0
点赞
收藏
分享

微信扫一扫

Nginx动静分离

杨沐涵 2023-05-08 阅读 135

1、安装依赖

yum -y install gcc gcc-c++ zlib zlib-devel openssl openssl-devel pcre pcre-devel libunwind gperftools

2、编译安装

cd /opt/ \
&& tar xf nginx-1.14.2.tar.gz \
&& cd nginx-1.14.2 \
&& ./configure --prefix=/opt/nginx \
--with-pcre \
--with-http_ssl_module \
--with-http_gzip_static_module \
--with-google_perftools_module \
&& make -j 2 && make install

3、启动并测试

/opt/nginx/sbin/nginx -t  # 测试配置文件
/opt/nginx/sbin/nginx     # 启动nginx
curl  -I http://localhost # 测试

4、配置

# nginx.conf
worker_processes 8;
error_log /opt/nginx/logs/nginx_error.log crit;
pid /opt/nginx/nginx.pid;
google_perftools_profiles  /dev/shm/tcmalloc;
worker_rlimit_nofile 65535;
events{
  use epoll;
  worker_connections 65535;
}

http {
  include mime.types;
  default_type application/octet-stream;
  charset utf-8;
  server_tokens off;
  server_names_hash_bucket_size 128;
  client_header_buffer_size 4k;
  large_client_header_buffers 4 1m;
  client_max_body_size 200m;
  sendfile on;
  tcp_nopush on;
  tcp_nodelay on;
  keepalive_timeout 360;
  keepalive_requests 10000;
  proxy_http_version 1.1;
  open_file_cache max=204800 inactive=20s;
  open_file_cache_min_uses 1;
  open_file_cache_valid 30s;
  proxy_connect_timeout 900;
  proxy_send_timeout 900;
  proxy_read_timeout 900;
  proxy_buffer_size 16k;
  proxy_buffers 4 64k;
  proxy_busy_buffers_size 128k;
  proxy_temp_file_write_size 128k;
  gzip on;
  gzip_min_length 1k;
  gzip_buffers 4 16k;
  gzip_http_version 1.1;
  gzip_comp_level 2;
  gzip_types text/plain text/xml application/x-javascript text/css application/xml;
  gzip_vary on;
  fastcgi_connect_timeout 300;
  fastcgi_send_timeout 300;
  fastcgi_read_timeout 300;
  fastcgi_buffer_size 4k;
  fastcgi_buffers 8 4k;
  fastcgi_busy_buffers_size 8k;
  fastcgi_temp_file_write_size 8k;
  fastcgi_cache_valid 200 302 1h;
  fastcgi_cache_valid 301 1d;
  fastcgi_cache_valid any 1m;
  fastcgi_cache_min_uses 1;
  fastcgi_cache_use_stale error timeout invalid_header http_500;
  fastcgi_param SERVER_NAME $host;
  server_name_in_redirect off;
  add_header "X-UA-Compatible" "IE=EmulateIE8";
  limit_conn_zone $binary_remote_addr zone=dafylimit:10m;
  upstream lnso {
    server 192.168.100.5:8080 weight=3 max_fails=3 fail_timeout=10s;
    server 192.168.100.6:8080 weight=3 max_fails=3 fail_timeout=10s;
  }
  log_format main '$remote_addr - $remote_user [$time_local] "$request"'
                    '$status $body_bytes_sent "$http_referer"'
                    '"$http_user_agent" $http_x_forwarded_for';

  include vhosts/*;
  server {
    listen *:80 default;
    server_name _;
    return 500;
  }
  server {
    listen *:443 default;
    server_name _;
    ssl on;
    ssl_certificate server.crt;
    ssl_certificate_key server.key;
    return 500;
  }
}

5、对外主机

# server-out.conf
server {
  listen 80;
  server_name www.lnso.com;
  index index.htm index.html index.jsp login.htm main.htm foot.htm top.htm mobile.htm;
  root /opt/nginx/html/lnso;
  charset utf-8;
  if (-d $request_filename){
    rewrite ^/(.*)([^/])$ http://$host/$1$2/ permanent;
  }
  location ~ .(do|shtml|html|json|jsp|htm|svl|cdo|dld)?$ {
    proxy_set_header Host $host:$server_port;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass http://lnso;
  }
  location ~ ^/(WEB-INF)/ {
    deny all;
  }
  location ~ .(gif|jpg|jpeg|swf|png|bmp|ioc|rar|zip|txt|flv|mid|doc|ppt|pdf|xls|xlsx|mp3|wma)?$ {
    expires 1d;
  }
  location ~ .(js|css)?$ {
    expires 1h;
  }
  access_log /data/logs/lnso_access main;
  error_log /data/logs/lnso_error ;
}

server {
  listen 443;
  server_name www.lnso.com;
  index index.htm index.html index.jsp login.htm main.htm foot.htm top.htm mobile.htm;
  root /opt/nginx/html/lnso;
  charset utf-8;
  ssl on;
  ssl_certificate server.crt;
  ssl_certificate_key server.key;
  ssl_session_timeout 5m;
  ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
  ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
  ssl_prefer_server_ciphers on;
  location ~ .(do|shtml|html|json|jsp|htm|svl|cdo|dld)?$ {
    proxy_set_header Host $host:$server_port;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass http://lnso;
  }
  location ~ ^/(WEB-INF)/ {
    deny all;
  }
  location ~ .(gif|jpg|jpeg|swf|png|bmp|ioc|rar|zip|txt|flv|mid|doc|ppt|pdf|xls|xlsx|mp3|wma)?$ {
    expires 1d;
  }
  location ~ .(js|css)?$ {
    expires 1h;
  }
  access_log /data/logs/lnso_access main;
  error_log /data/logs/lnso_error ;
}

6、对内主机

# server-in.conf
server {
  listen 80;
  server_name www.lnso.service;
  index index.jsp index.htm index.html index.do login.vm;
  charset utf-8;
  allow 127.0.0.1;
  allow 192.168.0.0/24;
  deny all;
location ~ / {
  add_header Access-Control-Allow-Origin *
  proxy_set_header Host $host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_pass http://lnso;
}
  access_log /data/logs/lnso_access main;
  error_log /data/logs/lnso_error ;
}

举报

相关推荐

0 条评论