Of Stack

Detail the nginx.conf configuration file in the Nginx server

  • 2020-05-09 19:56:12
  • OfStack

The Nginx configuration file is divided into four parts: main (global setting), http (general setting of HTTP), server (virtual host setting), and location (matching the URL path). There are also some other configuration segments, such as event, upstream, and so on.
General Settings

      user nginx
      specifies the users and groups running the nginx workre process

      worker_rlimit_nofile #
      specifies the maximum number of files that all worker processes can open

      worker_cpu_affinity
      sets the CPU stickiness of worker processes to avoid the performance cost of switching between CPU processes. For example, worker_cpu_affinity 0001 0010 0100 1000; (4 nuclear)

      worker_processes 4
The number of       worker worker processes, which can be set to the same number as CPU, and can be appropriately increased if SSL and Gzip are turned on

      worker_connections 1000
The maximum number of concurrent connections that a single worker process can accept, placed in the event segment

      error_log logs/error.log info
The location path and record level of the       error log

      use epoll
      USES the epoll event model and is placed in the event segment

http server

      server {} :
      defines one virtual host

      listen 80;
      defines the address and port to listen to, and by default listens to all addresses on the machine

      server_name NAME [...];
      defines a virtual host name and can use multiple names, as well as regular expressions or wildcards.

      sendfile on
      opens the sendfile call to quickly respond to the client

      keepalive_timeout 65
      long connection timeout in seconds.

      send_timeout
      specifies a timeout for the response client

      client_max_body_size 10m
      allows the maximum size of the entity requested by the client

      root PATH
      sets the root directory on the file system to which URL is requested

      location [ = | ~ | ~* | ^~ ] URI { ... }
      sets one URI matching path

      = : exact match       ~ : regular expression matching, case sensitive       ~* : regular expression matching, case insensitive       ^~ : the first half of URI matches, and regular expressions are not useful       priority:       = > location full path > ^~ > ~ > ~* > location start path > location /

      allow and deny
      access control based on IP, such as:

Only 192.168.0.0/24 segment clients are allowed to access 


allow 192.168.0.0/24;
deny all;

      stub_status on
The open state of       is explicit and can only be used in location:

Opens the status explicit page 


location /status {
  stub_status on;
  allow 172.16.0.0/16;
  deny all;
}

      rewrite < REGEX > < REPL > < FLAG >
      URL is rewritten to use multiple tags

Such as: 


rewrite ^/images/(.*\.jpg)$ /imgs/$1 break;

Available flag:

-last: when the rewrite is complete, continue to match the other rewrite rules -break: no longer matches after the rewrite -redirect: returns 302 redirection (temporary redirection), and the client makes a new request to the redirected URL -permanent: returns a 301 redirect (permanent redirect), and the client makes a new request to the redirected URL

Detailed configuration instructions 


# define Nginx Running users and user groups 
user www www;

#nginx Number of processes, recommended to be equal to CPU Total core number. 
worker_processes 8;

# Global error log definition type, [ debug | info | notice | warn | error | crit ]
error_log /var/log/nginx/error.log info;

# Process documents 
pid /var/run/nginx.pid;

#1 a nginx The maximum number of file descriptors a process can open. The theoretical value should be the maximum number of open files (the value of the system) ulimit -n ) and nginx Processes divide, but nginx Requests are not evenly distributed, so it is recommended that the ulimit -n The value of the keep 1 Cause. 
worker_rlimit_nofile 65535;

# Working mode with maximum number of connections 
events
{
# Referring to the event model, use [ kqueue | rtsig | epoll | /dev/poll | select | poll ]; epoll The model is Linux 2.6 High performance networks in the kernel above I/O Model, if run in FreeBSD Up here kqueue Model. 
use epoll;
# Maximum number of connections per process (maximum number of connections) = The number of connections * Process) 
worker_connections 65535;
}

# set http The server 
http
{
include mime.types; # File extension and file type mapping table 
default_type application/octet-stream; # Default file type 
#charset utf-8; # The default encoding 
server_names_hash_bucket_size 128; # server-named hash Table size 
client_header_buffer_size 32k; # Upload file size limit 
large_client_header_buffers 4 64k; # Set request delay 
client_max_body_size 8m; # Set request delay 
sendfile on; # Enable efficient file transfer mode, sendfile Directive specifies nginx Whether to call sendfile Function to output the file. For normal applications, set to  on If used to download applications such as disk IO Heavy duty application, can be set to off To balance disk and network I/O Processing speed, reducing the load on the system. Note: if the image does not display properly change this to off . 
autoindex on; # Open directory list access, appropriate download server, default shutdown. 
tcp_nopush on; # Prevent network congestion 
tcp_nodelay on; # Prevent network congestion 
keepalive_timeout 120; # Long connection timeout in seconds 

#FastCGI The parameters are intended to improve the performance of the site: reducing resource usage and improving access speed. The following parameters can be taken literally. 
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;

#gzip Module Settings 
gzip on; # open gzip Compressed output 
gzip_min_length 1k; # Minimum compressed file size 
gzip_buffers 4 16k; # Compression buffer 
gzip_http_version 1.0; # Compressed version (default 1.1 If the front end is squid2.5 Please use the 1.0 ) 
gzip_comp_level 2; # Compression level 
gzip_types text/plain application/x-javascript text/css application/xml;
# Compressed type, already included by default text/html So I don't have to write it down, it doesn't have any problem writing it down, but it does 1 a warn . 
gzip_vary on;
#limit_zone crawler $binary_remote_addr 10m; # Open the limit IP You need to use the number of connections 

upstream blog.ha97.com {
#upstream Load balancing, weight Is the weight, which can be defined according to the machine configuration. weigth The parameter represents the weight, and the higher the weight, the more likely it is to be assigned. 
server 192.168.80.121:80 weight=3;
server 192.168.80.122:80 weight=2;
server 192.168.80.123:80 weight=3;
}

# Virtual host configuration 
server
{
# Listen on port 
listen 80;
# Domain names can be multiple, separated by Spaces 
server_name www.ha97.com ha97.com;
index index.html index.htm index.php;
root /data/www/ha97;
location ~ .*.(php|php5)?$
{
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
}
# Image cache time setting 
location ~ .*.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 10d;
}
#JS and CSS Cache time Settings 
location ~ .*.(js|css)?$
{
expires 1h;
}
# Log format setting 
log_format access '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $http_x_forwarded_for';
# Defines the access log for this virtual host 
access_log /var/log/nginx/ha97access.log access;

# right  "/"  Enable reverse proxy 
location / {
proxy_pass http://127.0.0.1:88;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
# The back end Web The server can go through X-Forwarded-For Get user real IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# The following is a 1 Some reverse proxy configuration, optional. 
proxy_set_header Host $host;
client_max_body_size 10m; # Maximum number of bytes per file allowed for client request 
client_body_buffer_size 128k; # The buffer agent buffers the maximum number of bytes requested by the client, 
proxy_connect_timeout 90; #nginx The connection timeout with the back-end server ( Proxy connection timeout )
proxy_send_timeout 90; # Backend server data return time ( Agent send timeout )
proxy_read_timeout 90; # Back end server response time after successful connection ( Agent receive timeout )
proxy_buffer_size 4k; # Set up the proxy server ( nginx ) the buffer size to hold the user header information 
proxy_buffers 4 32k; #proxy_buffers Buffer the average page in 32k The following Settings 
proxy_busy_buffers_size 64k; # Buffer size under high load ( proxy_buffers*2 ) 
proxy_temp_file_write_size 64k;
# Set the size of the cache folder to be greater than this value and will start from upstream The server transfer 
}

# Set the view Nginx Address of status 
location /NginxStatus {
stub_status on;
access_log on;
auth_basic "NginxStatus";
auth_basic_user_file conf/htpasswd;
#htpasswd The contents of the file are available apache To provide the htpasswd Tools to generate. 
}

# Local dynamic and static separation reverse proxy configuration 
# all jsp Pages are submitted tomcat or resin To deal with 
location ~ .(jsp|jspx|do)?$ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080;
}
# All static files by nginx Read directly without passing tomcat or resin
location ~ .*.(htm|html|gif|jpg|jpeg|png|bmp|swf|ioc|rar|zip|txt|flv|mid|doc|ppt|pdf|xls|mp3|wma)$
{ expires 15d; }
location ~ .*.(js|css)?$
{ expires 1h; }
}
}

Related articles: