NGINX常用配置
user www www;
worker_processes auto;
error_log /www/wwwlogs/nginx_error.log crit;
pid /www/server/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;
events
{
use epoll;
worker_connections 51200;
multi_accept on;
}
http
{
include mime.types;
#include luawaf.conf;
include proxy.conf;
default_type application/octet-stream;
server_names_hash_bucket_size 512;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 50m;
sendfile on;
tcp_nopush on;
keepalive_timeout 1800s;
tcp_nodelay on;
fastcgi_connect_timeout 40;
fastcgi_send_timeout 40;
fastcgi_read_timeout 40;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml;
gzip_vary on;
gzip_proxied expired no-cache no-store private auth;
gzip_disable "MSIE [1-6]\.";
limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_conn_zone $server_name zone=perserver:10m;
server_tokens off;
access_log off;
server
{
listen 80;
server_name www.***.com ***.com;
rewrite ^(.*)$ https://$host$2 permanent;
}
#HTTPS server
server {
listen 443;
server_name www.***.com ***.com;
ssl on;
ssl_certificate /www/server/nginx/cert/1525004133569.pem;
ssl_certificate_key /www/server/nginx/cert/1525004133569.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
# 匹配callback
location /api/ {
rewrite ^/api/(.*)$ /$1 break; #所有对后端的请求加一个api前缀方便区分,真正访问的时候移除这个前缀
# API Server
client_max_body_size 500m;
client_body_buffer_size 512k;
client_body_timeout 1000m;
proxy_connect_timeout 6000s;
proxy_read_timeout 1000m;
proxy_send_timeout 1000m;
proxy_pass http://127.0.0.1:9527/ ;
#以下为新增
proxy_http_version 1.1; # 设置http版本为1.1
proxy_set_header Connection "";
# 设置Connection为长连接(默认为no)
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; #获取客户端真实IP
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# index index.php index.html index.htm default.php default.htm default.html;
# root /www/server/nginx/html;
# 默认其他
location @router {
rewrite ^.*$ /index.html last;
}
}
include /www/server/panel/vhost/nginx/*.conf;
}