Nginx 相关配置
修改默认用户
1 2
| 修改 nginx.conf 中 `user nginx;`,默认用户为 nobody 构建 nginx 时添加参数 `--user=nginx --group=nginx`
|
修改工作进程
1 2 3 4 5 6 7 8 9 10
| worker_processes 4;
worker_rlimit_nofile 10240; event { worker_connections 1024; use epoll; }
|
长连接
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
| http { keepalived_timeout 65;
upstream server_pool { server localhost:8080 weight=1 max_fails=2 fail_timeout=30s; server localhost:8081 weight=1 max_fails=2 fail_timeout=30s; keepalive 300; } location / { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass http://server_pool/; } }
|
高效传输
1 2 3 4
| sendfile on;
tcp_nopush on;
|
压缩
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
| http { gzip on; gzip_http version 1.1; gzip_comp_level 6; gzip_min_length 1k; gzip_buffers 4 16k; gzip disable "MSIE [1-6]\."; gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php application/javascript application/json; gzip_vary on; gzip_proxied any; }
|
缓存
1 2 3 4 5 6 7
| http { location ~* \.(ico|jpe?g|gif|png|bmp|swf|flv)$ { expires 12h; } }
|
防盗链
1 2 3 4 5 6 7 8 9 10 11
| http { server { location ~* \.(gif|jpg|png|swf|flv)$ { root /data/www/images/; valid_referers *.ckx.ink; if ($invalid_referer) { return 404; } } } }
|
跨域
1 2 3 4 5 6 7 8 9 10 11 12
| http { server { add_header 'Access-Control-Allow-Origin' *; add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Allow-Methods' *; add_header 'Access-Control-Allow-Headers' *; } }
|
location 匹配规则
1 2 3 4 5
| 空格:默认匹配,普通匹配 =:精确匹配 ~*:匹配正则表达式,不区分大小写 ~:匹配正则表达式,区分大小写 ^~:以某个字符路径开头
|
https
安装 ssl 模块:http_ssl_module
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
| http { server { listen 443 ssl; server_name ckx.ink; ssl_certificate /etc/tencentssl/1_ckx.ink_bundle.crt; ssl_certificate_key /etc/tencentssl/2_ckx.ink.key; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ssl_prefer_server_ciphers on; add_header Strict-Transport-Security "max-age=31536000"; } }
|