ngx_http_upstream_ip_hash_module.so;
load ngx_http_upstream_least_conn_module.so;
load ngx_http_upstream_session_sticky_module.so;
}
events
{
use epoll;
worker_connections 51200;
}
http
{
include mime.types;
default_type application/octet-stream;
log_format access '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $http_x_forwarded_for';
open_log_file_cache max=1000 inactive=20s min_uses=2 valid=1m;
server_names_hash_bucket_size 128;
#linux 2.4+
sendfile on;
tcp_nopush on;
tcp_nodelay on;
#tengine
server_info off;
server_tag off;
#server_tag Apache;
server_tokens off;
server_name_in_redirect off;
keepalive_timeout 60;
client_header_buffer_size 16k;
client_body_timeout 60;
client_max_body_size 8m;
large_client_header_buffers 4 32k;
fastcgi_intercept_errors on;
fastcgi_hide_header X-Powered-By;
fastcgi_connect_timeout 180;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 128K;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
fastcgi_temp_path /dev/shm;
#open_file_cache max=51200 inactive=20s;
#open_file_cache_valid 30s;
#open_file_cache_min_uses 2;
#open_file_cache_errors off;
gzip on;
gzip_min_length 1k;
gzip_comp_level 5;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_proxied any;
limit_req_log_level error;
limit_req_zone $binary_remote_addr $uri zone=two:30m rate=10r/s;
#访问限制白名单
geo $white_ip {
#ranges;
default 0;
127.0.0.1/32 1;
182.55.21.28/32 1;
192.168.0.0/16 1;
61.199.67.0/24 1;
}
client_body_buffer_size 512k;
proxy_connect_timeout 5;
proxy_read_timeout 60;
proxy_send_timeout 5;
proxy_buffer_size 16k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
#注:proxy_temp_path和proxy_cache_path指定的路径必须在同一分区
proxy_temp_path /opt/nginx/proxy_temp_dir;
#设置Web缓存区名称为cache_www,内存缓存空间大小为3000MB,1天没有被访问的内容自动清除,硬盘缓存空间大小为30GB。
proxy_cache_path /opt/nginx/proxy_cache_www levels=1:2 keys_zone=cache_www:3000m inactive=1d max_size=20g;
upstream www_server {
server 192.168.0.131:80;
}
server
{
listen 80 default;
server_name _;
return 444;
access_log off;
}
server
{
listen 80;
server_name
index index.html index.htm index.php;
root /opt/htdocs/www;
access_log /var/log/nginx/proxy. access buffer=24k;
if (-d $request_filename){
rewrite ^/(.*)([^/])$ permanent;
}
limit_req_whitelist geo_var_name=white_ip geo_var_value=1;
limit_req zone=two burst=50 forbid_action=/visitfrequently.html;
location @visitfrequently {
rewrite ^ /visitfrequently.html;
}
location ~/\.ht {
deny all;
}
#用于清除缓存,假设一个URL为,通过访问就可以清除该URL的缓存。
location ~ /purge(/.*)
{
#设置只允许指定的IP或IP段才可以清除URL缓存。
allow 127.0.0.1;
allow 192.168.0.0/16;
deny all;
proxy_cache_purge cache_www $host$1$is_args$args;
error_page 405 =200 /purge$1; #处理squidclient purge的时候出现的405错误
}
if ( $request_method = "PURGE" ) {
rewrite ^(.*)$ /purge$1 last;
}
location /
{
error_page 502 504 /502.html;
proxy_set_header Host $host;
#proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass
add_header X-Cache Cache-Skip;
}
location ~ 404\.html$
{
proxy_set_header Host $host;
#proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass
add_header X-Cache Cache-Skip;
}
location ~ .*\.(htm|html|)?$
{
#如果后端的服务器返回502、504、执行超时等错误,自动将请求转发到upstream负载均衡池中的另一台服务器,实现故障转移。
proxy_next_upstream http_502 http_504 error timeout invalid_header;
proxy_cache cache_www;
#对不同的HTTP状态码设置不同的缓存时间
proxy_cache_valid 200 304 5m;
#以域名、URI、参数组合成Web缓存的Key值,Nginx根据Key值哈希,存储缓存内容到二级缓存目录内
proxy_cache_key $host$uri$is_args$args;
proxy_set_header Host $host;
proxy_http_version 1.1;
#proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass
#支持后台expires
proxy_ignore_headers "Cache-Control" "Expires";
add_header X-Cache Cache;
}
location ~* ^.+\.(jpg|jpeg|gif|png|rar|zip|css|js)$ {
valid_referers none blocked *.c1gstudio.com;
if ($invalid_referer) {
rewrite ^/
return 412;
break;
}
access_log off;
#如果后端的服务器返回502、504、执行超时等错误,自动将请求转发到upstream负载均衡池中的另一台服务器,实现故障转移。
proxy_next_upstream http_502 http_504 error timeout invalid_header;
proxy_cache cache_www;
#对不同的HTTP状态码设置不同的缓存时间
proxy_cache_valid 200 304 5m;
#以域名、URI、参数组合成Web缓存的Key值,Nginx根据Key值哈希,存储缓存内容到二级缓存目录内
proxy_cache_key $host$uri$is_args$args;
proxy_set_header Host $host;
proxy_http_version 1.1;
#proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass
#支持后台expires
proxy_ignore_headers "Cache-Control" "Expires";
add_header X-Cache Cache;
}
}
}