Nginx部署

Nginx.conf文档

#启动进程,通常设置成和cpu的数量相等
worker_processes auto;
worker_rlimit_nofile 100000;

#全局错误日志及PID文件
error_log /var/log/nginx/error.log info;

pid /var/run/nginx.pid;
#工作模式及连接数上限
events {
    #单个后台worker process进程的最大并发链接数
    worker_connections 2048;
    multi_accept on;
    use epoll;
}

http {
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    #设定mime类型,类型由mime.type文件定义
    include mime.types;
    default_type application/octet-stream;

    #设定日志格式
    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $http_x_forwarded_for '
'"$upstream_addr" "$upstream_status" "$upstream_response_time" "$request_time"';
    log_format data '[$time_local] -- "$request"--$status "$request_body"';
    #log_format main '$remote_addr - $remote_user [$time_local] "$request" '
    # '$status $body_bytes_sent "$http_referer" '
    # '"$http_user_agent" "$http_x_forwarded_for"';

    access_log /var/log/nginx/access.log main;

    server_tokens off;

    #sendfile 指令指定 nginx 是否调用 sendfile 函数(zero copy 方式)来输出文件,
    #对于普通应用,必须设为 on,
    #如果用来进行下载等应用磁盘IO重负载应用,可设置为 off,
    #以平衡磁盘与网络I/O处理速度,降低系统的uptime.
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;

    #连接超时时间
    #keepalive_timeout 0;
    keepalive_timeout 300;
    client_header_timeout 300;
    client_body_timeout 300;
    reset_timedout_connection on;
    send_timeout 300;

    #limit_conn_zone $binary_remote_addr zone=addr:10m;
    #limit_conn addr 100;

    #设定请求缓冲
    include proxy.conf;
    #开启gzip压缩
    #include gzip.conf;

    #保存服务器名字的hash表,如果64还不够,那么就按32的倍数往上加.
    server_names_hash_bucket_size 64;

    #设定负载均衡的服务器列表, 虚拟主机配置
    include servers/blog.army16.com.conf;

}

blog.army16.com.conf文档

upstream blog{
    #weigth参数表示权值,权值越高被分配到的几率越大
    least_conn;
    server 127.0.0.1:443 weight=1; #服务器A
    server 192.168.1.16:443 weight=1; #服务器B
    # hash $cookie_jsessionid;
    # ip_hash; #ip_hash策略将同一IP的所有请求都转发到同一应用服务器
}

#设定虚拟主机配置
server {
    #侦听80端口
    listen 80;
    #定义使用 blog.army16.com访问
    server_name blog.army16.com;

    listen 443 ssl;
    ssl_certificate STAR_army16_com.crt;
    ssl_certificate_key army16_ssl_cert_20160717.key;

    ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    if ($scheme = http) {
        return 301 https://$server_name$request_uri;
    }

    access_log /var/log/nginx/access.log main;

    #默认请求
    location / {
        #定义服务器的默认网站根目录位置
        root html;
        #定义首页索引文件的名称
        index test.html index.html index.htm index.shtml index.jsp;

        proxy_pass https://blog;
    }

    #启用nginx status 监听页面
    location /nginxstatus {
        stub_status on;
        access_log on;
        allow 113.107.2.50;
        deny all;
    }

    #定义错误提示页面
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root html;
    }
}

 

滚动至顶部