nginx + ssl(https)

8640 단어 nginx



#user  nobody;
worker_processes  4;#      ,     cpu    
worker_cpu_affinity 00000001 00000010 00000011 00000101;
timer_resolution  100ms;
error_log logs/error.log error; #          ,   notice  。  debug、info、warn、error、crit  ,debug    ,。 
pid     nginx.pid;
worker_rlimit_nofile 102400; #    nginx              ,                 
events {
    use epoll;
    worker_connections  1024000;#     
}

http {
    include       mime.types;
	default_type  application/octet-stream;
	#include     proxy.conf;  #         
	reset_timedout_connection on; #                 。
	recursive_error_pages on; #        
	limit_conn_zone $binary_remote_addr zone=dahongwa:10m; #      zone               no
	limit_conn dahongwa 25;#             ,             503    no
	limit_req_zone  $binary_remote_addr  zone=dahongwa2:10m rate=1r/s;
	server_tokens off;
	#add_header  Cache-Control  must-revalidate;
	#add_header  Cache-Control  proxy-revalidate;
	limit_conn_log_level error;
	log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; 
	log_format cache '***$time_local '
                    '$upstream_cache_status '
                    'Cache-Control: $upstream_http_cache_control '
                    'Expires: $upstream_http_expires '
                    '"$request" ($status) '
                    '"$http_user_agent" ';
	client_max_body_size 30m; #                     
	sendfile on; #           
	tcp_nopush on; #         
	charset utf-8;
	keepalive_timeout 120; #                  
	client_header_timeout 10; #                
	client_body_timeout 10; #                  
	client_header_buffer_size 4k;
	open_file_cache max=102400 inactive=20s;#max      ,inactive                   。
	open_file_cache_valid 30s;#30            
	open_file_cache_min_uses 1;#            1     
	
	send_timeout 10; #              
	  
	proxy_http_version "1.1";
	proxy_cache_key $host$uri$is_args$args; 
	proxy_cache_valid  200 304 302 24h;
	proxy_temp_file_write_size 10m;
	proxy_temp_path /usr/local/nginx/nginx_cache/temp_dir;
	proxy_cache_path /usr/local/nginx/nginx_cache/cache  levels=1:2 keys_zone=cache_one:200m inactive=1d max_size=1g;
	
	proxy_connect_timeout 300s;
	proxy_send_timeout   900;
	proxy_read_timeout   900;
	proxy_buffer_size    32k;
	proxy_buffers     8 128k;
	proxy_busy_buffers_size 256k;
	#proxy_redirect     off;
	#proxy_hide_header  Vary;
	proxy_set_header   Accept-Encoding '';
	proxy_set_header   Host   $host;
	proxy_set_header   Referer $http_referer;
	proxy_set_header   Cookie $http_cookie;
	proxy_set_header   X-Real-IP  $remote_addr;
	proxy_set_header REMOTE-HOST $remote_addr;
	proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
	
	#httpGzip modules 
	gzip on; #  gzip   
	gzip_disable "MSIE [1-6].";#  IE1-6  
	gzip_min_length 1k; #               
	gzip_buffers 8 48k; #  4    16K             
	gzip_http_version 1.1; #    http     ,   1.1 
	gzip_comp_level 2; #  gzip   ,1-9     ,     ,    . 
	gzip_types text/plain application/x-javascript text/css text/javascript application/x-httpd-php ;#image/jpeg image/gif image/png;
	
	#       
	upstream www.dahongwa.com{ 
	       ip_hash; 
		   #server 192.168.0.11*:8081 weight=10 max_fails=4 fail_timeout=30s;
		   #server 192.168.0.11*:8082 weight=10 max_fails=4 fail_timeout=30s;
		    server 192.168.0.11*:8083 weight=10 max_fails=4 fail_timeout=30s;
		    #server 192.168.0.11*:8084 weight=10 max_fails=4 fail_timeout=30s;
	}
	
	
	#       
	upstream img.dahongwa.com{ 
		   server 192.168.0.12*:9019 weight=10 max_fails=4 fail_timeout=30s;
		   #server 192.168.0.12*:9019 weight=10 max_fails=4 fail_timeout=30s;
	}
	
	upstream https.dahongwa.com{ 
		   server 192.168.0.1*:8443 weight=10 max_fails=4 fail_timeout=30s;
		   #server 192.168.0.1*:8444 weight=10 max_fails=4 fail_timeout=30s;
	}
	

	###    ip    
	#server{
        #server_name _;
        #return 404;
        #access_log   off;
        #}
	
    server {
	    listen       80;
        server_name   www.dahongwa.com  dahongwa.com   *.dahongwa.com ;
        root www.dahongwa.com;
        location /{
		   index  index.html  index.jsp index.htm;   
		   proxy_redirect off;
		   proxy_pass http://www.dahongwa.com;  #
		 }
	
		 location ~ .*\.(sh|bash)(.*){ 
			rewrite ^/(.*) http://www.dahongwa.com; 
		}
		location ~ /common/.*\.(gif|jpg|png|htm|jpeg|bmp|html|flv|ico|swf|doc)(.*) {
				if ( -f $request_filename ) {
					expires 10y;
			  }
			  proxy_cache cache_one;
			  proxy_cache_valid  200 304 302 24h;
			  proxy_cache_valid any 10m;
              proxy_cache_key $host$uri$is_args$args;
              proxy_redirect off;
              proxy_set_header Host $host;
			  proxy_set_header   X-Forwarded-For $remote_addr;
              proxy_cache_use_stale error timeout invalid_header http_500 http_502 http_503 http_504 http_404;
			  proxy_cache_methods GET HEAD POST;  
              proxy_cache_min_uses 1;			  
			  expires max;
			  #access_log logs/static.img.dahongwa.com.log;
			  access_log off;
        }
		
		location ~ /purge(/.*) {  
		    allow 10.244.1.170;
			allow 10.1.7.114;  
			allow 10.1.7.115;  
			#deny  all;  
            # proxy_cache_purge cache_one $host$uri$is_args$args;
        } 
		#access_log logs/www.dahongwa.com.log;
		access_log off;
    }
	
	server {
	    listen       80;
        server_name img.dahongwa.com www.img.dahongwa.com  *.img.dahongwa.com;
        root www.dahongwa.com;
        location /{
			  index  index.html  index.jsp index.htm;   
		      proxy_cache cache_one;
			  proxy_cache_valid  200 304 302 24h;
			  proxy_cache_valid any 10m;
              proxy_cache_key $host$uri$is_args$args;
              proxy_redirect off;
              proxy_set_header Host $host;
			  proxy_set_header   X-Forwarded-For $remote_addr;
              proxy_cache_use_stale error timeout invalid_header http_500 http_502 http_503 http_504 http_404;
			  proxy_cache_methods GET HEAD POST;  
              proxy_cache_min_uses 1;			  
			  expires 10y;
			  proxy_pass http://img.dahongwa.com;  #     
			  #access_log logs/photo.9019.dahongwa.com.log;
			  access_log off;
		 }	
		 
		  ##     
		location ~ /photoserver/.*\.(gif|jpg|png|htm|jpeg|bmp|html|flv|ico|swf|doc)(.*) {
		      #root nginx_cache/cache;
			  if (!-f $request_filename) {
					proxy_pass http://img.dahongwa.com;  #     
				}
              proxy_cache_use_stale error timeout invalid_header http_500 http_502 http_503 http_504 http_404;
			  proxy_cache_methods GET HEAD POST;  
              proxy_cache_min_uses 1;			  
			  expires max;
			  access_log logs/img.dahongwa.com.log;
        }
		 
    }
	
	server { 
		listen 443 ssl; 
		server_name  https.dahongwa.com;
		ssl on; 
		ssl_certificate /usr/local/nginx/conf/cert/1_www.dahongwa.com_bundle.crt;
		ssl_certificate_key /usr/local/nginx/conf/cert/2_www.dahongwa.com.key;
		ssl_session_timeout 10m; 
		ssl_session_cache shared:SSL:10m;
		ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
		ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+EXP;
		ssl_prefer_server_ciphers on; 
		keepalive_timeout 70;
 
		location / { 
		proxy_pass https://https.dahongwa.com; 
		proxy_set_header Host $host:443;  
        proxy_set_header X-Real-IP $remote_addr;  
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;  
        proxy_set_header Via "nginx";
		} 
	}
}


좋은 웹페이지 즐겨찾기