前言 Nginx配置文件学习笔记
配置文件
可以直接在/etc/nginx/nginx.conf核心配置文件中添加server块
也可以/etc/nginx/nginx.conf核心配置文件中通过include /etc/nginx/sites-enabled/*;引入子配置文件,再在子配置文件中添加server块
在核心配置文件中配置站点 默认核心配置文件 /etc/nginx/nginx.conf 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 #user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; server { listen 80; server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; location / { root html; index index.html index.htm; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server # #server { # listen 443 ssl; # server_name localhost; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #} }
在子配置文件中配置站点 默认核心配置文件 /etc/nginx/nginx.conf 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 user www-data; worker_processes auto; pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf; events { worker_connections 768; # multi_accept on; } http { ## # Basic Settings ## sendfile on; tcp_nopush on; types_hash_max_size 2048; # server_tokens off; # server_names_hash_bucket_size 64; # server_name_in_redirect off; include /etc/nginx/mime.types; default_type application/octet-stream; ## # SSL Settings ## ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE ssl_prefer_server_ciphers on; ## # Logging Settings ## access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; ## # Gzip Settings ## gzip on; # gzip_vary on; # gzip_proxied any; # gzip_comp_level 6; # gzip_buffers 16 8k; # gzip_http_version 1.1; # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; ## # Virtual Host Configs ## include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; } #mail { # # See sample authentication script at: # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript # # # auth_http localhost/auth.php; # # pop3_capabilities "TOP" "USER"; # # imap_capabilities "IMAP4rev1" "UIDPLUS"; # # server { # listen localhost:110; # protocol pop3; # proxy on; # } # # server { # listen localhost:143; # protocol imap; # proxy on; # } #}
创建子配置文件 1 touch /etc/nginx/sites-enabled/<file>.conf
默认子配置文件 /etc/nginx/sites-enabled/default 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 server { listen 80 default_server; listen [::]:80 default_server; # SSL configuration # # listen 443 ssl default_server; # listen [::]:443 ssl default_server; # # Note: You should disable gzip for SSL traffic. # See: https://bugs.debian.org/773332 # # Read up on ssl_ciphers to ensure a secure configuration. # See: https://bugs.debian.org/765782 # # Self signed certs generated by the ssl-cert package # Don't use them in a production server! # # include snippets/snakeoil.conf; root /var/www/html; # Add index.php to the list if you are using PHP index index.html index.htm index.nginx-debian.html; server_name _; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ =404; } # pass PHP scripts to FastCGI server # #location ~ \.php$ { # include snippets/fastcgi-php.conf; # # # With php-fpm (or other unix sockets): # fastcgi_pass unix:/run/php/php7.4-fpm.sock; # # With php-cgi (or other tcp sockets): # fastcgi_pass 127.0.0.1:9000; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} }
配置反向代理 HTTP 1 2 3 4 5 6 7 8 server { listen <port>; server_name <domain>; location / { proxy_pass http://<ip_other>:<port_other>; } }
HTTPS 1 2 3 4 5 6 7 8 9 10 11 server { listen 443 ssl; server_name <domain>; ssl_certificate <file>.pem; ssl_certificate_key <file>.key; location / { proxy_pass http://<ip_other>:<port_other>; } }
WebSocket 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 server { listen <port>; server_name <domain>; location / { proxy_pass http://<ip_other>:<port_other>; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_read_timeout 120s; proxy_set_header Upgrade websocket; proxy_set_header Connection Upgrade; } }
配置动静分离 1 2 3 4 5 6 7 8 9 10 11 12 13 server { listen <port>; server_name <domain>; location /www/ { root html/data/; index index.html index.htm; } location /img/ { root html/data/; autoindex on; } }
配置错误页面
error_page:配置错误页面
404:错误代码/404.html:错误页面的URL访问路径
1 2 3 4 5 6 7 8 server { listen <port>; server_name <domain>; root html; error_page 404 /404.html; }
配置负载均衡 轮询(默认) 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 http { upstream myserver { server 127.0.0.1:8080; server 127.0.0.1:8081; } server { listen 8080; server_name <domain>; location / { ... proxy_pass http://myserver; proxy_connect_timeout 10; } } server { listen 8081; server_name <domain>; location / { ... proxy_pass http://myserver; proxy_connect_timeout 10; } } }
权重
weight代表权重,默认为1,权重越高被分配的客户端越多
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 http { upstream myserver { server 127.0.0.1:8080 weight=1; server 127.0.0.1:8081 weight=1; } server { listen 8080; server_name <domain>; location / { ... proxy_pass http://myserver; proxy_connect_timeout 10; } } server { listen 8081; server_name <domain>; location / { ... proxy_pass http://myserver; proxy_connect_timeout 10; } } }
IP哈希
每个请求根据ip的hash结果分配资源,这样每个访客固定访问一个后端服务器,可以解决seccion问题
由于IP进行hash计算,则可能出现多个用户同时绑定一台服务器的效果,导致负载不均衡,如果绑定的同一台服务器宕机,则直接影响用户使用
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 http { upstream myserver { ip_hash; server 127.0.0.1:8080; server 127.0.0.1:8081; } server { listen 8080; server_name <domain>; location / { ... proxy_pass http://myserver; proxy_connect_timeout 10; } } server { listen 8081; server_name <domain>; location / { ... proxy_pass http://myserver; proxy_connect_timeout 10; } } }
fair(第三方)
按后端服务器的响应时间来分配请求,响应时间短的优先分配
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 http { upstream myserver { server 127.0.0.1:8080; server 127.0.0.1:8081; fair; } server { listen 8080; server_name <domain>; location / { ... proxy_pass http://myserver; proxy_connect_timeout 10; } } server { listen 8081; server_name <domain>; location / { ... proxy_pass http://myserver; proxy_connect_timeout 10; } } }
其他参数
down:手动设置为已关闭的主机bachup:设置为备用机。正常情况下,该服务器不会为用户提供服务。但是当服务器宕机,或者服务器正忙时,才会访问该服务器。max_fails:最大失败次数fail_timeout:失败重试间隔。如果访问不同,则60s之内,不会再次访问故障机
1 2 3 4 5 6 7 http { upstream myserver { server 127.0.0.1:8080 down; server 127.0.0.1:8081 backup; server 127.0.0.1:8082 max_fails=1 fail_timeout=60s;; } }
location块的正则表达式
正则表达式
备注
=
用于不含正则表达式的URI前,要求请求字符串与URI严格匹配,如果匹配成功,就停止继续向下搜索并立即处理该请求
~
用于表示URI包含正则表达式,并且区分大小写
~*
用于表示URI包含正则表达式,并且不区分大小写
^~
用于不含正则表达式的URI前,要求Nginx服务器找到标识URI和请求字符串匹配度最高的location后,立即使用此location处理请求,而不再使用location块中的正则URI和请求字符串做匹配
完成 参考文献 哔哩哔哩——尚硅谷官方 CSDN——j510924 博客园——宅小涛