Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nginx配置 #12

Open
gaofant101 opened this issue Nov 6, 2017 · 0 comments
Open

Nginx配置 #12

gaofant101 opened this issue Nov 6, 2017 · 0 comments
Labels
help wanted

Comments

@gaofant101
Copy link
Owner

gaofant101 commented Nov 6, 2017
edited
Loading

@ nginx.conf

入口配置; 其中引入了

  • enhanced_config/*.conf 基础 gzip client proxy expires基础配置
  • conf.d/*.conf 服务配置
  • ssl_config/*.conf ssl套件配置
#
events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # load gzip client proxy expires config
    include /etc/nginx/enhanced_config/*.conf;


    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

#    server {
#        listen       80 default_server;
#        listen       [::]:80 default_server;
#        server_name  www.test.com.cn;
#        rewrite     ^   https://$host$request_uri? permanent;
#       root         /usr/share/nginx/html;

#         Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;

#        location / {
#        }
#
#        error_page 404 /404.html;
#            location = /40x.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#            location = /50x.html {
#        }
#    }

# Settings for a TLS enabled server.

#    server {
#        listen       443 ssl http2 default_server;
#        listen       [::]:443 ssl http2 default_server;
#        server_name  _;
#        root         /usr/share/nginx/html;
#
#        ssl_certificate "www.crt";
#        ssl_certificate_key "www.key";
#        ssl_session_cache shared:SSL:1m;
#        ssl_session_timeout  10m;
#        ssl_ciphers HIGH:!aNULL:!MD5;
#        ssl_prefer_server_ciphers on;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        location / {
#        }
#
#        error_page 404 /404.html;
#            location = /40x.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#            location = /50x.html {
#        }
#    }

}

@ conf.d/*.conf

server {
    listen       443 ssl http2 default_server;
    listen       [::]:443 ssl http2 default_server;
    server_name  www.default.com;
    root         /web/project/build;

    location / {
        index  index.html index.htm;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    location /resumelib/api {
        proxy_pass          www.proxy_pass.com;
        proxy_redirect      off;                #禁止修改header
        #proxy_set_header   Host $host;         #修改发送header的host
        proxy_set_header    X-Real-IP $remote_addr;  #真实IP
        proxy_set_header    X-Real-PORT $remote_port;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    error_page 404 /404.html;
        location = /40x.html {
    }

    error_page 500 502 503 504 /50x.html;
        location = /50x.html {
    }

    location = /favicon.ico {
        log_not_found off;
        access_log off;
        alias /feSrc/static/favicon.ico;
    }

    # load ssl config
    include /etc/nginx/ssl_config/*.conf;

}

@ssl_config/default.conf

#add expires
expires $expires;

#证书文件
ssl_certificate     "www.crt";

#私钥文件
ssl_certificate_key "www.key";

#配置共享会话缓存大小,视站点访问情况设定
ssl_session_cache   shared:SSL:10m;

#配置会话超时时间
ssl_session_timeout 10m;

#加密协议
ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;

#加密套件
ssl_ciphers         HIGH:!aNULL:!MD5;

#HSTS策略
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;

#优先采取服务器算法
ssl_prefer_server_ciphers on;

#减少点击劫持
#add_header X-Frame-Options DENY;

#禁止服务器自动解析资源类型
add_header X-Content-Type-Options nosniff;

#防XSS攻擊
add_header X-Xss-Protection 1;

@ enhanced_config/default.conf

# `gzip` Settings
####

gzip on;
gzip_disable "msie6";

gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;

#设定请求缓冲
client_header_buffer_size    128k;
large_client_header_buffers  4 128k;

#缓冲区代理缓冲用户端请求的最大字节数,可以理解为保存到本地再传给用户
client_max_body_size        100m;
client_body_buffer_size     50m;
client_header_timeout       3m;
client_body_timeout         3m;
send_timeout                3m;

proxy_connect_timeout       300s;                         #nginx跟后端服务器连接超时时间(代理连接超时)
proxy_read_timeout          300s;                         #连接成功后,后端服务器响应时间(代理接收超时)
proxy_send_timeout          300s;
proxy_buffer_size           64k;                          #设置代理服务器(ginx)保存用户头信息的缓冲区大小
proxy_buffers               4 32k;                        #proxy_buffers缓冲区,网页平均在32k以下的话,这样设置
proxy_busy_buffers_size     64k;                          #高负荷下缓冲大小(proxy_buffers*2)
proxy_temp_file_write_size  64k;                          #设定缓存文件夹大小,大于这个值,将从upstream服务器传递请求,而不缓冲到磁盘
proxy_ignore_client_abort   on;                           #不允许代理端主动关闭连接

####
# Expires map
####
map $sent_http_content_type $expires {
    default                    off;
    text/html                  epoch;
    text/css                   max;
    application/javascript     max;
    # application/javascript     epoch;
    ~image/                    max;
}

@ 参考

optimizing-content-efficiency (https://developers.google.com/web/fundamentals/performance/optimizing-content-efficiency/http-caching?hl=zh-cn)

how-to-implement-browser-caching-with-nginx-s-header-module-on-centos-7(https://www.digitalocean.com/community/tutorials/how-to-implement-browser-caching-with-nginx-s-header-module-on-centos-7)

how-to-add-the-gzip-module-to-nginx-on-ubuntu-16-04 (https://www.digitalocean.com/community/tutorials/how-to-add-the-gzip-module-to-nginx-on-ubuntu-16-04)
@gaofant101 gaofant101 changed the title Nginx配置 Nginx配置 Dec 1, 2017
@gaofant101 gaofant101 mentioned this issue Apr 27, 2018
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gaofant101