给大家一份完整的配置清单
相信大家通过以下配置的注释可以完整的了解部署/负载/ssl证书配置了
如果有用,烦请给点个赞,谢谢~~~
events {
# 服务器最大链接数
worker_connections 1024;
# 设置一个进程是否同时接受多个网络连接,默认为off
multi_accept on;
#事件驱动模型,select|poll|kqueue|epoll|resig|/dev/poll|eventport
#use epoll;
}
http {
# 负载配置 javaApi => 变量名称
# 热备:如果你有2台服务器,当一台服务器发生事故时,才启用第二台服务器给提供服务。服务器处理请求的顺序:AAAAAA突然A挂啦,BBB.....
# upstream javaApi {
# server 192.168.1.1:8080;
# server 192.168.1.2:8080 backup; #热备
# }
# 轮询:nginx默认就是轮询其权重都默认为1,服务器处理请求的顺序:ABABABABAB....
# upstream javaApi {
# server 192.168.1.1:8080;
# server 192.168.1.2:8080;
# }
# 加权轮询:跟据配置的权重的大小而分发给不同服务器不同数量的请求。如果不设置,则默认为1。下面服务器的请求顺序为:ABBABBABBABBABB....
# upstream javaApi {
# server 192.168.1.1:8080 weight=1;
# server 192.168.1.2:8080 weight=2;
# }
# ip_hash:nginx会让相同的客户端ip请求相同的服务器。
# upstream javaApi {
# server 192.168.1.1:8080;
# server 192.168.1.2:8080;
# ip_hash;
# }
# max_fails/fail_timeout 一般会配合使用
# upstream javaApi {
# server 192.168.1.1:8080 max_fails=2 fail_timeout=30s;
# server 192.168.1.2:8080 max_fails=2 fail_timeout=30s;
# }
upstream javaApi {
server 192.168.1.1:8001 weight=1 max_fails=2 fail_timeout=30s;
server 192.168.1.2:8001 weight=1 max_fails=2 fail_timeout=30s;
server 192.168.1.3:8001 weight=1 max_fails=2 fail_timeout=30s;
ip_hash;
}
include mime.types;
default_type application/octet-stream;
# log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
# 自定义格式
log_format myFormat '$remote_addr–$remote_user [$time_local] $request $status $body_bytes_sent $http_referer $http_user_agent $http_x_forwarded_for';
access_log /usr/local/nginx/logs/access.log myFormat;
# 允许sendFile传输文件
sendfile on;
#tcp_nopush on;
# 每个进程每次调用传输数量不能大于设定的值,默认为0,即不设上限。
# sendfile_max_chunk 100k;
keepalive_timeout 65;
# 开启gzip
gzip on;
# 启用gzip压缩的最小文件,小于设置值的文件将不会压缩
gzip_min_length 1k;
# gzip 压缩级别,1-10,数字越大压缩的越好,也越占用CPU时间,后面会有详细说明
gzip_comp_level 7;
# 进行压缩的文件类型。javascript有多种形式。其中的值可以在 mime.types 文件中找到。
gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
# 是否在http header中添加Vary: Accept-Encoding,建议开启
gzip_vary on;
# 禁用IE 6 gzip
gzip_disable "MSIE [1-6]\.";
# 设置上传文件大小
client_max_body_size 100M;
server {
listen 80;
server_name baidu.com;
charset urf-8;
#告诉浏览器有效期内只准用 https 访问
add_header Strict-Transport-Security max-age=15768000;
#临时重定向到 https 站点
return 307 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name baidu.com;
charset urf-8;
# ssl on;
ssl_certificate /usr/local/nginx/ssl/xxxxxxxx_baidu.com.pem;
ssl_certificate_key /usr/local/nginx/ssl/xxxxxxxx_baidu.com.key;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
root /data/web/factory/;
index index.html index.htm;
if ( !-e $request_filename ) {
rewrite ^/(.*) /index.html last;
break;
}
}
# 设置前端静态资源文件夹路径
location /static/{
alias /data/web/factory/static/;
}
# 设置微信业务域名配置文件
location /xxxxxxxxxxxxx.txt{
alias /usr/local/nginx/wechat/xxxxxxxxxx.txt;
}
# 服务端api转发
location ~ (/api/|/aiApi/) {
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream http_502 http_504 error timeout invalid_header;
proxy_pass http://javaApi;
}
}
}