17

linux-nginx配置

l

user www www;
worker_processes 2; #设置值和CPU核心数一致
error_log /usr/local/webserver/nginx/logs/nginx_error.log crit; #日志位置和日志级别
pid /usr/local/webserver/nginx/nginx.pid;
#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 65535;
events
{
  use epoll;
  worker_connections 65535;
}
http
{
  include mime.types;
  default_type application/octet-stream;
  log_format main  '$remote_addr - $remote_user [$time_local] "$request" '
               '$status $body_bytes_sent "$http_referer" '
               '"$http_user_agent" $http_x_forwarded_for';

#charset gb2312;

  server_names_hash_bucket_size 128;
  client_header_buffer_size 32k;
  large_client_header_buffers 4 32k;
  client_max_body_size 8m;

  sendfile on;
  tcp_nopush on;
  keepalive_timeout 60;
  tcp_nodelay on;
  fastcgi_connect_timeout 300;
  fastcgi_send_timeout 300;
  fastcgi_read_timeout 300;
  fastcgi_buffer_size 64k;
  fastcgi_buffers 4 64k;
  fastcgi_busy_buffers_size 128k;
  fastcgi_temp_file_write_size 128k;
  gzip on; 
  gzip_min_length 1k;
  gzip_buffers 4 16k;
  gzip_http_version 1.0;
  gzip_comp_level 2;
  gzip_types text/plain application/x-javascript text/css application/xml;
  gzip_vary on;

  #limit_zone crawler $binary_remote_addr 10m;
   #配置http强制跳转到https
      server {
      listen    80;
      server_name www.fjwsite.com fjwsite.com;
      rewrite ^(.*) https://$server_name$1 permanent; 
     }
 #下面是server虚拟主机的配置
 server
  {
    listen 443 ssl;#监听端口
    server_name www.fjwsite.com fjwsite.com;#域名
    index index.html index.htm index.php;
    root /usr/local/webserver/nginx/html;#站点目录

    #ssl证书配置
    ssl on;
    ssl_certificate /var/blogs/ssl/www.fjwsite.com.pem;
    ssl_certificate_key  /var/blogs/ssl/www.fjwsite.com.key;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_prefer_server_ciphers  on;
    #禁止在header中出现服务器版本,防止黑客利用版本漏洞攻击
    server_tokens off;
    #如果是全站 HTTPS 并且不考虑 HTTP 的话,可以加入 HSTS 告诉你的浏览器本网站全站加密,并且强制用 HTTPS 访问
    fastcgi_param   HTTPS               on;
    fastcgi_param   HTTP_SCHEME         https;
    access_log /usr/local/webserver/nginx/logs/httpsaccess.log;    

    #配置访问项目端口:
    location / {
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header Host $http_host;
          proxy_set_header X-NginX-Proxy true;
          #你的项目端口号
          proxy_pass http://localhost:8089; 
          proxy_redirect off;
       }
    #符合php扩展名的请求调度到fcgi server
    location ~ .*\.(php|php5)?$ {  
       #fastcgi_pass unix:/tmp/php-cgi.sock;
       fastcgi_pass 127.0.0.1:9000;
       fastcgi_index index.php;
       include fastcgi.conf;
     }
    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|ico|css|js|properties|json)$ {
       proxy_pass http://localhost:8089 ; #让nginx能正常加载这些静态文件
       expires 30d;   #客户端缓存上述js,css数据30天
       # access_log off;
     }
    #将符合js,css文件的等设定expries缓存参数,要求浏览器缓存。
    location ~ .*\.(js|css)?$ {
       expires 15d;
       # access_log off;
     }
    access_log off;
  }

}

搞定…..twemoji-1f1e8-1f1f3

评论后,需要站长审核通过,才会展出

人一共会长大三次;
第一次,是当你发现你不是世界的中心时,于是你开始努力
第二次是当你无能为力还会拼命争取时
第三次,是当你发现已经站在世界中心但不想成为世界中心的时候.

范俊伟(17)

Email:vanjoon@163.com
WeChat:Vanjoon_