nginx 配置管理 - 簡單也複雜

　　因爲涉及到h5與後端交互，跨域問題，因此公司的開放測試服務器讓咱們本身搞nginx。順便提高一下nginx的實踐。

nginx的安裝，沒什麼難度了，百度一堆，若是源碼安裝就一步步來吧。（最簡單的方式：yum install nginx (centos), apt-get install nginx(ubuntu)）

nginx.conf，做爲最外層的配置文件，主要設置一些基礎的配置就行了，如內存配置，日誌格式配置，線程配置等，最後使用一個include conf.d/* 將其餘配置文件包含進來便可。

【nginx.conf 基礎配置】

user  nginx;
worker_processes  auto;

error_log  /data/var/log/nginx/error.log debug;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}

# load modules compiled as Dynamic Shared Object (DSO)
#
#dso {
#    load ngx_http_fastcgi_module.so;
#    load ngx_http_rewrite_module.so;
#}

http {
    include       mime.types;
    default_type  application/octet-stream;
    autoindex off;
    server_tokens off;
        
    server_names_hash_bucket_size 128;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 32k;
    client_max_body_size 20m;
    client_body_buffer_size 256k;
      
    sendfile on;
    tcp_nopush     on;
    keepalive_timeout 60;
    tcp_nodelay on;
  
    fastcgi_connect_timeout 300;
    fastcgi_send_timeout 300;
    fastcgi_read_timeout 300;
    fastcgi_buffer_size 128k;
    fastcgi_buffers 32 256k;
    fastcgi_busy_buffers_size 256k;
    fastcgi_temp_file_write_size 256k;

    gzip  on;
    gzip_disable "msie6";
    gzip_vary on;
    gzip_comp_level 2;
    gzip_min_length 1k;
    gzip_buffers 4 16k;
    gzip_http_version 1.1;
    gzip_types text/plain application/x-javascript text/css application/xml application/javascript;

    log_format main '$request_time $upstream_response_time $remote_addr - $upstream_addr [$time_local] '
    '"$host" "$request" $status $bytes_sent '
    '"$http_referer" "$http_user_agent" "$gzip_ratio" "$http_x_forwarded_for" - "$server_addr" ';

    access_log /data/var/log/nginx/access.log main;

    include conf.d/*.conf;

}

 

【conf.d/*, 具體的域名配置，http://】

upstream 3ctest_x123_com {
    server 192.168.1.103:81;
    keepalive 8;
}
upstream mytest_x123_com {
    server 192.168.1.103:80;
    keepalive 8;
}
upstream 3capi_x123_com {
    server 192.168.1.103:9002;
    keepalive 8;
}
upstream yhapi_x123_com {
    server 192.168.1.103:8089;
    keepalive 8;
}

server {
        listen 80;
        server_name 3ctest.x123.com;
        location / {
                proxy_pass http://3ctest_x123_com;
                proxy_set_header Host $host;
                proxy_redirect off;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_connect_timeout 60;
                proxy_read_timeout 600;
                proxy_send_timeout 600;
        }
}


server {
        listen 80;
        server_name mytest.x123.com;
        location / {
                proxy_pass http://mytest_x123_com;
                proxy_set_header Host $host;
                proxy_redirect off;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_connect_timeout 60;
                proxy_read_timeout 600;
                proxy_send_timeout 600;
                }
}

server {
        listen 80;
        server_name 3capi.x123.com;
        location / {
                proxy_pass http://3capi_x123_com;
                proxy_set_header Host $host;
                proxy_redirect off;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_connect_timeout 60;
                proxy_read_timeout 600;
                proxy_send_timeout 600;
                }
}

server {
        listen 80;
        server_name yhapi.x123.com;
        location / {
                proxy_pass http://yhapi_x123_com;
                proxy_set_header Host $host;
                proxy_redirect off;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_connect_timeout 60;
                proxy_read_timeout 600;
                proxy_send_timeout 600;
                }
}


server {
        listen 80;
        server_name 192.168.1.22;
        location / {
                proxy_pass http://192.168.1.22;
                proxy_set_header Host $host;
                proxy_redirect off;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_connect_timeout 60;
                proxy_read_timeout 600;
                proxy_send_timeout 600;
        }
}

upstream 192.168.1.22 {
    server 192.168.1.22:88;
    keepalive 8;
}

【Https:// 配置】

server {
    listen       443 ssl;
    server_name  wx.mysite1.com;
    ssl         on;
    ssl_certificate /etc/nginx/conf.d/ssl/mysite1.crt;
    ssl_certificate_key /etc/nginx/conf.d/ssl/mysite1.key;
    ssl_session_cache shared:SSL:200m;
    ssl_session_timeout 20m;

    ssl_prefer_server_ciphers on;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;

    location / {
        #proxy_set_header    Host              $http_host;
    
    #proxy_set_header Host $http_host;
    #proxy_set_header X-Forwarded-For $remote_addr;
        
    # online
        #proxy_redirect      http://192.168.1.22/  http://$http_host/;
        #proxy_pass          http://shmc.mysite1.com;

        #proxy_pass          http://192.168.1.22/;
        #index index.html;
        #root /data/www/;

#       if ( $cookie_COOKIE ~* "(.*)$") {
#                set $all_cookie $1;
#        }
#        proxy_set_header Cookie "$http_cookie; node_id=018";

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
    add_header Access-Control-Allow-Origin *;
        proxy_pass          http://192.168.1.22;
        proxy_redirect off;
    }
}

server {
    listen       80;
    server_name  wx.mysite1.com;
    location / {
        proxy_set_header    Host              $host;
        # online
        #proxy_redirect      http://192.168.1.22/  http://$http_host/;
        #proxy_pass          http://shmc.mysite1.com;
        proxy_pass          http://192.168.1.22/;
        #index index.html;
        #root /data/www/;
    }
}

 

　　如上參考，應該能夠解決大部分配置狀況。

　　須要注意的是，nginx做爲反向代理服務器，不少變量須要做特別轉發，如ip地址，有問題能夠先查看日誌，若是語法錯誤，則不會被保存，這個比較好！

　　nginx做爲負載均衡的重要軟件，略加掌握總歸是好的吧。

 

　　其實也不難，可是沒有實戰的談話老是顯得蒼白無力！要作到好也不簡單，一個簡單的優化，可讓你的用戶體驗更好，服務器利用率更高，有得搞！

　　勉勵吧諸君！