安装
-
yum install -y gcc pcre pcre-devel zlib zlib-devel openssl openssl-devel
gcc是linux下的编译器
使用pcre来解析正则表达式
使用zlib对http包的内容进行gzip
openssl用于支持https
-
tar -zxvf nginx-version.tar.gz
-
cd NGINX_HOME
-
useradd nginx ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-threads --with-http_ssl_module make make install
nginx.conf配置
静态资源配置
# root形式
location /image/ {
root /opt/nginx/static;
}
# 可以位于http,server,location块中
# root 会将定义路径与 URI 叠加
# 当用户访问 www.test.com/image/1.png 时,实际在服务器找的路径是 /opt/nginx/static/image/1.png
# alias形式
location /image/ {
alias /opt/nginx/static/;
}
# 只能位于location 中
# alias只取定义路径
# alias末尾必须添加 /
# 当用户访问 www.test.com/image/1.png 时,实际在服务器找的路径是 /opt/nginx/static/1.png
# autoindex
# 可搭建静态资源下载网站
location /download/ {
root /opt/source;
autoindex on; # 打开 autoindex
autoindex_exact_size off; # 以KB、MB、GB显示文件大小
autoindex_format html; # 以html的方式进行格式化,可选参数有 html | json | xml
autoindex_localtime off; # 显示的⽂件时间为GMT时间
}
动态资源配置
location /api/ {
proxy_pass http://localhost:8080/;
}
# proxy_pass后缀带斜杆
# 当用户访问 www.test.com/api/test 时, 代理为http://localhost:8080/test
缓存机制
UPSTREAM
http {
upstream backend {
# max_conns限流用
server a.example.com max_conns=5;
server b.example.com max_conns=5;
}
}
优化配置
worker_processes auto;
worker_cpu_affinity auto;
worker_rlimit_nofile 65535;
events {
use epoll;
worker_connections 65535;
}
http {
server_tokens off;
client_max_body_size 5m;
tcp_nopush on;
etag off;
gzip on;
# 压缩比率 1-9
gzip_comp_level 6;
gzip_vary on;
server {
# 防盗链
valid_rederers *.*.com *.*.com;
if($invalid_referer){
return 403;
}
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
send_timeout 300;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
# X-Forwarded-For: client1, proxy1, proxy2
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto $scheme;
# 配置 websocket 支持
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
location / {
expires
}
}
}
日志切割
# 放在nginx logs目录下
pid="`cat nginx.pid`"
date_dir="`date +%Y%m`"
[ -d $date_dir ]||mkdir -p $date_dir
access_log_name="access_`date +%Y%m%d`.log"
error_log_name="error_`date +%Y%m%d`.log"
mv access.log $date_dir/$access_log_name
mv error.log $date_dir/$error_log_name
kill -USR1 $pid
crontab -e
0 0 * * * sh /usr/local/nginx/logs/cut.sh