admin/geedge-jira
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
795018e8e5791cb6edc865b1b4920fcd1294f457
geedge-jira/attachment/37057/22-07-nginx+.conf

197 lines
6.8 KiB
Plaintext
Raw Normal View History

add attachments
2025-09-14 22:00:20 +00:00
#跟cpu内核数有关(据实践表明nginx的这个参数在一般情况下开4个或8个就可以了再往上开的话优化不太大)
worker_processes 32;
error_log /opt/tsg-2207/cm/nginx/log/error.log;
#error_log /opt/tsg-2207/cm/nginx/log/error.log notice;
#error_log /opt/tsg-2207/cm/nginx/log/error.log info;
#工作模式及连接数上限
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
proxy_intercept_errors on;
fastcgi_intercept_errors on;
server_names_hash_bucket_size 128;
client_header_buffer_size 128k;
large_client_header_buffers 8 128k;
client_max_body_size 1200m;
client_body_buffer_size 128k;
proxy_connect_timeout 600;
proxy_read_timeout 1800;
proxy_send_timeout 1800;
proxy_buffer_size 16k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"' '"$upstream_addr"' '"$upstream_response_time"';
access_log /opt/tsg-2207/cm/nginx/log/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
#keepalive_timeout 0;
keepalive_timeout 65;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_comp_level 8;
gzip_http_version 1.1;
gzip_types text/plain application/x-javascript text/css application/xml text/javascript image/jpeg image/gif image/png application/x-font-opentype application/x-font-ttf application/javascript application/octet-stream;
gzip_vary on;
proxy_temp_path /usr/local/nginx/nginx_cache/proxy_temp_path;
proxy_cache_path /usr/local/nginx/nginx_cache/proxy_cache_path levels=1:2 keys_zone=cache_one:200m inactive=1d max_size=30g;
vhost_traffic_status_zone;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream bifang {
ip_hash;
server 10.224.11.249:8080 weight=5;
}
server {
listen 80;
server_name 10.224.11.1;
#将请求转成https
rewrite ^(.*)$ https://$host:443$1 permanent;
}
server {
listen 443 ssl;
server_name 10.224.11.1;
#ssl on;
#配置共享会话缓存大小,视站点访问情况设定
ssl_session_cache shared:SSL:10m;
#配置会话超时时间
ssl_session_timeout 10m;
#设置长连接
keepalive_timeout 70;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_comp_level 8;
gzip_http_version 1.1;
gzip_types text/plain application/x-javascript text/css application/xml text/javascript image/jpeg image/gif image/png application/x-font-opentype application/x-font-ttf application/javascript application/octet-stream;
gzip_vary on;
#HSTS策略
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
#证书文件
ssl_certificate /opt/tsg-2207/cm/nginx/ssl/tsg-entity-for-e21.crt;
#私钥文件
ssl_certificate_key /opt/tsg-2207/cm/nginx/ssl/tsg-entity-for-e21.key;
#优先采取服务器算法
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#定义算法
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
#减少点击劫持
add_header X-Frame-Options DENY;
#禁止服务器自动解析资源类型
add_header X-Content-Type-Options nosniff;
#防XSS攻擊
add_header X-Xss-Protection 1;
#if ( $request_uri ~* /filedownload/ ){
# return 302 http://$host$request_uri;
#}
location / {
root /opt/tsg-2207/cm/nginx/html;
try_files $uri $uri/ /index.html last;
index index.html index.htm;
#后端的Web服务器可以通过X-Forwarded-For获取用户真实IP
client_max_body_size 1200m; #允许客户端请求的最大单文件字节数
client_body_buffer_size 128k; #缓冲区代理缓冲用户端请求的最大字节数,
proxy_connect_timeout 600; #nginx跟后端服务器连接超时时间(代理连接超时)
proxy_send_timeout 1800; #后端服务器数据回传时间(代理发送超时)
proxy_read_timeout 1800; #连接成功后,后端服务器响应时间(代理接收超时)
proxy_buffer_size 16k; #设置代理服务器nginx保存用户头信息的缓冲区大小
proxy_buffers 4 32k; #proxy_buffers缓冲区网页平均在32k以下的话这样设置
proxy_busy_buffers_size 64k; #高负荷下缓冲大小proxy_buffers*2
proxy_temp_file_write_size 64k; #设定缓存文件夹大小大于这个值nginx会先将文件写入“proxy_temp_path ”缓存目录
#nginx 加密配置
#auth_basic "Restricted Content";
#auth_basic_user_file /opt/tsg/cm/nginx/htpasswd;
}
location /v1/stat/asset/healthy {
proxy_pass https://10.224.11.248;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Authorization bca6b0a7-405b-4201-8a0c-675afa09e1d9;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
rewrite "^(.*)v1(.*)$" /$1$2?modelId=5&children=1 break;
}
location /v1/ {
proxy_pass http://bifang/v1/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_cookie_path /v1 /;
}
location /status {
stub_status on;
vhost_traffic_status_display;
vhost_traffic_status_display_format html;
allow 127.0.0.1;
}
location /v2/ {
proxy_pass http://bifang/v2/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cookie_path /v2 /;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
Reference in New Issue Copy Permalink