Nginx代理服务器配置参数详解及优化

一、常用参数解析

1. 核心代理参数

2. 超时控制参数

3. 缓冲与缓存参数

4. 请求头处理

二、配置方法对比

基础配置示例

# 基础反向代理
location /api/ {
    proxy_pass http://backend_server;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
}

# 负载均衡配置
upstream backend {
    server 192.168.1.101:8080 weight=3;
    server 192.168.1.102:8080;
    server 192.168.1.103:8080 backup;
    
    # 负载均衡算法
    # least_conn;  # 最少连接
    # ip_hash;     # IP哈希
    # hash $request_uri;  # URI哈希
}

location / {
    proxy_pass http://backend;
}

优化配置示例

location / {
    proxy_pass http://backend;
    
    # 超时控制优化
    proxy_connect_timeout 30s;
    proxy_send_timeout 30s;
    proxy_read_timeout 60s;
    
    # 缓冲优化
    proxy_buffering on;
    proxy_buffer_size 4k;
    proxy_buffers 8 4k;
    proxy_busy_buffers_size 8k;
    proxy_temp_file_write_size 16k;
    
    # 请求头优化
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Port $server_port;
    
    # 连接优化
    proxy_http_version 1.1;
    proxy_set_header Connection "";
    
    # 缓存控制
    proxy_cache my_cache;
    proxy_cache_key "$scheme$request_method$host$request_uri";
    proxy_cache_valid 200 302 10m;
    proxy_cache_valid 404 1m;
    
    # 错误处理
    proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
    proxy_intercept_errors on;
}

三、常用操作命令

1. 基本操作

# 检查配置语法
nginx -t

# 重新加载配置（平滑重启）
nginx -s reload

# 停止Nginx
nginx -s stop

# 重新打开日志文件
nginx -s reopen

2. 进程管理

# 查看Nginx进程
ps aux | grep nginx

# 强制停止
pkill nginx

# 优雅停止
nginx -s quit

3. 日志分析

# 实时查看访问日志
tail -f /var/log/nginx/access.log

# 查看错误日志
tail -f /var/log/nginx/error.log

# 统计请求最多的IP
awk '{print $1}' access.log | sort | uniq -c | sort -nr | head -20

# 统计状态码
awk '{print $9}' access.log | sort | uniq -c | sort -rn

四、优化配置对比

场景对比表

具体优化方案

1. 连接池优化

upstream backend {
    server 192.168.1.100:8080;
    
    # 连接池配置
    keepalive 32;          # 每个worker保持的连接数
    keepalive_timeout 30s; # keepalive超时时间
    keepalive_requests 100; # 每个连接最大请求数
}

2. 缓存优化

proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=my_cache:10m 
                 inactive=60m max_size=1g use_temp_path=off;

location / {
    proxy_cache my_cache;
    proxy_cache_key "$scheme$request_method$host$request_uri$is_args$args";
    proxy_cache_valid 200 302 10m;
    proxy_cache_valid 404 1m;
    proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
    add_header X-Cache-Status $upstream_cache_status;
}

3. 安全优化

location / {
    # 隐藏Nginx版本
    proxy_hide_header X-Powered-By;
    more_clear_headers Server;
    
    # 限制请求大小
    client_max_body_size 10m;
    
    # 限制请求速率
    limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;
    
    location /api/ {
        limit_req zone=api burst=20 nodelay;
    }
}

4. 性能优化

# 启用零拷贝
sendfile on;
tcp_nopush on;
tcp_nodelay on;

# 连接优化
keepalive_timeout 65;
keepalive_requests 100;

# 文件描述符
worker_rlimit_nofile 65535;

# 事件模型
events {
    use epoll;  # Linux下使用epoll
    worker_connections 4096;
    multi_accept on;
}

五、监控与调试

1. 状态监控

location /nginx_status {
    stub_status on;
    access_log off;
    allow 127.0.0.1;
    deny all;
}

2. 调试日志

# 调试日志（生产环境谨慎使用）
log_format debug '$remote_addr - $remote_user [$time_local] '
                 '"$request" $status $body_bytes_sent '
                 '"$http_referer" "$http_user_agent" '
                 'upstream: $upstream_addr '
                 'upstream_status: $upstream_status '
                 'request_time: $request_time '
                 'upstream_response_time: $upstream_response_time';

3. 性能指标

# 监控连接状态
netstat -an | grep :80 | wc -l

# 监控Nginx状态
curl http://localhost/nginx_status

# 压力测试
ab -n 1000 -c 100 http://localhost/

六、配置模板

完整代理配置模板

# 定义上游服务器
upstream backend_servers {
    least_conn;
    server backend1.example.com:8080 max_fails=3 fail_timeout=30s;
    server backend2.example.com:8080 max_fails=3 fail_timeout=30s;
    server backend3.example.com:8080 max_fails=3 fail_timeout=30s backup;
    
    # 健康检查
    check interval=3000 rise=2 fall=3 timeout=1000 type=http;
    check_http_send "HEAD /health HTTP/1.0\r\n\r\n";
    check_http_expect_alive http_2xx http_3xx;
}

# 代理配置
server {
    listen 80;
    server_name example.com;
    
    access_log /var/log/nginx/access.log main buffer=32k flush=5s;
    error_log /var/log/nginx/error.log warn;
    
    location / {
        # 基础代理
        proxy_pass http://backend_servers;
        
        # 超时配置
        proxy_connect_timeout 5s;
        proxy_send_timeout 10s;
        proxy_read_timeout 30s;
        proxy_next_upstream_timeout 0;
        
        # 缓冲配置
        proxy_buffering on;
        proxy_buffer_size 4k;
        proxy_buffers 8 4k;
        proxy_busy_buffers_size 8k;
        proxy_max_temp_file_size 1024m;
        
        # 请求头
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        
        # HTTP版本优化
        proxy_http_version 1.1;
        
        # 错误页面
        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
            root /usr/share/nginx/html;
        }
    }
}

七、常见问题解决

1. 502 Bad Gateway

检查后端服务状态 增加proxy_read_timeout 检查防火墙和网络

2. 504 Gateway Timeout

增加proxy_connect_timeout 检查后端处理时间 优化后端性能

3. 413 Request Entity Too Large

增加client_max_body_size

4. 连接泄漏

检查keepalive配置 监控连接数 适当调整超时时间