Nginx参数配置和优化全攻略

NGINX常常被用来作反射代理和负载均衡,本文通过一个比较全面的例子,来说明NGINX各方面的功能及用法,包括普通反向代理、负载均衡、Websocket代理、存储json日志、隐藏nginx版本号等。

user   www www;
worker_processes 4;
error_log    /var/log/nginx/error.log;        #全局错误日志
#error_log   /var/log/nginx/error.log warn;
#error_log   /var/log/nginx/error.log notice;
#error_log   /var/log/nginx/error.log info;
pid          /var/run/nginx.pid;

events {
  worker_connections 65536;                   #每个worker_processes最大并发链接数
  use epoll;                                  #多路复用IO,提高nginx性能
  multi_accept on;
}

http {
  include         /etc/nginx/mime.types;
  default_type    application/octet-stream;

  log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"';
  access_log      /var/log/nginx/access.log main;

  sendfile                    on;             #调用sendfile函数输出文件
  tcp_nopush                  on;             #使用socke的TCP_CORK的选项,先启用sendfile
  gzip                        on;             #开启gzip压缩
  #gzip_disable               "MSIE [1-6].";
  
  keepalive_timeout           600;            #连接超时时间
  client_header_buffer_size   128k;           #请求缓冲大小
  large_client_header_buffers 4 128k;
  client_max_body_size        100m;           #上传文件大小

  # 打开文件指定缓存,建议和打开文件数一致,规定时间内没被请求后删除缓存 #
  open_file_cache             max=65535       inactive=60s;
  open_file_cache_valid       80s;
  open_file_cache_min_uses    1;

  # 代理全局设置 #
  proxy_set_header            Host            $host;
  proxy_set_header            X-Real-IP       $remote_addr;
  proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_connect_timeout       600;
  proxy_read_timeout          600;
  proxy_send_timeout          600;
  proxy_buffer_size           64k;
  proxy_buffers               4 32k;
  proxy_busy_buffers_size     64k;
  proxy_temp_file_write_size  64k;
  proxy_ignore_client_abort   on;
  proxy_intercept_errors      on;             #阻止应答HTTP400及更高的错误代码

  #设置内存缓存:200M,1天无访问则删除,硬盘空间30G#
  proxy_cache_path /data0/proxy_cache_dir levels=1:2 keys_zone=cache_one:200m inactive=1d max_size=30g;

  server_tokens               off;            #隐藏nginx版本号

  # 定义websocket #
  map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
  }

  # 定义upstreams开始 #
  upstream www {
    server  192.168.1.50:8080 weight=10 max_fails=3 fail_timeout=30s;
    server  192.168.1.50:8081 weight=20 down;
    server  192.168.1.50:8082 weight=30 backup;
    ip_hash;
    #consistent_hash          $defurlkey;
    #fair;                                    #ip_hash/fair/consistent_hash为单选
  }

 # 定义servers开始 #
  server {
    listen 80;
    server_name www.andylouse.net;            #定义访问域名
    #root webapps                             #定义网站根目录
    index index.html index.htm index.php;     #定义首页
    error_page  500 502 503 504 /50x.html;    #定义错误页
    location / {
      proxy_pass http://www;
    }
    location ~ ^/(images|javascript|js|css|flash|media|static)/ {
      expires 30d;                            #处理静态文件过期时间
    }
    location ~ /.ht {
      deny all;                               #禁止访问"ht**"类型的文件
    }
    location /NginxStatus {
      stub_status          on;                #设定查看Nginx状态的地址,配合监控系统
      access_log           on;
      auth_basic           "NginxStatus";
      auth_basic_user_file conf/htpasswd;
    }
    access_log logs/nginx.www.access.log;     #访问日志
  }

  server {
    listen 80;
    server_name web.andylouse.net;
    index index.html index.htm index.php;
    location / {
      proxy_pass http://192.168.1.50:8082;
    }
    #access_log logs/nginx.web.access.log;
    allow 192.168.0.0/16;                     #访问来源IP限制
    allow 172.16.212.0/24;
    deny all;
    rewrite ^(.*)$ http://$host$1 permanent;  #启用rewrite
    rewrite_log on;                           #启用rewrite日志
  }
 
  # 代理PHP案例 #
  server {
  listen 8080;
  server_name php.andylouse.net;
  location ~ \.php$ {
    root html;
    fastcgi_pass  127.0.0.1:9000;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
    include       fastcgi_params;
    }
  }

 # 加密SSL案例 #
  server {
    listen 443 ssl;
    server_name ssl.andylouse.net;
    root webapps/ssl/htdocs;
    ssl                 on;
    ssl_certificate     /etc/nginx/ssl/nginx.crt;
    ssl_certificate_key /etc/nginx/ssl/nginx.key;
    ssl_session_cache   shared:sslcache:20m;
  }

  # 显性websocket案例 #
  server {
    listen 80;
    server_name websocket.andylouse.net;
    location / {
      proxy_pass http://192.168.1.50:8083;
      proxy_http_version 1.1;
      proxy_set_header Upgrade    $http_upgrade;
      proxy_set_header Connection $connection_upgrade;
    }
  }

  #include /etc/nginx/conf.d/www.conf         #引用文件

}

以json样式存储日志

将以下代码替换系统默认的日志格式即可:

log_format json '{"server_name":"$server_name","user_ip":"$http_x_real_ip","lan_ip":"$remote_addr","log_time":"$time_iso8601","user_req":"$request","http_code":"$status","body_bytes_sents":"$body_bytes_sent","req_time":"$request_time","user_ua":"$http_user_agent"}';
access_log  /var/log/nginx/access.log  json;
赞 (0) 打赏

评论 0

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址

感谢您的支持与帮助

支付宝扫一扫打赏

微信扫一扫打赏