外观
nginx
530字约2分钟
nginx
2020-05-07
安装
- brew
brew install nginx - rpm
rpm -ivh nginx-1.10.3-1.el7.ngx.x86_64.rpm - yum
- 依赖
yum -y install gcc pcre-devel zlib-devel openssl openssl-devel - 下载
yum install -y nginx
- 依赖
命令
- 启动
nginx -c /etc/nginx/nginx.conf - 关闭
nginx -s stop - 重启
nginx -s reload - 检查配置文件
nginx -t
配置
映射
host.docker.internal -- 127.0.0.1worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
gzip on; #开启gzip
gzip_min_length 1k; #低于1kb的资源不压缩
gzip_comp_level 3; #压缩级别【1-9】,越大压缩率越高,同时消耗cpu资源也越多,建议设置在4左右。
gzip_types text/plain application/javascript application/x-javascript text/javascript text/xml text/css; #需要压缩哪些响应类型的资源,多个空格隔开。不建议压缩图片,下面会讲为什么。
gzip_disable "MSIE [1-6]\."; #配置禁用gzip条件,支持正则。此处表示ie6及以下不启用gzip(因为ie低版本不支持)
gzip_vary on; #是否添加“Vary: Accept-Encoding”响应头
server {
listen 80 default_server;
server_name 127.0.0.1;
root /home/static_blog/static_blog/;
client_max_body_size 100M;
location / {
try_files $uri $uri/ /index.html;
expires 7d;
log_not_found off;
access_log off;
}
}
}负载均衡
- upstream权重分配
- 轮询(默认):按时间顺序逐个安排
- weight:指定轮询几率
- ip_hash:一个ip访问一台固定服务器
- fair:按响应时间分配
- backup:其他机器都忙时,访问backup机器
#使用用户
#user nobody;
worker_processes 1;
#错误日志存放路径
#error_log logs/error.log;
#error_log logs/error.log notice;
error_log logs/error.log info;
#指定pid存放文件
#pid logs/nginx.pid;
events {
#使用网络IO模型linux建议epoll,FreeBSD建议采用kqueue,window下不指定
#use epoll
#允许最大连接数
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#定义日志格式
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
server_names_hash_bucket_size 64;
client_max_body_size 10m;
upstream portal_server {
# ip_hash;
server 112.74.106.172:8080 weight=2 max_fails=2 fail_timeout=60s;
server 120.76.130.193:8080 weight=2 max_fails=2 fail_timeout=60s;
}
server {
listen 80;
server_name 127.0.0.1;
location / {
proxy_pass http://portal_server/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}HTTPS
- SSL证书上传
- 配置监听
server {
listen 443 ssl;
server_name jcblog.com;
root /home/static_blog/static_blog/;
ssl on;
ssl_certificate /etc/nginx/ssl/3878801_www.jcblog.top.pem;
ssl_certificate_key /etc/nginx/ssl/3878801_www.jcblog.top.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# 指定密码为openssl支持的格式
ssl_protocols SSLv2 SSLv3 TLSv1.2;
location / {
try_files $uri $uri/ /index.html;
# index index.html index.htm;
}
}