nginx 시험 설정 (전체 프로필)

12068 단어 nginx

  
#user  nobody;
worker_processes  2;#      ,     cpu    
worker_cpu_affinity 00000001 00000010 ;
error_log logs/error.log crit; #          ,   notice  。  debug、info、warn、error、crit  ,debug    ,。 
pid     nginx.pid;
worker_rlimit_nofile 102400; #    nginx              ,                 
events {
    use epoll;
    worker_connections  1024000;#     
}


http {
    include       mime.types;
	default_type  application/octet-stream;
	#include     proxy.conf;  #         
	log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; 
	client_max_body_size 20m; #                     
	sendfile on; #           
	tcp_nopush on; #         
	charset utf-8;
	tcp_nodelay on; #         
	keepalive_timeout 120; #                  
	client_header_timeout 10; #                
	client_body_timeout 10; #                  
	client_header_buffer_size 4k;
	open_file_cache max=102400 inactive=20s;#max      ,inactive                   。
	open_file_cache_valid 30s;#30            
	open_file_cache_min_uses 1;#            1     
	
	send_timeout 10; #               
	
	#FastCGI              :      ,      。
	fastcgi_cache_key $host$uri$is_args$args;
	fastcgi_cache_path /usr/local/nginx/fastcgi_cache levels=1:2
                keys_zone=TEST:10m
                inactive=5m;
	  fastcgi_connect_timeout 300;
	  fastcgi_send_timeout 300;
	  fastcgi_read_timeout 300;
	  fastcgi_buffer_size 64k;
	  fastcgi_buffers 16 64k;
	  fastcgi_busy_buffers_size 128k;
	  fastcgi_temp_file_write_size 128k;
	  fastcgi_cache TEST;
	  fastcgi_cache_valid 200  1h;
	  fastcgi_cache_valid 304 301 1d;
	  fastcgi_cache_valid any 1m;
	  fastcgi_cache_min_uses 1;
	  fastcgi_cache_use_stale error timeout invalid_header http_500;
	  
	proxy_http_version "1.1";
	proxy_cache_key $host$uri$is_args$args; 
	proxy_cache_valid  200 304 302 24h;
	proxy_temp_file_write_size 10m;
	proxy_temp_path /usr/local/nginx/nginx_cache/temp_dir;
	proxy_cache_path /usr/local/nginx/nginx_cache/cache  levels=1:2 keys_zone=cache_one:200m inactive=1d max_size=1g;
	
	proxy_connect_timeout 300s;
	proxy_send_timeout   900;
	proxy_read_timeout   900;
	proxy_buffer_size    32k;
	proxy_buffers     4 32k;
	proxy_busy_buffers_size 64k;
	proxy_redirect     off;
	proxy_hide_header  Vary;
	proxy_set_header   Accept-Encoding '';
	proxy_set_header   Host   $host;
	proxy_set_header   Referer $http_referer;
	proxy_set_header   Cookie $http_cookie;
	proxy_set_header   X-Real-IP  $remote_addr;
	proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
	
	#httpGzip modules 
	gzip on; #  gzip   
	gzip_disable "MSIE [1-6].";#  IE1-6  
	gzip_min_length 1k; #               
	gzip_buffers 4 16k; #  4    16K             
	gzip_http_version 1.1; #    http     ,   1.1 
	gzip_comp_level 2; #  gzip   ,1-9     ,     ,    . 
	gzip_types text/plain application/x-javascript text/css text/javascript application/x-httpd-php ;#image/jpeg image/gif image/png;
	
	#       
	upstream www.dahongwa.com{ 
		   server 10.1.7.*:9000 weight=10 max_fails=4 fail_timeout=30s;
		   server 10.1.7.*:9001 weight=10 max_fails=4 fail_timeout=30s;
		   server 10.1.7.*:9002 weight=10 max_fails=4 fail_timeout=30s;
		   server 10.1.7.*:9003 weight=10 max_fails=4 fail_timeout=30s;
		   server 10.1.7.*:9004 weight=10 max_fails=4 fail_timeout=30s;
		   server 10.1.7.*:9007 weight=10 max_fails=4 fail_timeout=30s;
	}
	
	#       
	upstream img.dahongwa.com{ 
		   server 10.1.7.*:9019 weight=10 max_fails=4 fail_timeout=30s;
		   server 10.1.7.*:9011 weight=10 max_fails=4 fail_timeout=30s;
	}
		
    server {
	    listen       80;
        server_name   www.dahongwa.com;
        root www.dahongwa.com;
        location /{
		   index  index.html  index.jsp index.htm;   
			
		   proxy_redirect off;
		   proxy_pass http://www.dahongwa.com;  #
		 }

		 location ~ .*\.(css|js)(.*) {
		       expires max;
			  access_log img.dahongwa.com.log;
         }
		 ##     
		location ~ /photoserver/.*\.(gif|jpg|png|htm|jpeg|bmp|html|flv|ico|swf|doc)(.*) {
		      root nginx_cache/cache;
			  if (!-f $request_filename) {
					proxy_pass http://img.dahongwa.com;  #     
				}
			  proxy_cache cache_one;
			  proxy_cache_valid  200 304 302 24h;
			  proxy_cache_valid any 10m;
              proxy_cache_key $host$uri$is_args$args;
              proxy_redirect off;
              proxy_set_header Host $host;
			  proxy_set_header   X-Forwarded-For $remote_addr;
              proxy_cache_use_stale error timeout invalid_header http_500 http_502 http_503 http_504 http_404;
			  proxy_cache_methods GET HEAD POST;  
              proxy_cache_min_uses 1;			  
			  expires max;
			  access_log logs/img.dahongwa.com.log;
        }	

		location ~ /common/goods/images/.*\.(gif|jpg|png|htm|jpeg|bmp|html|flv|ico|swf|doc)(.*) {
		      if (!-f $request_filename) {
					proxy_pass http://img.dahongwa.com;  #     
				}
				if ( -f $request_filename ) {
					expires 10y;
			  }
			  proxy_cache cache_one;
			  proxy_cache_valid  200 304 302 24h;
			  proxy_cache_valid any 10m;
              proxy_cache_key $host$uri$is_args$args;
              proxy_redirect off;
              proxy_set_header Host $host;
			  proxy_set_header   X-Forwarded-For $remote_addr;
              proxy_cache_use_stale error timeout invalid_header http_500 http_502 http_503 http_504 http_404;
			  proxy_cache_methods GET HEAD POST;  
              proxy_cache_min_uses 1;			  
			  expires max;
			  access_log logs/img.dahongwa.com.log;
        }
		 location ~ .*\.(sh|bash)(.*){ 
			rewrite ^/(.*) http://www.dahongwa.com; 
		}
		
		location ~ /purge(/.*) {  
		    allow 10.244.1.170;
			allow 10.1.7.114;  
			allow 10.1.7.115;  
			deny  all;  
           proxy_cache_purge cache_one $host$uri$is_args$args;
        } 
		
		access_log logs/www.dahongwa.com.log;
    }
	
  } 



timer_resolution  100ms;
worker_processes  4;#            ,     

reset_timedout_conncetion off;                  。
      http  server  location 

recursive_error_pages off;         
      http  server  location 

send_timeout 100;               nginx       。
     http  server  location 


linux       
1 nginx           ,linux      Access        
                       
        /dev/sdb1 /dataext3 defaults 0 0
         /dev/sdb1 /dataext3 defaults,noatime,nodiratime 0 0
        
2 ulimit -n             1024
  ulimit -u             8040
      /etc/security/limits.conf           
  * soft nofile 65535
  * hard nofile 65535
  * soft nproc  65535
  * hard nproc  65535
        

                 nginx    
  worker_rlimit_nofile  65535

3     TCP    
 fs.file-max = 65535

kernel.pid_max = 65536
 

net.ipv4.tcp_syncookies = 1

net.ipv4.tcp_synack_retries = 2

net.ipv4.tcp_syn_retries = 2

net.ipv4.tcp_timestsmps = 0

net.ipv4.tcp_tw_reuse = 1

net.ipv4.tcp_tw_recycle = 1

net.ipv4.tcp_fin_timeout = 30


net.ipv4.tcp_keepalive_time = 1200

net.ipv4.ip_local_port_range = 10000 65535

net.ipv4.tcp_max_syn_backlog = 8192

net.ipv4.tcp_max_tw_buckets = 5000


net.ipv4.tcp_wmem = 8192 436600 873200

net.ipv4.tcp_rmem  = 32768 436600 873200

net.ipv4.tcp_mem = 94500000 91500000 92700000

net.ipv4.tcp_max_orphans = 3276800



net.core.netdev_max_backlog = 32768

net.core.somaxconn = 32768

net.core.wmem_default = 8388608

net.core.rmem_default = 8388608

net.core.rmem_max = 16777216

net.core.wmem_max = 16777216

sysctl -p /etc/sysctl.conf        //   :    /etc/sysctl.conf  

4         

5     
  limit_rate  4K //                   ,      ,         ,
                 2 。     no
      :http  server location  if in location

  limit_rate_after 3m //        3m         ,    1m.
       http  server location  if in location

       
   location /download{
     
     limit_rate_after  3m;
     limit_rate 512k;
  }

            3m      51k     。

6 limit_zone       zone               no
  FX: 
      limit_zone someone $binary_remote_addr 10m; 

        someone   zone,           10m
  $binary_remote_addr     4  ,         。    IP        7-15   。
        http

7 limit_conn               ,             503    no
        http  server location 

8 limit_conn_log_level                
     limit_conn_log_level info|notice|warn|error
     error
      http server location

     
  http{
   limit_zone  someone $binary_remote_addr 10m; 
   server{
   listen 80;
   location /download{
      limit_conn someone 1;
   }
  }

}

    nginx  ,                  ,            
            ,          ,        ,       IP      。
                 。

  
9   nginx    
                  http     server_tokens off;

10 open_log_file_cache                                 ,                
         。    off
      :max                。
     inactive :                              。   10 。
     min_uses         。                                     ,   1.
     valid                ,     60 。
      open_log_file_cache  max=1000 inactive=20s min_uses=2 valid=1m;
         http  server  location 


11 nginx   DDos  
   limit_req_log_level
                     ,      warn      http 。
   
   limit_req_zone
            ,        ,           ,       ,
                    ,          $binary_remote_addr               zone   someone
                10mb                  rate=1r/s      zone       ,           。
                 10   。        ,                。       ,
              (r/s)            (r/m)         http        。

   limit_req        zone someone ,        zone          burst      rate     ,      
               ,            burst ,                ,                   503

          http  server location 

           lsof -i:80|grep nginx |wc -l
          time ab -n 1000 -c 100 http://192.168.3.175/download
  
     DDos           nginx          keepalive_timeout      。


12             
     must-revalidate                。
  add_header  Cache-Control  must-revalidate
        http  location 

13 proxy-revalidate           proxy     nginx           。
   add_header  Cache-Control  proxy-revalidate

14             500  。
   empty_gif
        location
   location = /1.gif{
      empty_gif;
   }
  




좋은 웹페이지 즐겨찾기