nginx 시험 설정 (전체 프로필)
12068 단어 nginx
#user nobody;
worker_processes 2;# , cpu
worker_cpu_affinity 00000001 00000010 ;
error_log logs/error.log crit; # , notice 。 debug、info、warn、error、crit ,debug ,。
pid nginx.pid;
worker_rlimit_nofile 102400; # nginx ,
events {
use epoll;
worker_connections 1024000;#
}
http {
include mime.types;
default_type application/octet-stream;
#include proxy.conf; #
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"';
client_max_body_size 20m; #
sendfile on; #
tcp_nopush on; #
charset utf-8;
tcp_nodelay on; #
keepalive_timeout 120; #
client_header_timeout 10; #
client_body_timeout 10; #
client_header_buffer_size 4k;
open_file_cache max=102400 inactive=20s;#max ,inactive 。
open_file_cache_valid 30s;#30
open_file_cache_min_uses 1;# 1
send_timeout 10; #
#FastCGI : , 。
fastcgi_cache_key $host$uri$is_args$args;
fastcgi_cache_path /usr/local/nginx/fastcgi_cache levels=1:2
keys_zone=TEST:10m
inactive=5m;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 16 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
fastcgi_cache TEST;
fastcgi_cache_valid 200 1h;
fastcgi_cache_valid 304 301 1d;
fastcgi_cache_valid any 1m;
fastcgi_cache_min_uses 1;
fastcgi_cache_use_stale error timeout invalid_header http_500;
proxy_http_version "1.1";
proxy_cache_key $host$uri$is_args$args;
proxy_cache_valid 200 304 302 24h;
proxy_temp_file_write_size 10m;
proxy_temp_path /usr/local/nginx/nginx_cache/temp_dir;
proxy_cache_path /usr/local/nginx/nginx_cache/cache levels=1:2 keys_zone=cache_one:200m inactive=1d max_size=1g;
proxy_connect_timeout 300s;
proxy_send_timeout 900;
proxy_read_timeout 900;
proxy_buffer_size 32k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_redirect off;
proxy_hide_header Vary;
proxy_set_header Accept-Encoding '';
proxy_set_header Host $host;
proxy_set_header Referer $http_referer;
proxy_set_header Cookie $http_cookie;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#httpGzip modules
gzip on; # gzip
gzip_disable "MSIE [1-6].";# IE1-6
gzip_min_length 1k; #
gzip_buffers 4 16k; # 4 16K
gzip_http_version 1.1; # http , 1.1
gzip_comp_level 2; # gzip ,1-9 , , .
gzip_types text/plain application/x-javascript text/css text/javascript application/x-httpd-php ;#image/jpeg image/gif image/png;
#
upstream www.dahongwa.com{
server 10.1.7.*:9000 weight=10 max_fails=4 fail_timeout=30s;
server 10.1.7.*:9001 weight=10 max_fails=4 fail_timeout=30s;
server 10.1.7.*:9002 weight=10 max_fails=4 fail_timeout=30s;
server 10.1.7.*:9003 weight=10 max_fails=4 fail_timeout=30s;
server 10.1.7.*:9004 weight=10 max_fails=4 fail_timeout=30s;
server 10.1.7.*:9007 weight=10 max_fails=4 fail_timeout=30s;
}
#
upstream img.dahongwa.com{
server 10.1.7.*:9019 weight=10 max_fails=4 fail_timeout=30s;
server 10.1.7.*:9011 weight=10 max_fails=4 fail_timeout=30s;
}
server {
listen 80;
server_name www.dahongwa.com;
root www.dahongwa.com;
location /{
index index.html index.jsp index.htm;
proxy_redirect off;
proxy_pass http://www.dahongwa.com; #
}
location ~ .*\.(css|js)(.*) {
expires max;
access_log img.dahongwa.com.log;
}
##
location ~ /photoserver/.*\.(gif|jpg|png|htm|jpeg|bmp|html|flv|ico|swf|doc)(.*) {
root nginx_cache/cache;
if (!-f $request_filename) {
proxy_pass http://img.dahongwa.com; #
}
proxy_cache cache_one;
proxy_cache_valid 200 304 302 24h;
proxy_cache_valid any 10m;
proxy_cache_key $host$uri$is_args$args;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_cache_use_stale error timeout invalid_header http_500 http_502 http_503 http_504 http_404;
proxy_cache_methods GET HEAD POST;
proxy_cache_min_uses 1;
expires max;
access_log logs/img.dahongwa.com.log;
}
location ~ /common/goods/images/.*\.(gif|jpg|png|htm|jpeg|bmp|html|flv|ico|swf|doc)(.*) {
if (!-f $request_filename) {
proxy_pass http://img.dahongwa.com; #
}
if ( -f $request_filename ) {
expires 10y;
}
proxy_cache cache_one;
proxy_cache_valid 200 304 302 24h;
proxy_cache_valid any 10m;
proxy_cache_key $host$uri$is_args$args;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_cache_use_stale error timeout invalid_header http_500 http_502 http_503 http_504 http_404;
proxy_cache_methods GET HEAD POST;
proxy_cache_min_uses 1;
expires max;
access_log logs/img.dahongwa.com.log;
}
location ~ .*\.(sh|bash)(.*){
rewrite ^/(.*) http://www.dahongwa.com;
}
location ~ /purge(/.*) {
allow 10.244.1.170;
allow 10.1.7.114;
allow 10.1.7.115;
deny all;
proxy_cache_purge cache_one $host$uri$is_args$args;
}
access_log logs/www.dahongwa.com.log;
}
}
timer_resolution 100ms;
worker_processes 4;# ,
reset_timedout_conncetion off; 。
http server location
recursive_error_pages off;
http server location
send_timeout 100; nginx 。
http server location
linux
1 nginx ,linux Access
/dev/sdb1 /dataext3 defaults 0 0
/dev/sdb1 /dataext3 defaults,noatime,nodiratime 0 0
2 ulimit -n 1024
ulimit -u 8040
/etc/security/limits.conf
* soft nofile 65535
* hard nofile 65535
* soft nproc 65535
* hard nproc 65535
nginx
worker_rlimit_nofile 65535
3 TCP
fs.file-max = 65535
kernel.pid_max = 65536
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_timestsmps = 0
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 10000 65535
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_wmem = 8192 436600 873200
net.ipv4.tcp_rmem = 32768 436600 873200
net.ipv4.tcp_mem = 94500000 91500000 92700000
net.ipv4.tcp_max_orphans = 3276800
net.core.netdev_max_backlog = 32768
net.core.somaxconn = 32768
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
sysctl -p /etc/sysctl.conf // : /etc/sysctl.conf
4
5
limit_rate 4K // , , ,
2 。 no
:http server location if in location
limit_rate_after 3m // 3m , 1m.
http server location if in location
location /download{
limit_rate_after 3m;
limit_rate 512k;
}
3m 51k 。
6 limit_zone zone no
FX:
limit_zone someone $binary_remote_addr 10m;
someone zone, 10m
$binary_remote_addr 4 , 。 IP 7-15 。
http
7 limit_conn , 503 no
http server location
8 limit_conn_log_level
limit_conn_log_level info|notice|warn|error
error
http server location
http{
limit_zone someone $binary_remote_addr 10m;
server{
listen 80;
location /download{
limit_conn someone 1;
}
}
}
nginx , ,
, , , IP 。
。
9 nginx
http server_tokens off;
10 open_log_file_cache ,
。 off
:max 。
inactive : 。 10 。
min_uses 。 , 1.
valid , 60 。
open_log_file_cache max=1000 inactive=20s min_uses=2 valid=1m;
http server location
11 nginx DDos
limit_req_log_level
, warn http 。
limit_req_zone
, , , ,
, $binary_remote_addr zone someone
10mb rate=1r/s zone , 。
10 。 , 。 ,
(r/s) (r/m) http 。
limit_req zone someone , zone burst rate ,
, burst , , 503
http server location
lsof -i:80|grep nginx |wc -l
time ab -n 1000 -c 100 http://192.168.3.175/download
DDos nginx keepalive_timeout 。
12
must-revalidate 。
add_header Cache-Control must-revalidate
http location
13 proxy-revalidate proxy nginx 。
add_header Cache-Control proxy-revalidate
14 500 。
empty_gif
location
location = /1.gif{
empty_gif;
}
이 내용에 흥미가 있습니까?
현재 기사가 여러분의 문제를 해결하지 못하는 경우 AI 엔진은 머신러닝 분석(스마트 모델이 방금 만들어져 부정확한 경우가 있을 수 있음)을 통해 가장 유사한 기사를 추천합니다:
간단! Certbot을 사용하여 웹 사이트를 SSL(HTTPS)화하는 방법초보자가 인프라 주위를 정돈하는 것은 매우 어렵습니다. 이번은 사이트를 간단하게 SSL화(HTTP에서 HTTPS통신)로 변경하는 방법을 소개합니다! 이번에는 소프트웨어 시스템 Nginx CentOS7 의 환경에서 S...
텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
CC BY-SA 2.5, CC BY-SA 3.0 및 CC BY-SA 4.0에 따라 라이센스가 부여됩니다.