Nginx 4年前

Nginx 七层最佳配置

作者头像 刘宇帅
3010 0 
server {
    listen      80 default_server;
    server_name www.youname.com youname.com;
    charset     utf-8;
     rewrite ^(.*)$  https://www.youname.com;

}
server {
    listen 443 default ssl;

    server_name www.youname.com youname.com;
    root       /home/work/youname/public;
    index       index.php index.html index.htm;
    charset     utf-8;

    ssl_certificate /etc/nginx/conf.d/cert/youname.pem;
    ssl_certificate_key /etc/nginx/conf.d/cert/youname.key;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;

    gzip on;
    gzip_min_length 1k;
    gzip_comp_level 1;
    gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png application/vnd.ms-fontobject font/ttf font/opentype font/x-woff image/svg+xml;
    gzip_vary on;
    gzip_disable "MSIE [1-6]\.";
    gzip_buffers 32 4k;
    gzip_http_version 1.0;
    location ~* ^.+\.(ico|gif|jpg|jpeg|png)$ {
        access_log   off;
        expires      2d;
    }

    location ~* ^.+\.(css|js|txt|xml|swf|wav)$ {
        access_log   off;
        expires      24h;
    }

    location ~* ^.+\.(html|htm)$ {
        expires      1h;
    }

    location ~* ^.+\.(eot|ttf|otf|woff|svg)$ {
        access_log   off;
        expires max;
    }

    if ($time_iso8601 ~  "^(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2})") {
        set $year $1;
        set $month $2;
        set $day $3;
        set $hour $4;
        set $minutes $5;
        set $seconds $6;
    }
    access_log /var/log/nginx/youname-$year-$month-$day-access.log access;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ \.php$ {
        try_files     $uri =404;

        fastcgi_pass  127.0.0.1:9000;
        fastcgi_index /index.php;

        include fastcgi_params;
        fastcgi_split_path_info       ^(.+\.php)(/.+)$;
        fastcgi_param PATH_INFO       $fastcgi_path_info;
        fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }

    location ~ /\.ht {
        deny all;
    }
}
作者头像

刘宇帅

非著名程序员,全栈开发工程师,长期专注系统开发与架构设计。

打赏

提示

功能待开通!

0条评论
未登录
暂无评论~

相关文章

浏览器报错 net::ERR_INCOMPLETE_CHUNKED_ENCODING

nginx服务器返回200但是浏览器报错 net::ERR_INCOMPLETE_CHUNKED_ENCODING 原因是nginx在获得后端服务器返回数据时,数据过大需要存在临时文件中,但是当前运行nginx用户,没有该文件的读写权限 导致的。 如何证实 可以查看nginx的日志,会有以下类似错误 2018/03/22 16:11:35 [crit] 9519#0: *339625 open() "/var/lib/nginx/tmp/fastcgi/5/02/0000000025" failed 很明显,nginx无法写/var/lib/nginx/tmp/fastcgi/5/02/000

Nginx 路由匹配

模式 含义 location = /uri = 表示精确匹配只有完全相等才会匹配成功 location ^~ /uri ^~ 表示对路由进行前缀匹配 location ~ /uri ~ 表示对路由进行正则匹配 location ~* /uri ~* 表示对路由进行不区分大小写的正则匹配 location /uri 不带任何修饰符也表示前缀匹配 location / 默认匹配,任何没有匹配到的uri 多个 location 配置的情况下匹配顺序为(匹配到某一等级就结束,同一规则时匹配长度长的优先): 首先精确匹配 = 其次前缀匹配 ^~ 其次是按文件中顺

Nginx日志配置推荐

推荐日志配置 log_format main 'remote_addr=[$remote_addr] http_x_forward=[$http_x_forwarded_for] time=[$time_local] request=[$request] ' 'status=[$status] byte=[$bytes_sent] elapsed=[$request_time] upstream_connect_time=[$upstream_connect_time] upstream_response_time=[$upstream_response_time] '

Nginx 反向代理常见问题汇总与解决方案

在使用 Nginx 做反向代理时,经常会遇到一些看似莫名其妙的问题,比如返回 502 错误、路径出错、真实 IP 丢失等等。本文总结了开发和部署中最常见的 Nginx 反向代理问题,并给出对应的排查和解决方案,帮助你快速定位和修复问题。 目录 一、502 Bad Gateway 二、路径拼接异常 三、获取不到真实客户端-IP 四、跨域请求失败 五、WebSocket 无法正常工作 六、请求体过大导致-413-错误 七、反向代理跳转失效 八、HTTPS-代理配置问题 九、文件下载异常或中断 十、缓存未生效或生效异常 总结 一、502 Bad Gateway 这个错误意味着 Nginx 无法成

Nginx 四层最佳配置

stream { log_format proxy 'time=[$time_local] remote_addr=[$remote_addr]' ' protocol=[$protocol] status=[$status] byte_send=[$bytes_sent] byte_received=[$bytes_received] ' 'session_time=[$session_time] upstream_addr=[$upstream_addr] ' 'upstream_