Nginx Web反向代理服务器的配置
NGINX版本
nginx/1.18.0
编译参数
–前缀= / usr / local / nginx \
–用户=没人 \
–组=没人 \
–with-http_stub_status_module \
–与-http_ssl_module \
–与-http_v2_module \
–与-http_gzip_static_module \
–与-http_sub_module \
–流式 \
–with-stream_ssl_module \
–with-openssl=/usr/local/openssl-1.1.1c \
–with-openssl-opt='enable-tls1_3 enable-weak-ssl-ciphers’ \
–与-http_flv_module \
–与-http_mp4_module \
–与-http_realip_module \
–with-cc-opt=-DTCP_FASTOPEN=23 \
–with-file-aio \
–添加模块=/usr/local/nginx-ct \
–添加模块=/usr/local/ngx_brotli/ \
–添加模块=/usr/local/nginx_upstream_check \
–http-client-body-temp-path=/var/tmp/nginx/client/ \
–http-proxy-temp-path=/var/tmp/nginx/proxy \
–不带-mail_pop3_module \
–不带-mail_imap_module \
–不带-mail_smtp_module \
–没有-http_uwsgi_module \
–没有-http_scgi_module
nginx.conf 的 HTTP 部分
http
{
包括 mime.types;
default_type 应用程序/八位字节流;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32ķ;
client_max_body_size 5m;
发送文件;
tcp_nopush 开启;
keepalive_timeout 15;
tcp_nodelay 开启;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64ķ;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 256k;
包括vhost / *。conf;
上游http {
服务器IP:80;
检查间隔=3000 上升=2 下降=4 超时=1000;
}
上游 https {
服务器IP:443;
检查间隔=3000 上升=2 下降=4 超时=1000;
}
}
HTTP 协议参数
服务器 {
听 80;
server_name 域 www.domain;
#字符集 koi8-r;
#access_log 日志/host.access.log 主要;
位置 / {
proxy_pass http://http;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect 关闭;
}
}
HTTPS协议参数
proxy_cache_path /../path/../domain/static 级别=1:2 键区=本地缓存:100m inactive=1d use_temp_path=off max_size=2g;
服务器 {
server_name 域 www.domain;
听 443 ssl http2;
ssl_certificate /../path/../nginx/conf/certificate/domain.crt;
ssl_certificate_key /../path/../nginx/conf/certificate/domain.key;
ssl_session_cache 共享:SSL:18米;
ssl_session_timeout 20m;
ssl_session_tickets 开启;
ssl_ciphers “ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:AND-RSA-AES256-GCM-SHA384:AND-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AND-RSA-AES256-SHA256:AND-RSA-AES128-SHA256:AND-RSA-AES256-SHA:AND-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:高的:!空值:!eNULL:!出口:!的:!MD5:!PSK:!RC4”;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
#字符集 koi8-r;
#access_log 日志/host.access.log 主要;
位置 / {
proxy_pass https://https;
#proxy_set_header 主机 $http_host;
proxy_set_header 主机 $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect 关闭;
}
位置~ .*.(mp3|gif|jpg|JPEG格式|bmp|PNG|ico|文本|js|css|woff2|woff|ttf|svg|eot)$ {
proxy_pass https://https;
代理缓存本地缓存;
proxy_cache_key $uri$is_args$args;
add_header X-Cache $upstream_cache_status;
proxy_cache_valid 200 30d;
proxy_cache_valid 301 302 30d;
#proxy_cache_valid 任意 1m;
30天到期;
}
access_log /../path/../domain.log;
}