目录
1. 安装与升级
- 默认编译是不带ssl, stream四层转发等module的, 所以编译的时候最好带上常用的这些模块
使用
--prefix=/usr 顺便指定一下安装目录$ cd nginx-1.15.9 $ ./configure --prefix=/usr/local/nginx \ --prefix=/opt/nginx \ –-conf-path=/etc/nginx/nginx.conf --with-http_ssl_module \ --with-stream
config之后生成的中间文件会生成在objs目录下, 里面指定了哪些module会被编译进nginx中.
- 使用make或者gmake命令 (这俩在linux下是一样的) 编译, 编译完成之后就会生成nginx的二进制文件, 同样是在objs目录下
- 使用make install 把二进制文件等文件安装到prefix指定的目录下 (如果是升级nginx则不能执行这一步)
升级的时候用新编译好的nginx二进制文件替换之前的二进制文件, 然后给nginx master进程发送一个信号 ‘kill -USR2 pid’, 等待新的master进程启动之后 , 再给旧的master进程发送一个信号 ‘kill -WINCH pid’ 把所有的worker进程切换过去, 需要注意老的master进程需要手动kill (因为如果新的master进程如果有问题还能退回到老的master进程)
2. 配置文件
#user nobody; # CPU核心数-1 worker_processes 3; # nginx错误日志的目录 #error_log logs/error.log; error_log logs/error.log notice; #error_log logs/error.log info; # nginx进程id记录文件路径 pid logs/nginx.pid; # 单个进程可打开的最大文件数量 worker_rlimit_nofile 1024; events { # epoll 模型对事件处理进行优化 use epoll; # 客户端最大连接数,建议与单个进程可打开的最大文件数量保持一致 worker_connections 1024; } http { # 隐藏nginx版本信息 server_tokens off; include mime.types; default_type application/octet-stream; # 日志格式 log_format main '[time:$request_time s] $remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"' '$upstream_addr $upstream_response_time $request_time $upstream_status ' '"$http_range" "$sent_http_content_range"' '"$gzip_ratio"' '"$query_string"' '"-http_refer:$http_referer"'; # nginx日志缓存,降低日志IO。 open_log_file_cache max=10240 inactive=60s valid=1m min_uses=2; # 文件上传大小 client_max_body_size 100m; client_header_buffer_size 64k; large_client_header_buffers 4 4k; # 压缩配置 gzip on; gzip_min_length 2k; gzip_buffers 4 16k; gzip_comp_level 3; gzip_vary on; gzip_types text/plain application/x-javascript application/javascript application/css text/css application/xml application/json; # 缓存配置 proxy_connect_timeout 3600s;# Nginx与代理的服务连接超时时间(Nginx请求代理服务) proxy_read_timeout 3600s; # Nginx从代理服务读取文件超时时间 proxy_send_timeout 3600s; # Nginx向代理服务写入文件超时时间 proxy_buffer_size 512k; # 客户端请求头header大小 proxy_buffers 64 512k; # 缓冲区的大小和数量 proxy_busy_buffers_size 512k; # proxy_temp_file_write_size 512k; # ## 当上游服务器的响应过大不能存储到配置的缓冲区域时,Nginx存储临时文件硬盘路径 ,设置为服务器上存在的目录 proxy_temp_path /usr/local/nginx1.20/cache_temp_path; # 注意【cache_one】,后续的location会用到 proxy_cache_path /usr/local/nginx1.20/cache_path levels=1:2 keys_zone=cache_one:500m inactive=1d max_size=10g use_temp_path=off; # proxy_cache_key $host$request_uri; client_body_buffer_size 10240k; output_buffers 8 64k; postpone_output 1460; client_header_timeout 120s; client_body_timeout 120s; sendfile on; keepalive_timeout 65; upstream cwbb { # 会话保持,必须安装sticky模块 sticky name="hellosticky"; server 192.168.137.121:8080 max_fails=5 fail_timeout=600s weight=10; server 192.168.137.121:8081 max_fails=5 fail_timeout=600s weight=10; server 192.168.137.121:8083 max_fails=5 fail_timeout=600s weight=10; server 192.168.137.121:8084 max_fails=5 fail_timeout=600s weight=10; check interval=3000 rise=2 fall=5 timeout=1000 type=http; } server { listen 80; server_name localhost; # 如果没有配置https证书,则listen 443 ssl; ssl_certificate; ssl_certificate_key; ssl_session_cache; ssl_session_timeout;都可以用#注释 #listen 443 ssl; #ssl_certificate /usr/local/nginx1.20/cert/xxx.crt; #ssl_certificate_key /usr/local/nginx1.20/cert/xxx.key; #ssl_session_cache shared:SSL:10m; #ssl_session_timeout 5m; #ssl_ciphers HIGH:!aNULL:!MD5; #ssl_prefer_server_ciphers on; location ~* ^.+\.(jpg|jpeg|gif|png|js|ttf|css|json|)$ { proxy_pass http://cwbb; proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie; proxy_cache off; proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 180; proxy_send_timeout 180; proxy_read_timeout 180; proxy_buffer_size 128k; proxy_buffers 4 128k; proxy_busy_buffers_size 128k; proxy_temp_file_write_size 128k; proxy_cache_valid 200 304 302 24h; proxy_cache_key $server_addr$uri$is_args$args; add_header Cache-Control no-cache; } # check模块配置 location /check_status { check_status; access_log off; } # stub模块配置 location /stub_status { stub_status; access_log off; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } ## 根目录访问 ,如果有其他需要代理的路径,则依次增加location即可 location / { ## 如果信息中心强制禁止不安全的请求类型,增加如下配置,GET|POST|HEAD是允许的请求类型 if ($request_method !~ ^(GET|POST|HEAD)$) { return 403 '{"timestamp":"2019-05-30T12:39:03.593","success":false,"errorCode":"403","errorMessage":"不安全的请求类型:$request_method","errorDetail":"不安全的URL:$request_uri","data":null}'; } proxy_pass http://cwbb; limit_rate 400k; limit_rate_after 5m; proxy_connect_timeout 1200; proxy_send_timeout 1200s; proxy_read_timeout 1200s; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; add_header Cache-Control no-cache; } } }
日志自定义格式(json, 可定义在http语句块内)
注意自定义日志格式名称不能为combined, 因为这是nginx默认的日志格式名称
log_format log_json '{"@timestamp": "$time_local", ' '"remote_addr": "$remote_addr", ' '"referer": "$http_referer", ' '"request": "$request", ' '"status": $status, ' '"bytes": $body_bytes_sent, ' '"agent": "$http_user_agent", ' '"x_forwarded": "$http_x_forwarded_for", ' '"up_addr": "$upstream_addr",' '"up_host": "$upstream_http_host",' '"up_resp_time": "$upstream_response_time",' '"request_time": "$request_time"' ' }'; access_log logs/access.log log_json; # 引用日志格式名称
3. 日志切割
4. 指令详解
正则表达式与server_name
关于server_name_in_redirect :
Rewrite指令
Location指令
参考博客:
