1、nginx.conf配置
#user nobody;
# 一般一个就够
# 如果有SSL、gzip这些比较消耗CPU的工作,而且是多核CPU的话,可以设为和CPU的数量一样
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
# number的值不能大于操作系统能打开的最大的文件句柄数,使用ulimit -n可以查看当前操作系统支持的最大文件句柄数,默认为为1024
worker_connections 1024;
multi_accept on;
use epoll;
}
http {
include mime.types;
default_type application/octet-stream;
charset UTF-8;
#自定义变量
map $http_upgrade $connection_upgrade {
default keep-alive; #默认为keep-alive可以支持一般http请求
'websocket' upgrade; #如果为websocket则为upgrade可升级的。
}
log_format main '---\n 请求日志记录:{"@timestamp":"$time_iso8601",'
'"host":"$server_addr",'
'"clientip":"$remote_addr",'
'"request":"$request",'
'"size":$body_bytes_sent,'
'"responsetime":$request_time,'
'"upstreamtime":"$upstream_response_time",'
'"upstreamhost":"$upstream_addr",'
'"upstreamstatus":"$upstream_status",'
'"http_host":"$host",'
'"url":"$uri",'
'"domain":"$host",'
'"xff":"$http_x_forwarded_for",'
'"referer":"$http_referer",'
'"agent":"$http_user_agent",'
'"status":"$status"}';
# server内可以重新定义去重写文件位置
access_log logs/access.log main;
#error_log logs/error.log;
# 隐藏nginx版本
server_tokens off;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
# 设置超时时间
keepalive_timeout 60;
client_body_timeout 120s;
client_header_timeout 180s;
reset_timedout_connection on;
send_timeout 60;
# 每一个IP地址最多同时打开有100个连接
limit_conn addr 100;
limit_conn_zone $binary_remote_addr zone=addr:5m;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 8 64k;
client_max_body_size 512m;
client_body_buffer_size 512m;
# 打开文件缓存
open_file_cache max=200000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
# 改善网站的性能:减少资源占用,提高访问速度
fastcgi_connect_timeout 120s;
fastcgi_read_timeout 120s;
fastcgi_send_timeout 120s;
fastcgi_buffers 8 128k;
fastcgi_buffer_size 128k;
fastcgi_intercept_errors on;
fastcgi_busy_buffers_size 128k;
# 启动gzip压缩
gzip on;
gzip_static on;
gzip_disable "msie6";
gzip_proxied any;
gzip_min_length 1k;
# 压缩比,1-9,数值越大压缩比率越大
gzip_comp_level 6;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_types text/plain application/javascript application/x-javascript application/font-woff text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png application/json application/xml+rss;
gzip_vary on;
# 在发送请求前将http内部转换成https
# strict-transport-security: max-age=60
# 禁止未定义的域名或者ip进行访问
server {
listen 80 default_server;
server_name _;
return 444;
}
# 多配置文件模式,将不同的http模块放到不同的目录文件中去
# 遍历加载当前目录下conf.d目录下所有的.conf文件
include ./conf.d/*.conf;
}
2、具体服务配置
upstream services {
server 127.0.0.1:8080;
# 可配置多个
# server 127.0.0.1:8081;
}
server {
# 访问端口
listen 80;
# 配置域名
server_name localhost;
# 安全响应头
add_header X-Frame-Options SAMEORIGIN;
add_header X-Xss-Protection '1; mode=block';
add_header X-Content-Type-Options 'nosniff';
add_header Content-Security-Policy "default-src *;style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval';img-src * data:;worker-src * blob:;font-src 'self' data:;";
# 自定义路径
# access_log /var/log/server/tengine/access.log main;
# 设置的以/api开始的请求都是服务端接口请求
# 这里根据自己的配置进行调整
location ~ ^/api {
proxy_set_header Host $host:$server_port;
proxy_pass_header User-Agent;
proxy_connect_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 6 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_redirect off;
proxy_pass http://services;
}
# 静态文件根目录
root /usr/local/ngine/html;
# 前端页面访问
location ~ ^/admin {
try_files $uri $uri/ /admin/index.html;
}
# 静态文件
location ~ ^/(uploads) {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
client_max_body_size 500m;
client_body_buffer_size 3m;
proxy_connect_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 6 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
try_files $uri $uri/;
}
}
3、https配置
upstream services {
server 127.0.0.1:8001;
}
server {
listen 443 ssl;
server_name localhost;
# 指定证书位置
ssl_certificate ./ssl/***.pem;
ssl_certificate_key ./ssl/***.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
# 其他的location部分和http配置一致
}
4、websocket配置
upstream services {
server 127.0.0.1:8080;
# 可配置多个
# server 127.0.0.1:8081;
}
server {
# 访问端口
listen 80;
# 配置域名
server_name localhost;
# 自定义路径
# access_log /var/log/server/tengine/access.log main;
# 设置的以/api开始的请求都是服务端接口请求
# 这里根据自己的配置进行调整
location ~ ^/api {
proxy_set_header Host $host:$server_port;
proxy_pass_header User-Agent;
proxy_connect_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 6 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_redirect off;
# 将协议进行升级
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://services;
}
}
5、mqtt配置
events {
worker_connections 1024;
}
# 设置mqtt协议。注意配置在nginx.conf最外层
stream {
upstream mqtt {
server 127.0.0.1:8003;
}
server {
listen 18003;
proxy_pass mqtt;
}
}
http {
# 其他配置
}
Comments NOTHING