# 指定运行的用户
user nobody nobody;
# 指定启动的进程数(通常设置成和cpu的数量相等)
worker_processes auto;
# 指定打开的最大文件数
worker_rlimit_nofile 51200;
# 全局错误日志
error_log logs/error.log notice;
error_log logs/notice.log notice;
error_log info.log info;
# PID文件(记录当前启动的nginx的进程ID)
pid /var/run/nginx.pid;
# 包含的模块配置目录路径
include /etc/nginx/modules-enabled/*.conf;
# 使用的模型、每个进程能够承载的请求数
events {
use epoll;
worker_connections 51200;
}
# 设定http服务器
http {
# 是否详细显示输出信息
server_tokens off;
# 设定mime类型(邮件支持类型);类型由mime.types文件定义
include mime.types;
# 关闭重定向功能
proxy_redirect off;
# 向后端服务器发送请求的主机名、IP地址、上级代理服务器(用于多级代理中)
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# 限制客户端的上传内容大小
client_max_body_size 20m;
# 设置客户端上传时的缓存内存大小,当大量用户上传时这个数值就不小了
client_body_buffer_size 256k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 128k;
proxy_buffers 4 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
default_type application/octet-stream;
charset utf-8;
# 设置客户端上传时缓存内存不够时,可以存放在物理磁盘上
client_body_temp_path /var/tmp/client_body_temp 1 2;
proxy_temp_path /var/tmp/proxy_temp 1 2;
fastcgi_temp_path /var/tmp/fastcgi_temp 1 2;
uwsgi_temp_path /var/tmp/uwsgi_temp 1 2;
scgi_temp_path /var/tmp/scgi_temp 1 2;
# 忽略无法理解的首部信息
ignore_invalid_headers on;
# 对多个后端服务器名称进行哈希,提高查找效率
server_names_hash_max_size 256;
server_names_hash_bucket_size 64;
client_header_buffer_size 8k;
large_client_header_buffers 4 32k;
connection_pool_size 256;
request_pool_size 64k;
output_buffers 2 128k;
postpone_output 1460;
client_header_timeout 1m;
client_body_timeout 3m;
send_timeout 3m;
# 定义日志记录格式
log_format main '$server_addr $remote_addr [$time_local] $msec+$connection '
'"$request" $status $connection $request_time $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
# 设置打开日志的缓存
open_log_file_cache max=1000 inactive=20s min_uses=1 valid=1m;
access_log logs/access.log main;
log_not_found on;
# 指定nginx是否调用sendfile函数(zero-copy)来输出文件
# 设为on时,降低系统的uptime时间
# 设为off时,平衡磁盘与网络I/O处理速度
sendfile on;
tcp_nodelay on;
tcp_nopush off;
# 连接超时时间
reset_timedout_connection on;
keepalive_timeout 10 5;
keepalive_requests 100;
# gzip压缩开关
gzip on;
gzip_http_version 1.1;
gzip_vary on;
gzip_proxied any;
gzip_min_length 1024;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_proxied expired no-cache no-store private auth no_last_modified no_etag;
gzip_types text/plain application/x-javascript text/css application/xml application/json;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
# 设定实际的服务器列表
upstream servers {
ip_hash;
server 172.16.100.103:8080 weight=1 max_fails=2;
server 172.16.100.104:8080 weight=1 max_fails=2;
server 172.16.100.105:8080 weight=1 max_fails=2;
}
server {
listen 80;
server_name www.wsescape.com;
# 编码格式
charset utf-8;
# 指向webapp的目录
root /data/webapps/htdocs;
# 详细的日志记录
access_log /var/logs/webapp.access.log main;
error_log /var/logs/webapp.error.log notice;
location / {
# 请求网站图标配置
location ~* ^.*/favicon.ico$ {
root /data/webapps;
expires 180d;
break;
}
# 如果请求名不是一个文件,将交给后端的tomcat服务器
if ( !-f $request_filename ) {
proxy_pass http://servers;
break;
}
}
# 错误处理页面(可选择性配置)
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 8088;
server_name nginx_status;
location / {
access_log off;
deny all;
return 503;
}
location /status {
stub_status on;
access_log off;
allow 127.0.0.1;
allow 172.16.100.71;
deny all;
}
}
server {
listen 443 ssl;
server_name www.wsescape.com;
# ssl证书文件位置(常见证书文件格式为:crt/pem)
ssl_certificate cert.pem;
# ssl证书key位置
ssl_certificate_key cert.key;
# ssl配置参数(选择性配置)
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
# 数字签名,此处使用MD5
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root /root;
index index.html index.htm;
}
}
}