Linux - Nginx 配置优化

# 主要配置文件

#user  nobody;
worker_processes  auto;     #自动根据cpu分配多少个worker进程
worker_rlimit_nofile 65535;        #worker进程打开的最大值,同ulimit或者/etc/security/limits一起取最小值,如果service启动,需要注意LimitNOFILE的取值,反正取之间最小值
worker_priority -20;    #进程优先级,-20最高
worker_cpu_affinity auto; # CPU亲缘性,避免CPU来回切换,自动绑定CPU

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  100000;    #最大worker链接数,同上面limits文件一样取值
    accept_mutex  on; #惊群,高并发off,低并发on
    multi_accept on;    #开启时,每个worker接收多个网络链接
}


http {
    include       mime.types;    #支持的文件类型
    default_type  application/octet-stream;     #在mime.types找不到,用这个默认类似

    #log_format  main  $remote_addr - $remote_user [$time_local] "$request" 
    #                  $status $body_bytes_sent "$http_referer" 
    #                  "$http_user_agent" "$http_x_forwarded_for";

    #access_log  logs/access.log  main;
    server_tokens off;    #不显示nginx版本,也可自己源码编译,nginx.h更改自己的版本

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  60 65; # 保持链接时间,前者是实际时间,后者是用户看到的时间

#访问日志格式改为json格式,为后面ELK配合使用
    log_format access_json {"@timestamp":"$time_iso8601",
    "host":"$server_addr",    
    "clientip":"$remote_addr",
    "size":$body_bytes_sent,
    "responsetime":$request_time, #总的处理时间
    "upstreamtime":"$upstream_response_time",
    "upstreamhost":"$upstream_addr",   #后端应用服务器处理时间
    "http_host":"$host",
    "uri":"$uri",
    "xff":"$http_x_forwarded_for",
    "referer":"$http_referer",
    "tcp_xff":"$proxy_protocol_addr",
    "http_user_agent":"$http_user_agent",
    "status":"$status"};

# 子配置文件,关于多主机server配置
    include /apps/nginx/conf.d/*.conf;
}

 

主机www.noise.org

server {
    listen 80;

    # HSTS 配置
    listen 443 ssl;
    ssl_certificate /data/certs/noisedu.cn.pem;
    ssl_certificate_key /data/certs/noisedu.cn.key;
    ssl_session_cache shared:sslcache:20m;
    ssl_session_timeout 10m;
    
# 主机名
    server_name www.noise.org;

# 错误日志
    error_log /data/nginx_error.log;

# 定制错误页面
    error_page 500 502 503 504 404 /error.html;
    location /error.html {
           alias /data/error/index.html;
    }


    location /images {
        root /data;
        index index.html index.htm;
# 关images访问日志
        access_log /data/www/access_json.log access_json;
# 自动转换http为https
        if ( $scheme = http ) {
            rewrite ^/(.*)$ https://www.noise.org/$1 redirect;
        }
    }

# 状态页
    location /status {

        stub_status;
        auth_basic "admin log";
        auth_basic_user_file /apps/nginx/conf.d/.htpasswd;
    }


    location /list {
        
        alias /etc/;

        autoindex on; # 开启下载list
        autoindex_localtime on; # 开启本地时间同步
             autoindex_exact_size off; # 不精确大小


        gzip on; # 自动压缩
        gzip_comp_level 9;    # 压缩比,最大9
        gzip_min_length 10k; # 最小压缩大小,小于则不压缩
        gzip_types *    # 压缩类型,默认为text/html, 星号为mime.type文件中的全部类型
        gzip_vary on;    # 响应首部是否加上Vary: Accept-Encoding
    }
    
    #location / {
        #root /data/music;
  # 多文件尝试访问,访问不到则返回500错误
        #try_files $uri $uri.html /about/default.html;
    #}

# 第三方模块 - http://github.com/openresty/echo-nginx-module.git
    location /echo {
        echo $remote_user;
        default_type text/html;
        echo "hello world,main-->";
        echo $remote_addr ;
        echo_reset_timer;
        echo "took $echo_timer_elapsed sec for total.";
    }
}

 

 

主机mobile.noise.org

server {
    listen 80;
    server_name mobile.noise.org;
    
    location /images {
        alias /data/mobile/;
        index index.html index.htm;
              allow 10.0.0.15;
        deny all;    
    }


}

 

访问

[15:39:19 root@centos8 ~]#curl -I http://www.noise.org/status
HTTP/1.1 401 Unauthorized
Server: nginx/1.20.0
Date: Sat, 17 Jul 2021 07:39:27 GMT
Content-Type: text/html
Content-Length: 179
Connection: keep-alive
WWW-Authenticate: Basic realm="admin log"

[16:44:12 root@centos8 ~]#curl -I http://mobile.noise.org
HTTP/1.1 200 OK
Server: nginx/1.20.0
Date: Sat, 17 Jul 2021 09:11:17 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Sun, 11 Jul 2021 13:12:18 GMT
Connection: keep-alive
Keep-Alive: timeout=65
ETag: "60eaee32-264"
Accept-Ranges: bytes


[18:21:33 root@centos8 ~]#curl -I --insecure  https://www.noise.org/images
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 17 Jul 2021 10:22:44 GMT
Content-Type: text/html
Content-Length: 162
Location: https://www.noise.org/images/
Connection: keep-alive
Keep-Alive: timeout=65

[18:02:58 root@centos8 ~]#curl --head --compressed http://www.noise.org/list/ld.so.cache 
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 17 Jul 2021 10:03:30 GMT
Content-Type: application/octet-stream
Last-Modified: Sat, 17 Jul 2021 09:18:25 GMT
Connection: keep-alive
Keep-Alive: timeout=65
ETag: W/"60f2a061-430b"
Content-Encoding: gzip


[16:44:12 root@centos8 ~]#curl -I http://mobile.noise.org
HTTP/1.1 200 OK
Server: nginx/1.20.0
Date: Sat, 17 Jul 2021 09:11:17 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Sun, 11 Jul 2021 13:12:18 GMT
Connection: keep-alive
Keep-Alive: timeout=65
ETag: "60eaee32-264"
Accept-Ranges: bytes


[15:38:13 root@centos8 ~]#curl -I http://xiaoqiang:123456@www.noise.org/status
HTTP/1.1 200 OK
Server: nginx/1.20.0
Date: Sat, 17 Jul 2021 07:39:19 GMT
Content-Type: text/plain
Content-Length: 97
Connection: keep-alive

 

Linux - Nginx 配置优化

上一篇:linux 网络连接数查看方法


下一篇:linux系统中实现文件指定列的互换