Nginx配置文件nginx.conf详解
http://nginx.org/en/books.html
nginx可以平滑升级
server继承main,location继承server,upstream既不会继承其他设置也不会被继承。在这四个部分当中,每个部分都包含若干指令,这些指令主要包含Nginx的主模块指令、事件模块指令、HTTP核心模块指令,同时每个部分还可以使用其他HTTP模块指令,例如Http SSL模块、HttpGzip Static模块和Http Addition模块等。
1.公共模块
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
user www www;
worker_processes auto;
worker_rlimit_nofile 65535;
worker_cpu_affinity auto;
erroe_log logs/error.log info;
pid logs/nginx.pid;
|
2.events模块
1
2
3
4
5
6
7
8
9
10
11
| events
{
use epoll;
worker_connections 65535;
reuse_port on;
}
|
3.http模块
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
| http
{
include mime.types;
default_type application/octet-stream;
client_header_buffer_size 32k;
large_client_header_buffers 4 64k;
client_max_body_size 8m;
server_names_hash_bucket_size 128;
autoindex on;
log_format main '$remote_addr $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'$http_user_agent $http_x_forwarded_for $request_time $upstream_response_time $upstream_addr $upstream_status';
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
}
|
4.FastCGI模块
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
| FastCGI相关参数是为了改善网站的性能:减少资源占用,提高访问速度
fastcgi_connect_timeout 300s;
fastcgi_send_timeout 300s;
fastcgi_read_timeout 300s;
fastcgi_buffer_size 128k;
fastcgi_buffers 8 128k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_cache_path /cache1/wpcache levels=1:2 keys_zone=yangfannie:250m inactive=1d max_size=1G;
fastcgi_temp_path /cache1/wpcache/temp;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
fastcgi_cache_use_stale error timeout invalid_header http_500;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
|
5.gzip模块
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
|
6.upstream模块
| 参数名 |
用途 |
| fail_timeout |
设置的时间内服务器没有响应则认为服务器失效,默认10s |
| max_fails |
允许连接失败的次数,默认1 |
| fail_time |
服务器被移除轮询队列的时间,默认10s(在移除的时间内不再被轮询请求) |
| backup |
标记该服务器为备用服务器,当主服务器宕机时,它将会代替主服务器接收请求 |
| down |
标记此服务器永久停机 |
nginx的upstream目前支持的5种方式的分配
1、轮询(默认)
每个请求按时间顺序逐一分配到不同的后端服务器,如果后端服务器down掉,能自动剔除。
2、weight
指定轮询几率,weight和访问比率成正比,用于后端服务器性能不均的情况。
例:weight设置权重,下面运行结果是1.2server运行5次,1.3server运行10次
1
2
3
4
| upstream test {
server 10.1.1.107:88 max_fails=3 fail_timeout=3s weight=5;
server 10.1.1.132:80 max_fails=3 fail_timeout=3s weight=10;
}
|
3、ip_hash
每个请求按访问ip的hash结果分配,这样每个访客固定访问一个后端服务器,可以解决session的问题。
例:
1
2
3
4
5
| upstream test{
ip_hash;
server 192.168.1.2;
server 192.168.1.3;
}
|
4、fair(第三方)
按后端服务器的响应时间来分配请求,响应时间短的优先分配。
例:
1
2
3
4
5
| upstream test{
server 192.168.1.2;
server 192.168.1.3;
fair;
}
|
5、url_hash(第三方)
按访问url的hash结果来分配请求,使每个url定向到同一个后端服务器,后端服务器为缓存时比较有效。
例:
1
2
3
4
5
6
| upstream test{
server squidIP1:3128;
server squidIP2:3128;
hash $request_uri;
hash_method crc32;
}
|
1
2
3
4
5
6
7
8
|
upstream test{
ip_hash;
server 192.168.1.2:8000 down;
server 192.168.1.3:8080 weight=2;
server 192.168.1.3:6801;
server 192.168.1.3:6802 backup;
}
|
在需要使用负载均衡的server中增加
1
2
3
| location / {
proxy_pass http://test /;
}
|
每个设备的状态设置为:
- down:表示单前的server暂时不参与负载
- weight:默认为1。weight越大,负载的权重就越大
- max_fails:允许请求失败的次数默认为1。当超过最大次数时,返回proxy_next_upstream 模块定义的错误
- fail_timeout:max_fails次失败后,暂停的时间
- backup:其它所有的非backup机器down或者忙的时候,请求backup机器。所以这台机器压力会最轻
7.server模块
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
| server
{
listen 80;
server_name yangfannie.com;
index index.html index.htm index.php default.html default.htm default.php;
root /xxx/yangfannie;
access_log /xxx/xxx/logs/yangfannie.log main;
set $no_cache 0;
if($request_method = POST) {
set $no_cache 1;
}
if($query_string != "") {
set $no_cache 1;
}
if($request_uri ~* "/wp-admin/|/db-upload/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
set $no_cache 1;
}
if($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
set $no_cache 1;
}
location / {
try_files $uri $uri//index.php?$args;
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
rewrite ^/sitemap.xml$ /sitemap.php last;
}
location ~ [^/]\.php(/|$){
try_files $uri=404;
fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_index index.php;
include fastcgi.conf;
fastcgi_cache_bypass $no_cache;
fastcgi_no_cache $no_cache;
add_header X-Cache "$upstream_cache_status From $host";
fastcgi_cache yangfannie;
fastcgi_cache_valid 200 301 302 1d;
}
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off;
log_not_found off;
expires max;
}
}
}
|
8.rewrite模块
配置位置:if, server, location
参数值: rewrite regex replacement [flag],用于以正则表达式匹配特定格式的url并重写url.
regex为正则表达式,replacement为重写的内容,flag为rewrite的标识位
replacement:重写的url带http,表示重定向
1
2
3
4
5
6
| location / {
rewrite /test/(.*) http://www.baidu.com;
set $set_value_test "112233 $request_uri";
return 200 $set_value_test;
}
|
replacement:重写的url不带http,单纯的重写url
1
2
3
4
5
6
7
8
| location / {
rewrite /test/(.*) /breaktest;
}
location = /breaktest {
return 200 "this is breaktest";
}
|
flag:
用于设置重写url后的进一步操作,有break,last,redirect,permanent,不带flag
| 标记 |
特点 |
说明 |
| 无flag |
不改变浏览器地址,返回200或404等,对用户透明 |
多个rewrite指令顺序执行,当location中没有可执行的rewrite模块指令时,重新发起一次location匹配,下面说明各个flag的用途 |
| last ( 默认) |
不改变浏览器地址,返回200或404等,对用户透明 |
终止执行rewrite模块指令集,并开始搜寻重写url后匹配的location |
| break |
不改变浏览器地址,返回200或404等,对用户透明 |
用于停止执行rewrite模块的指令,但是其他模块不受影响。 |
| redirect |
改变浏览器地址 |
返回302临时重定向 |
| permanent |
改变浏览器地址 |
返回301永久重定向 |
9.反向代理配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
| user root owner;
worker_processes 4;
pid /Users/martin/nginx.pid;
events {
accept_mutex on;
multi_accept on;
worker_connections 256;
}
http {
include mime.types;
default_type application/octet-stream;
keepalive_timeout 65;
gzip on;
server {
listen 443 ssl;
server_name app.doodl6.com;
ssl on;
ssl_certificate /Users/martin/Documents/ssl/doodl6.crt;
ssl_certificate_key /Users/martin/Documents/ssl/doodl6.key;
charset UTF-8;
location ~* ^.+\.(xls|woff2|log|jpg|jpeg|gif|png|ico|html|cfm|cfc|afp|asp|lasso|pl|py|txt|fla|swf|zip|js|css|less)$ {
proxy_pass https://127.0.0.1:80;
proxy_set_header Host $http_host;
proxy_set_header referer "$http_referer";
}
location = / {
proxy_pass https://127.0.0.1:8080;
proxy_set_header Host $http_host;
}
location ~ / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $http_host;
}
}
server {
listen 80;
server_name app.doodl6.com;
charset UTF-8;
location ~* ^.+\.(xls|woff2|log|jpg|jpeg|gif|png|ico|html|cfm|cfc|afp|asp|lasso|pl|py|txt|fla|swf|zip|js|css|less|ico)$ {
expires 30s;
root /Users/martin/project/app/front;
}
location ~ / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $http_host;
}
location / {
proxy_pass http://apachephp;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_max_temp_file_size 0;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
}
server{
listen 82;
resolver 8.8.8.8;
resolver_timeout 10s;
location / {
proxy_pass http://$http_host$request_uri;
proxy_set_header Host $http_host;
proxy_buffers 256 4k;
proxy_max_temp_file_size 0;
proxy_connect_timeout 30;
proxy_cache_valid 200 302 10m;
proxy_cache_valid 301 1h;
proxy_cache_valid any 1m;
}
}
server {
listen 80;
server_name proxy.doodl6.com;
charset UTF-8;
location ~ / {
proxy_pass http://127.0.0.1:82;
proxy_set_header Host $http_host;
}
}
}
|
10.负载均衡配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
user dwtedx.com;
worker_processes 1;
error_log logs/error.log;
error_log logs/error.log notice;
error_log logs/error.log info;
pid logs/nginx.pid;
events {
use epoll;
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
access_log logs/access.log;
sendfile on;
keepalive_timeout 65;
tcp_nodelay on;
gzip on;
gzip_disable "MSIE [1-6].(?!.*SV1)";
client_header_buffer_size 1k;
large_client_header_buffers 4 4k;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
upstream mysvr {
server 192.168.8.1:3128 weight=5;
server 192.168.8.2:80 weight=1;
server 192.168.8.3:80 weight=6;
}
server {
listen 80;
server_name dwtedx.com www.dwtedx.com;
access_log logs/www.xx.com.access.log main;
location / {
root /root/workspace;
index index.php index.html index.htm;
fastcgi_pass dwtedx.com;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /root/workspace;
}
location ~ ^/(images|javascript|js|css|flash|media|static)/ {
root /var/www/virtual/htdocs;
expires 30d;
}
location ~ .php$ {
root /root/workspace;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /home/www/www$fastcgi_script_name;
include fastcgi_params;
}
location /NginxStatus {
stub_status on;
access_log on;
auth_basic "NginxStatus";
auth_basic_user_file conf/htpasswd;
}
location ~ /.ht {
deny all;
}
}
}
|
11.平滑重启
1
2
3
4
| #先检查配置文件是否正确
nginx -t
#重载配置文件
nginx -s reload
|
