#用户
user webapp;
#工作进程数量
worker_processes 8;
#平均分配到CPU(当前是8核)
worker_cpu_affinity 10000000 01000000 00100000 00010000 00001000 00000100 00000010 00000001;
#worker_cpu_affinity auto;
#错误日志记录
error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
pid logs/nginx.pid;
worker_rlimit_nofile 10240;
#事件类型
events {
use epoll;
#每个进程的最大连接数
worker_connections 15000;
multi_accept on;
}
http {
include mime.types;
default_type application/octet-stream;
# 修改默认服务器类型标签,避免某些安全隐患
server_tokens off;
server_tag 'NULL';
#定义日志格式
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
#设定请求缓冲
client_header_buffer_size 32k;
large_client_header_buffers 4 4k;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
#keepalive_timeout 0;
keepalive_timeout 65;
server_tokens off;
open_file_cache max=65535 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 1;
#开启gzip模块
gzip on;
gzip_min_length 1000;
gzip_buffers 4 16k;
gzip_comp_level 4;
gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php p_w_picpath/jpeg p_w_picpath/gif p_w_picpath/png;
gzip_vary on;
gzip_disable "MSIE [1-6]\.";
fastcgi_intercept_errors on;
#定义负载均衡后端服务器
upstream TOMCAT {
server 192.168.1.1:8081 max_fails=1;
server 192.168.1.1:8082 max_fails=1;
server 192.168.1.1:8083 max_fails=1;
server 192.168.1.1:8084 max_fails=1;
ip_hash;
#负载均衡健康检查 需要安装nginx_upstream_check_module
check interval=3000 rise=2 fall=5 timeout=1000 type=http;
#check_http_send "GET / HTTP/1.0\r\n\r\n";
#check_http_expect_alive http_2xx http_3xx;
}
#limit模块限制
limit_req_zone $binary_remote_addr zone=zone_name:20m rate=5r/s;
# 服务器定义
server {
listen 8080;
#定义多个端口
#listen 9090;
server_name 192.168.1.1 localhost;
set $addr $remote_addr;
proxy_store off;
error_page 404 /404.html;
charset utf-8;
#设定上传文件的最大尺寸
client_max_body_size 20m;
#定义时间参数,用作日志生成
if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})") {
set $year $1;
set $month $2;
set $day $3;
}
#日志,指定目录及日期,可自动按天生成
access_log /nfs/nginxlog/nginx-$year-$month-$day-access.log;
# 指定HTTP访问方式:非GET或者POST方式,返回403;一般为Web、WAP使用
if ($request_method !~ ^(GET|POST)$) {
return 403;
}
#判断客户端地址
if ($remote_Addr != '4.4.4.4' ){
return 403;
}
if ($remote_Addr = '2.2.2.2' ) || ($remote_Addr = '3.3.3.3' ) {
........;
}else{
return 403;
}
#可以根据判断结果设定参数值,再根据参数值确定具体操作
if ($request_uri ~ \.(conf|xml)$) {
set $seo 2;
}
if ($seo = 2) {
proxy_pass http://192.168.1.2:8080;
rewrite ^.*$ /api/1$request_uri;
break;
}
#判断用户访问的客户端类型
if ( $http_user_agent ~* "(Android|iPhone|Windows Phone|UC|Kindle)" ){
rewrite ^(.*) http://www.xxx.cn/yy/ permanent;
}
#设置参数初始值,并在进行判断后赋值
set $SESSIONID "-";
if ( $http_cookie ~* "WAP_SESSIONID=([^;]+)(?:;|$)" ){
set $SESSIONID $1;
}
#匹配用户访问url路径,然后进行相应处理
location =/ {
return 404;
}
location ~ ^/(WEB-INF)/ {
deny all;
}
location ^~ class {
# 匹配任何已 p_w_picpaths 开头的任何查询并且停止搜索。任何正则表达式将不会被测试。
deny all;
}
#匹配用户访问的文件类型,符合即指向指定目录
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|htc|ico)$ {
root /webapp/web/p_w_picpath;
access_log off;
expires 30d;
}
#重定向
location /content {
rewrite ^/(.*)$ /lcpproxy/content.php?$1 last;
}
#使用LUA脚本
location /queryCache {
default_type 'text/plain';
content_by_lua_file /home/fjccwt/nginx/lua/queryCache.lua;
}
#使用python脚本 需要ngx_python模块
location /content_by_python_file {
content_by_python_file /webapp/openresty/hello.py;
}
#反向代理
location /test/ {
limit_req zone=zone_name burst=1500 nodelay;
proxy_pass http://tomcat/test/;
proxy_redirect off;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
client_max_body_size 20m;
client_body_buffer_size 500k;
proxy_max_temp_file_size 0;
proxy_connect_timeout 60;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffer_size 128k;
proxy_buffers 8 128k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 1024k;
}
#nginx管理配置
location /ngx_status {
stub_status on;
access_log off;
#设定NGINX管理平台访问密码
#auth_basic "NginxStatus";
#auth_basic_user_file htpasswd;
allow 127.0.0.1;
deny all;
}
}
#HTTPS配置
server {
listen 8443;
server_name localhost;
ssl on;
ssl_certificate /webapp/softs/sslkey/server.crt;
ssl_certificate_key /webapp/softs/sslkey/server.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
return 403;
}
location / {
root html;
index index.html index.htm;
}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}