#服务运行用户
user sysadmin www;
#工作进程数
worker_processes 4;
#错误日志位置
error_log /data/sysadmin/service_logs/nginx/error.log notice;
#PID位置
pid /var/run/nginx.pid;
#文件句柄打开
worker_rlimit_nofile 65535;
#
events {
use epoll;
worker_connections 20480;
}
#
http {
include mime.types;
default_type application/octet-stream;
log_format main '$time_local $status $request_time $upstream_response_time $remote_addr $upstream_addr $server_addr $host '
'"$bytes_sent" "$request_body" "$request" "$request_body" "$http_referer" "$http_user_agent" "$gzip_ratio" "$proxy_add_x_forwarded_for"';
access_log off;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 8m;
sendfile on;
tcp_nopush on;
tcp_nodelay off;
server_tokens off;
underscores_in_headers on;
more_set_headers "Server: name2.0";
more_clear_headers 'X-Powered-By';
#fastcgi全局配置参数
fastcgi_connect_timeout 15s;
fastcgi_send_timeout 15s;
fastcgi_read_timeout 15s;
#fastcgi buffer
fastcgi_buffer_size 128k;
fastcgi_buffers 8 128k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 128k;
#proxy全局配置参数
proxy_redirect off;
# proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#代理buffer
proxy_buffering on;
proxy_buffer_size 128k;
proxy_buffers 8 128k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 256k;
proxy_temp_path /dev/shm;
#客户端保持时长
keepalive_timeout 60;
#代理容借
#proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
#代理超时
proxy_connect_timeout 20s;
proxy_read_timeout 20s;
proxy_send_timeout 20s;
#压缩方式
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
##
##Nginx Status
##
server {
listen 0.0.0.0:80;
server_name _;
location /nginx_status {
stub_status on;
access_log off;
allow 192.168.39.42/32;
allow 10.0.0.0/8;
deny all;
}
}
resolver 192.168.2.180 192.168.2.182;
#limit_zone crawler $binary_remote_addr 10m;
include /data/sysadmin/service_deploy_data/collect/nginx_conf/vhosts/*.conf;
include vhosts/*.conf;
}
当web服务器收到静态的资源文件请求时,依据请求文件的后缀名在服务器的MIME配置文件中找到对应的MIME Type,再根据MIME Type设置HTTP Response的Content-Type,然后浏览器根据Content-Type的值处理文件。
对应项目名放置在conf下面,保存为conf文件
server {
listen 443;
server_name test.com;
default_type "text/html";
index index-dev.php index.html;
root /data/sysadmin/service_deploy_data/c2-hd-webplat/api.jpush.cn;
charset utf-8;
autoindex on;
client_max_body_size 10m;
ssl on;
ssl_certificate /usr/local/openresty/nginx/conf/server.crt;
ssl_certificate_key /usr/local/openresty/nginx/conf/server.key;
#安全限制
location ~* .(sql|bak|inc|old)$ { return 403; }
#目录重定向
try_files $uri /index.php/$uri?$args;
#php处理
location ~ [^/].php(/|$) {
fastcgi_split_path_info ^(.+.php)(.*)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_temp_path /dev/shm;
include fastcgi_params;
}
access_log /data/sysadmin/service_logs/nginx/api.jpush.cn_access.log main;
}
或者
server {
listen 80;
#server_name ~^(client.)?(w+.)?(w+).api.domain.com$;
server_name ~^(w+.)?(w+).api.domain.com$;
index index.php;
charset utf-8;
autoindex off;
#
fastcgi_next_upstream error timeout invalid_header http_500 http_503;
#内部rewrite
rewrite ^/(.*)$ /index-test.php/$1 last;
#匹配PHP
location ~ .+.php($|/) {
set $document_roots /data/sysadmin/service_deploy_data/c2-hd-webplat/$host;
fastcgi_split_path_info ^(.+.php)(.*)$;
fastcgi_pass fastcgi_backend;
fastcgi_keep_conn on;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_roots$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_temp_path /dev/shm;
include fastcgi_params;
}
#
access_log /data/sysadmin/service_logs/nginx/${host}_access.log main;
}
-
sql防注入:
local quoted_value = ndk.set_var.set_quote_sql_str(value) local quoted_value = ngx.quote_sql_str(value) -
404定向到一个指定的url:
server{
server_name b.com ;
listen xxxx;
error_page 404 /404_fallback;
......
location = /404_fallback{
rewrite ^(.*)$ http://a.com/;
}
}
- 区分不同协议:
location / {
content_by_lua_block {
if ngx.var.request_uri == '/fastcgi' then
ngx.exec('/@fastcgi')
else
ngx.exec('@http')
end
}
}
location @http {
proxy_pass http://backend/;
}
location @fastcgi {
fastcgi_pass fastcgi_backend;
}
laravel的nginx配置
server {
listen 80;
server_name base.api.axd.com;
root /data/php/gitlab.aixiangdao.com/base.api/public;
index index.html index.htm index.php;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ .php$ {
fastcgi_split_path_info ^(.+.php)(/.+)$;
#fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /.(?!well-known).* {
deny all;
}
}