[root@iz2ze5z0d8136j0jxlfs5tz ~]# vim /usr/local/nginx/conf/nginx.conf
#
user nginx nginx;
worker_processes 4; # 进程数
worker_rlimit_nofile 65536; #每个进程最大文件打开数
error_log logs/error.log;
pid logs/nginx.pid;
events {
use epoll; #设定事件处理模型优化
worker_connections 51200; #每个work进程的最大连接数。
}
http {
include mime.types;
default_type application/octet-stream;
charset utf-8;
server_tokens off;
server_names_hash_max_size 1024;
server_names_hash_bucket_size 1024;
# 下面是数据库目录
geoip2 /usr/local/nginx/mmdb/GeoLite2-City.mmdb {
$geoip2_country_code default=None country iso_code;
$geoip2_country_name default=None country names en;
$geoip2_city_name default=None city names en;
}
log_format main
'[$geoip2_country_name/$geoip2_city_name] '
'$remote_addr $http_x_forwarded_for [$time_iso8601] '
'$scheme $host $request_uri $status $http_referer "$http_user_agent"';
sendfile on; #使用sendfile系统调用
#tcp_nopush on; #启用tcp_cork,累计到一定大小就会发送
tcp_nodelay on; #禁用Nagle算法,200ms
keepalive_timeout 30s 30s; #长链接超时时间
keepalive_requests 1024; #长链接计数器
gzip on;
gzip_min_length 1k;
gzip_buffers 16 8k;
gzip_comp_level 9;
gzip_proxied any;
gzip_http_version 1.1;
gzip_types text/plain application/json application/javascript application/x-javascript text/css text/htm application/xml;
client_header_timeout 1m; # 客户端请求头的超时时间,若超过则返回408.
client_body_timeout 1m; #客户端请求主体超时时间。
client_max_body_size 20200m; #上传文件大小限制
client_body_buffer_size 256k;
client_body_temp_path /usr/local/nginx/client_body_temp;
client_header_buffer_size 1k;
send_timeout 1m;
connection_pool_size 256;
large_client_header_buffers 8 4k;
request_pool_size 4k;
output_buffers 4 32k;
postpone_output 1460;
proxy_temp_path /usr/local/nginx/proxy_temp;
proxy_headers_hash_max_size 51200;
proxy_headers_hash_bucket_size 6400;
fastcgi_temp_path /usr/local/nginx/fastcgi_temp;
fastcgi_intercept_errors on;
proxy_cache_path /usr/local/nginx/cache levels=1:2 keys_zone=one:10m max_size=1g use_temp_path=off inactive=1m;
limit_req_zone $binary_remote_addr zone=auth:20m rate=1r/m;
#ip访问跳转502
#server {
# listen 80;
# server_name 182.92.86.226;
# add_header 'Cache-Control' 'no-cache';
# add_header 'Access-Control-Allow-Origin' '*';
# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
# add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
# location / {
# return 502 '';
# index index.html;
# root html/lvyou_dist;
# }
# location /looklookwodeip {
# default_type text/plain;
# return 200 '$remote_addr';
# }
#}
#php监控ganglia
server {
listen 80;
server_name _;
location /ganglia {
proxy_pass http://127.0.0.1:8080;
}
location ~ ^/(|fonts|img|css|js) {
root html/www.github.org.cn/;
index index.html;
}
location ~ ^/[0-9a-zA-Z_]+ {
proxy_pass http://127.0.0.1:9023;
}
}
server {
listen 443 http2 ssl;
server_name _;
access_log logs/_access.log main;
error_log logs/_error.log;
# ssl on;
ssl_certificate /usr/local/nginx/ssl_keys/github.org.cn/full_chain.pem;
ssl_certificate_key /usr/local/nginx/ssl_keys/github.org.cn/private.key;
# ssl_trusted_certificate /usr/local/nginx/ssl_keys/github.org.cn/chain.pem;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_http_version 1.1;
proxy_connect_timeout 4s;
proxy_read_timeout 30s;
proxy_send_timeout 12s;
location /ganglia {
proxy_pass http://127.0.0.1:8080;
}
location ~ ^/(|fonts|img|css|js) {
root html/www.github.org.cn/;
index index.html;
}
location ~ ^/[0-9a-zA-Z_]+ {
proxy_pass http://127.0.0.1:9023;
}
}
# 导入虚拟主机的配置文件
include /usr/local/nginx/conf.d/*.conf;
}