Linux - Nginx 配置優化
阿新 • • 發佈:2021-07-17
# 主要配置檔案 #user nobody; worker_processes auto; #自動根據cpu分配多少個worker程序 worker_rlimit_nofile 65535; #worker程序開啟的最大值,同ulimit或者/etc/security/limits一起取最小值,如果service啟動,需要注意LimitNOFILE的取值,反正取之間最小值 worker_priority -20; #程序優先順序,-20最高 worker_cpu_affinity auto; # CPU親緣性,避免CPU來回切換,自動繫結CPU #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 100000; #最大worker連結數,同上面limits檔案一樣取值 accept_mutex on; #驚群,高併發off,低併發on multi_accept on; #開啟時,每個worker接收多個網路連結 } http { include mime.types; #支援的檔案型別 default_type application/octet-stream; #在mime.types找不到,用這個預設類似 #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; server_tokens off; #不顯示nginx版本,也可自己原始碼編譯,nginx.h更改自己的版本 sendfile on; #tcp_nopush on; #keepalive_timeout0; keepalive_timeout 60 65; # 保持連結時間,前者是實際時間,後者是使用者看到的時間 #訪問日誌格式改為json格式,為後面ELK配合使用 log_format access_json '{"@timestamp":"$time_iso8601",' '"host":"$server_addr",' '"clientip":"$remote_addr",' '"size":$body_bytes_sent,' '"responsetime":$request_time,' #總的處理時間 '"upstreamtime":"$upstream_response_time",' '"upstreamhost":"$upstream_addr",' #後端應用伺服器處理時間 '"http_host":"$host",' '"uri":"$uri",' '"xff":"$http_x_forwarded_for",' '"referer":"$http_referer",' '"tcp_xff":"$proxy_protocol_addr",' '"http_user_agent":"$http_user_agent",' '"status":"$status"}'; # 子配置檔案,關於多主機server配置 include /apps/nginx/conf.d/*.conf; }
主機www.noise.org
server { listen 80; # HSTS 配置 listen 443 ssl; ssl_certificate /data/certs/noisedu.cn.pem; ssl_certificate_key /data/certs/noisedu.cn.key; ssl_session_cache shared:sslcache:20m; ssl_session_timeout 10m; # 主機名 server_name www.noise.org; # 錯誤日誌 error_log /data/nginx_error.log; # 定製錯誤頁面 error_page 500 502 503 504 404 /error.html; location /error.html { alias /data/error/index.html; } location /images { root /data; index index.html index.htm; # 關images訪問日誌 access_log /data/www/access_json.log access_json; # 自動轉換http為https if ( $scheme = http ) { rewrite ^/(.*)$ https://www.noise.org/$1 redirect; } } # 狀態頁 location /status { stub_status; auth_basic "admin log"; auth_basic_user_file /apps/nginx/conf.d/.htpasswd; } location /list { alias /etc/; autoindex on; # 開啟下載list autoindex_localtime on; # 開啟本地時間同步 autoindex_exact_size off; # 不精確大小 gzip on; # 自動壓縮 gzip_comp_level 9; # 壓縮比,最大9 gzip_min_length 10k; # 最小壓縮大小,小於則不壓縮 gzip_types * # 壓縮型別,預設為text/html, 星號為mime.type檔案中的全部型別 gzip_vary on; # 響應首部是否加上Vary: Accept-Encoding } #location / { #root /data/music; # 多檔案嘗試訪問,訪問不到則返回500錯誤 #try_files $uri $uri.html /about/default.html; #} # 第三方模組 - http://github.com/openresty/echo-nginx-module.git location /echo { echo $remote_user; default_type text/html; echo "hello world,main-->"; echo $remote_addr ; echo_reset_timer; echo "took $echo_timer_elapsed sec for total."; } }
主機mobile.noise.org
server { listen 80; server_name mobile.noise.org; location /images { alias /data/mobile/; index index.html index.htm; allow 10.0.0.15; deny all; } }
訪問
[15:39:19 root@centos8 ~]#curl -I http://www.noise.org/status HTTP/1.1 401 Unauthorized Server: nginx/1.20.0 Date: Sat, 17 Jul 2021 07:39:27 GMT Content-Type: text/html Content-Length: 179 Connection: keep-alive WWW-Authenticate: Basic realm="admin log" [16:44:12 root@centos8 ~]#curl -I http://mobile.noise.org HTTP/1.1 200 OK Server: nginx/1.20.0 Date: Sat, 17 Jul 2021 09:11:17 GMT Content-Type: text/html Content-Length: 612 Last-Modified: Sun, 11 Jul 2021 13:12:18 GMT Connection: keep-alive Keep-Alive: timeout=65 ETag: "60eaee32-264" Accept-Ranges: bytes [18:21:33 root@centos8 ~]#curl -I --insecure https://www.noise.org/images HTTP/1.1 301 Moved Permanently Server: nginx Date: Sat, 17 Jul 2021 10:22:44 GMT Content-Type: text/html Content-Length: 162 Location: https://www.noise.org/images/ Connection: keep-alive Keep-Alive: timeout=65 [18:02:58 root@centos8 ~]#curl --head --compressed http://www.noise.org/list/ld.so.cache HTTP/1.1 200 OK Server: nginx Date: Sat, 17 Jul 2021 10:03:30 GMT Content-Type: application/octet-stream Last-Modified: Sat, 17 Jul 2021 09:18:25 GMT Connection: keep-alive Keep-Alive: timeout=65 ETag: W/"60f2a061-430b" Content-Encoding: gzip [16:44:12 root@centos8 ~]#curl -I http://mobile.noise.org HTTP/1.1 200 OK Server: nginx/1.20.0 Date: Sat, 17 Jul 2021 09:11:17 GMT Content-Type: text/html Content-Length: 612 Last-Modified: Sun, 11 Jul 2021 13:12:18 GMT Connection: keep-alive Keep-Alive: timeout=65 ETag: "60eaee32-264" Accept-Ranges: bytes [15:38:13 root@centos8 ~]#curl -I http://xiaoqiang:[email protected]/status HTTP/1.1 200 OK Server: nginx/1.20.0 Date: Sat, 17 Jul 2021 07:39:19 GMT Content-Type: text/plain Content-Length: 97 Connection: keep-alive