nginx configuration and instructions

Nginx configuration and description: #Define

the user and user group that Nginx runs
    user www www;
    
    #nginx process number, it is recommended to set it equal to the total number of CPU cores.
    worker_processes 4; #Definition
    
    type of global error log, [ debug | info | notice | warn | error | crit ]
    error_log ar/loginx/error.log notice; #Process
    
    file
    pid ar/runinx.pid; #One
    
    nginx process opens the most The theoretical value of the number of file descriptors should be the maximum number of open files (the system value ulimit -n) divided by the number of nginx processes, but nginx allocates requests unevenly, so it is recommended to keep the value of ulimit -n consistent.
    worker_rlimit_nofile 131072; #Working
    
    mode and connection limit
    events
    {
    #Reference event model, use [ kqueue | rtsig | epoll | /dev/poll | select | poll ]; The epoll model is a high-performance network I/ in the kernel of Linux version 2.6 and above The O model, if running on FreeBSD, use the kqueue model.
    use epoll; #Maximum
    number of connections for a single process (maximum number of connections = number of connections * number of processes)
    worker_connections 65535;
    } #Set
    
    http server
    http
    {
    include mime.types; #File extension and file type mapping table
    default_type application/octet-stream; #Default file type#
    charset utf-8; #Default encoding
    server_names_hash_bucket_size 128; #Server The hash table size of the name
    client_header_buffer_size 32k; #Upload file size limit
    large_client_header_buffers 4 64k; #Set the request buffer
    client_max_body_size 8m; #Set the request buffer
    sendfile on; #Enable the efficient file transfer mode, the sendfile instruction specifies whether nginx calls the sendfile function to output File, set to on for common applications. If it is used for applications such as downloading and other applications with heavy disk IO load, it can be set to off to balance the processing speed of disk and network I/O and reduce the load of the system. Note: If the picture is not displayed properly, change this to off.
    autoindex on; #Enable directory list access, suitable for download servers, closed by default.
    tcp_nopush on; #Prevent network blocking
    tcp_nodelay on; #Prevent network blocking
    keepalive_timeout 120; #Long connection timeout, in seconds
    
  
    
    #gzip module setting
    gzip on; #Enable gzip compression output
    gzip_min_length 1k; #Minimum compressed file size
    gzip_buffers 4 16k; #Compression buffer
    gzip_http_version 1.0; #Compression version (default 1.1, If the front end is squid2.5, please use 1.0)
    gzip_comp_level 2; #Compression level
    gzip_types text/plain text/html text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
    # The compression type already contains textml by default, so there is no need to write it below, and there will be no problem in writing it, but there will be a warn.
    gzip_vary on;
    #limit_zone crawler $binary_remote_addr 10m; #When you want to limit the number of IP connections, you need to use
     ##Use the cache#
proxy_redirect off;
    proxy_set_header Host $host;
    proxy_set_header        X-Real-IP       $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_connect_timeout   500;
    proxy_send_timeout      500;
    proxy_read_timeout      500;
    proxy_buffers           32      4k;
    proxy_buffering on;
proxy_temp_path   /opt/nginx/nginx_cache/proxy_temp_dir;
proxy_cache_path  /opt/nginx/nginx_cache/proxy_cache_dir  levels=1:2   keys_zone=cache_one:200m inactive=30m max_size=8g;

#
log_format new_log  ' $upstream_cache_status $host$uri$is_args$args   $remote_addr - $args - $remote_user [$time_local] $request '
'"$status" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

    upstream boce.gjp.com {
    #Upstream load balancing, weight is the weight, which can be defined according to the machine configuration. The weight parameter represents the weight, and the higher the weight, the greater the probability of being assigned. jvm_route synchronization, srun_id: name set in tomcat
; fail_timeout: timeout;
server 192.168.10.45:8080 weight=3 max_fails=2 fail_timeout=15s srun_id=jvm45;
server 192.168.10.46:8080 weight=10 max_fails=2 fail_timeout=15s srun_id =jvm46;
jvm_route $cookie_JSESSIONID|sessionid reverse;
check interval=3000 rise=2 fall=5 timeout=1000;
  
    } #Virtual
    
    host configuration
    server
    {
    #Listening port
    listen 80; #There
    can be multiple domain names, separated by spaces
    server_name boce.gjp.com, gjp.com;
    index index.html index.htm ;
    root /data/www/jsp;
    location ~ .*.(jsp|do)?$
    {
         proxy_next_upstream http_502 http_504 error timeout invalid_header;
proxy_cache cache_one;
proxy_cache_valid  200 304 1d;
proxy_cache_valid any 1d;
proxy_cache_key $host$uri$is_args$args;
proxy_set_header X-Forwarded-For  $remote_addr;
proxy_pass http:// boce.gjp.com
    #   proxy_pass  http://192.168.10.45:8080;
    proxy_set_header        X-Real-IP       $remote_addr;
proxy_set_header Host $host:$server_port;
index  index.html index.jsp login.jsp index.htm;
#proxy_redirect     off;
expires      1d;
    }
    #图片缓存时间设置
    location ~ .*.(gif|jpg|jpeg|png|bmp|swf)$
    {
    expires 10d;
    }
    #JS and CSS cache time settings
    location ~ .*.(js|css)?$
    {
    expires 1h;
    }
    #Log Format setting
    log_format access '$remote_addr - $remote_user [$time_local] "$request" '
    '$status $body_bytes_sent "$http_referer" '
    '"$http_user_agent" $http_x_forwarded_for'; #Define
    the access log of this virtual host
    access_log ar/ loginx/ha97access.log access; #Enable
    
    reverse proxy for "/"
    location / {
    proxy_pass http://boce.gjp.com
    proxy_redirect off;
    proxy_set_header X-Real-IP $remote_addr;
    #The back-end web server can obtain the user's real IP through X-Forwarded-For
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #The
    following are some reverse proxy configurations, optional.
    proxy_set_header Host $host;
    client_max_body_size 10m; #Maximum number of bytes of a single file allowed by the client request
    client_body_buffer_size 128k; #The maximum number of bytes that the buffer proxy buffers the client request,
    proxy_connect_timeout 90; #nginx connects to the backend server and the timeout time ( Proxy connection timeout)
    proxy_send_timeout 90; #Backend server data return time (Proxy send timeout)
    proxy_read_timeout 90; #After the connection is successful, the backend server response time (proxy receive timeout)
    proxy_buffer_size 4k; #Set the proxy server (nginx) to save the user Header buffer size
    proxy_buffers 4 32k; #proxy_buffers buffer, the average web page is set below 32k
    proxy_busy_buffers_size 64k; #Buffer size under high load (proxy_buffers*2)
    proxy_temp_file_write_size 64k;
    #Set the size of the cache folder, if it is larger than this value, it will be transmitted from the upstream server
    } #Set
    
    the address for viewing Nginx status
    location /NginxStatus {
    stub_status on;
    access_log on;
    auth_basic "NginxStatus";
    auth_basic_user_file confpasswd;
    #htpasswd file content can be Generated with the htpasswd tool provided by apache.
    }
    
   
    #All static files are read directly by nginx without tomcat or resin
    location ~ .*.(htm|html|gif|jpg|jpeg|png|bmp|swf|ioc|rar|zip|txt|flv|mid|doc |ppt|pdf|xls|mp3|wma)$
    { expires 15d; }
    location ~ .*.(js|css)?$
    { expires 1h; }
    }
    }


More detailed configuration instructions: https://www.nginx.com /resources/wiki/


Prevent domain names from being maliciously resolved:

server {
    listen       80  default_server;
    server_name  wwww.test.com www.test2.com;
    return       444;
}