Detailed meaning of nginx configuration
Nginx is a very powerful web server plus reverse proxy server, as well as a mail server and so on.
In project use, the three most used core functions are reverse proxy, load balancing and static server.
The use of these three different functions is closely related to the configuration of nginx. The configuration information of the nginx server is mainly concentrated in the configuration file nginx.conf, and all configurable options are roughly divided into the following parts
main # 用于进行nginx全局信息的配置
events {
# nginx工作模式配置
}
http {
# 用于进行http协议信息的一些配置
....
server {
# 用于进行服务器访问信息的一些配置
....
location {
# 用于进行访问路由的配置
....
}
location path {
....
}
location otherpath {
....
}
}
server {
....
location {
....
}
}
upstream name {
# 用于进行负载均衡的配置
....
}
main module
user nobody nobody; #user用来指定nginx worker进程运行用户以及用户组,默认nobody账号运行
worker_processes 2; #worker_processes指定nginx要开启的子进程数量,运行过程中监控每个进程消耗内存(一般几M~几十M不等)根据实际情况进行调整,通常数量是CPU内核数量的整数倍
error_log logs/error.log #error_log定义错误日志文件的位置及输出级别【debug / info / notice / warn / error / crit】
error_log logs/error.log notice
error_log logs/error.log info
pid logs/nginx.pid #pid用来指定进程id的存储文件的位置
worker_rlimit_nofile 1024;# #worker_rlimit_nofile用于指定一个进程可以打开最多文件数量的描述
event module
event {
worker_connections 1024; #worker_connections 指定最大可以同时接收的连接数量,这里一定要注意,最大连接数量是和worker processes共同决定的
multi_accept on; #multi_accept 配置指定nginx在收到一个新连接通知后尽可能多的接受更多的连接
use epoll; #use epoll 配置指定了线程轮询的方法,如果是linux2.6+,使用epoll,如果是BSD如Mac请使用Kqueue
}
The http module is
used as a web server. The http module is the core module of nginx. There are many configuration items. Many actual business scenarios will be set in the project. Appropriate configuration should be made according to the hardware information. Under normal circumstances, the default configuration is used. Can
##
# 基础配置
##
sendfile on; #配置on让sendfile发挥作用,将文件的回写过程交给数据缓冲去去完成,而不是放在应用中完成,这样的话在性能提升有有好处
tcp_nopush on; #让nginx在一个数据包中发送所有的头文件,而不是一个一个单独发
tcp_nodelay on; #让nginx不要缓存数据,而是一段一段发送,如果数据的传输有实时性的要求的话可以配置它,发送完一小段数据就立刻能得到返回值,但是不要滥用哦
keepalive_timeout 65; #给客户端分配连接超时时间,服务器会在这个时间过后关闭连接。一般设置时间较短,可以让nginx工作持续性更好
client_header_timeout 10; #设置请求头的超时时间
client_body_timeout 10:设置请求体的超时时间
limit_conn_zone $binary_remote_addr zone=addr:5m; #设置用于保存各种key的共享内存的参数,
limit_conn addr 100; #给定的key设置最大连接数
types_hash_max_size 2048; #混淆数据,影响散列冲突率,值越大消耗内存越多,散列key冲突率会降低,检索速度更快;值越小key,占用内存较少,冲突越高,检索速度变慢
# server_tokens off; #虽然不会让nginx执行速度更快,但是可以在错误页面关闭nginx版本提示,对于网站安全性的提升有好处哦
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types; #指定在当前文件中包含另一个文件的指令
default_type application/octet-stream; #指定默认处理的文件类型可以是二进制
##
# SSL证书配置
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE #指令用于启动特定的加密协议,nginx在1.1.13和1.0.12版本后默认是ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2,TLSv1.1与TLSv1.2要确保OpenSSL >= 1.0.1 ,SSLv3 现在还有很多地方在用但有不少被攻击的漏洞。
ssl_prefer_server_ciphers on; #设置协商加密算法时,优先使用我们服务端的加密套件,而不是客户端浏览器的加密套件
##
# 日志配置
##
access_log /var/log/nginx/access.log; #设置存储访问记录的日志
error_log /var/log/nginx/error.log; #设置存储记录错误发生的日志
##
# Gzip 压缩配置
##
gzip on;
gzip_disable "msie6";
gzip_vary on; #是告诉nginx采用gzip压缩的形式发送数据。这将会减少我们发送的数据量。
gzip_proxied any; #允许或者禁止压缩基于请求和响应的响应流。我们设置为any,意味着将会压缩所有的请求。
gzip_comp_level 6; #设置数据的压缩等级。这个等级可以是1-9之间的任意数值,9是最慢但是压缩比最大的。我们设置为4,这是一个比较折中的设置。
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript
text/xml application/xml application/xml+rss text/javascript; #设置需要压缩的数据格式。
##
# 虚拟主机配置
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
server module
server {
#一个虚拟主机的配置,一个http中可以配置多个server
listen 80;
server_name localhost 192.168.1.100; #用来指定ip地址或者域名,多个配置之间用空格分隔
root /nginx/www; #表示整个server虚拟知己内的根目录,所有当前主机中web项目的根目录
index index.php index.html index.html; #用户访问web网站时的全局首页
charset utf-8; #用于设置www/路径中配置的网页的默认编码格式
access_log logs/access.log; #用于指定该虚拟主机服务器中的访问记录日志存放路径
error_log logs/error.log; #用于指定该虚拟主机服务器中访问错误日志的存放路径
......
}
Location module The
location module is the most common configuration in nginx configuration. It is mainly used to configure the routing access information
to be associated with reverse proxy, load balancing and other functions in the routing access information configuration. Therefore, the location module is also a very important configuration. Module
location / {
#表示匹配访问根目录
root /nginx/www; #用于指定访问根目录时,访问虚拟主机的web目录
index index.php index.html index.htm; #在不指定访问具体资源时,默认展示的资源文件列表
}
Reverse proxy configuration mode
Through the reverse proxy proxy server access mode, the client access is made transparent through proxy_set configuration
location / {
proxy_pass http://localhost:8888;
proxy_set_header X-real-ip $remote_addr;
proxy_set_header Host $http_host;
}
The upstream module
upstream module is mainly responsible for the configuration of load balancing, and distributes requests to the back-end server through the default round-robin scheduling method. The
simple configuration method is as follows
upstream name {
ip_hash; #指定请求调度算法,默认是weight权重轮询调度,可以指定
server 192.168.1.100:8000; #分发服务器的列表配置
server 192.168.1.100:8001 down;
server 192.168.1.100:8002 max_fails=3;
server 192.168.1.100:8003 fail_timeout=20s;
server 192.168.1.100:8004 max_fails=3 fail_timeout=20s;
}
Among them
-down means that the host has suspended the service
-max_fails means the maximum number of failures, and the service is suspended
if the maximum number of failures exceeds the maximum number of failures -fail_timeout: means that if the request fails to be accepted, the request will be re-initiated after the specified time has been suspended