Nginx.conf文档
#启动进程,通常设置成和cpu的数量相等
worker_processes auto;
worker_rlimit_nofile 100000;
#全局错误日志及PID文件
error_log /var/log/nginx/error.log info;
pid /var/run/nginx.pid;
#工作模式及连接数上限
events {
#单个后台worker process进程的最大并发链接数
worker_connections 2048;
multi_accept on;
use epoll;
}
http {
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#设定mime类型,类型由mime.type文件定义
include mime.types;
default_type application/octet-stream;
#设定日志格式
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $http_x_forwarded_for '
'"$upstream_addr" "$upstream_status" "$upstream_response_time" "$request_time"';
log_format data '[$time_local] -- "$request"--$status "$request_body"';
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
server_tokens off;
#sendfile 指令指定 nginx 是否调用 sendfile 函数(zero copy 方式)来输出文件,
#对于普通应用,必须设为 on,
#如果用来进行下载等应用磁盘IO重负载应用,可设置为 off,
#以平衡磁盘与网络I/O处理速度,降低系统的uptime.
sendfile on;
tcp_nopush on;
tcp_nodelay on;
#连接超时时间
#keepalive_timeout 0;
keepalive_timeout 300;
client_header_timeout 300;
client_body_timeout 300;
reset_timedout_connection on;
send_timeout 300;
#limit_conn_zone $binary_remote_addr zone=addr:10m;
#limit_conn addr 100;
#设定请求缓冲
include proxy.conf;
#开启gzip压缩
#include gzip.conf;
#保存服务器名字的hash表,如果64还不够,那么就按32的倍数往上加.
server_names_hash_bucket_size 64;
#设定负载均衡的服务器列表, 虚拟主机配置
include servers/blog.army16.com.conf;
}
blog.army16.com.conf文档
upstream blog{
#weigth参数表示权值,权值越高被分配到的几率越大
least_conn;
server 127.0.0.1:443 weight=1; #服务器A
server 192.168.1.16:443 weight=1; #服务器B
# hash $cookie_jsessionid;
# ip_hash; #ip_hash策略将同一IP的所有请求都转发到同一应用服务器
}
#设定虚拟主机配置
server {
#侦听80端口
listen 80;
#定义使用 blog.army16.com访问
server_name blog.army16.com;
listen 443 ssl;
ssl_certificate STAR_army16_com.crt;
ssl_certificate_key army16_ssl_cert_20160717.key;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
access_log /var/log/nginx/access.log main;
#默认请求
location / {
#定义服务器的默认网站根目录位置
root html;
#定义首页索引文件的名称
index test.html index.html index.htm index.shtml index.jsp;
proxy_pass https://blog;
}
#启用nginx status 监听页面
location /nginxstatus {
stub_status on;
access_log on;
allow 113.107.2.50;
deny all;
}
#定义错误提示页面
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}