nginx 总结
下载地址:http://nginx.org/download/
NGINX_FILE=nginx-1.14.0.tar.gz
NGINX_FILE_DIR=nginx-1.14.0
if [ "$1" -eq "1" ];then
yum install -y gcc-c++ pcre pcre-devel zlib zlib-devel openssl openssl-devel --setopt=protected_multilib=false;
if [ $? -eq 0 ];then
groupadd -g 888 www;
useradd -g www www -s /sbin/nologin -u 888;
tar zxvf $NGINX_FILE;
cd $NGINX_FILE_DIR;
if [ $? -eq 0 ];then
./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-stream_ssl_module --with-http_ssl_module --with-stream;
if [ $? -eq 0 ];then
make && make install;
echo "\033[32m $NGINX_FILE_DIR install success \033[0m"
if [ $? -eq 0 ];then
cd ../
cp init.d.nginx /etc/init.d/nginx
chmod 777 /etc/init.d/nginx
sed -i '65,71s/#//' /usr/local/nginx/conf/nginx.conf
sed -i '66s/html/\/var\/www\/html/' /usr/local/nginx/conf/nginx.conf
sed -i 's/scripts$fastcgi_script_name/$document_root$fastcgi_script_name/g' /usr/local/nginx/conf/nginx.conf
echo "\033[32m $NGINX_FILE_DIR install done \033[0m"
else
echo "\033[32m conf moddify failed \033[0m"
fi
else
echo "\033[32m make install failed \033[0m"
exit 0
fi
else
echo "\033[32m configure failed \033[0m"
exit 0
fi
fi
fi 1.配置在http段针对全局
http{
limit_req_zone $binary_remote_addr zone=one:10m rate=2r/s; 单个IP每秒限制2个请求
limit_req zone=one burst=5 nodelay; 请求突刺5个,无延迟
limit_req_status 503; 限流返回状态码
};
2. 配置在server段针对固定location
http{
limit_req_zone $binary_remote_addr zone=one:10m rate=2r/s; 单个IP每秒限制2个请求
server {
location /py {
limit_req zone=one burst=5 nodelay; 请求突刺5个,无延迟
limit_req_log_level warn; 日志级别设置为warn
limit_req_status 503; 限流返回状态码
}
}
};http{
#限流并发
upstream node{
server 127.0.0.1:8080 max_conns=1;
}
}
Server{
location /py {
proxy_pass http://node/;注意:如果少了一个/ 会将请求转发到8080的/py路径下
}
error_page 502 503 https://fund/b.html; 限流界面
}需求后端无法上网,前端能上网,后端通过前端nginx反向代理访问
1、前端配置识别路径后转发(适合https转发)
server{
listen 80;
server_name localhost;
location /centos {
proxy_pass http://mirrors.163.com/centos/;
}
}
例子2:
location ^~ /mp/
{
#proxy_cache api_cache;
proxy_set_header Host mp.weixin.qq.com;
rewrite /mp/(.+)$ /$1 break;
proxy_pass https://mp.weixin.qq.com;
}2、前端配置根据请求域名转发(适合http转发)
例子1:
server{
listen 80;
server_name mirrors.163.com;
location /centos {
proxy_pass http://mirrors.163.com;
}
}无法访问数据库只能通过前端机器去访问,首先前端机器开启3306端口映射将请求直接转发到对应内网机器的3306端口。
#user nobody;
worker_processes 1;
stream{
proxy_timeout 30m;
server{
listen 3306;
proxy_pass 192.168.1.30:3306;
}
} 1、访问某个项目路径转发到后端对应端口
location ^~ /wxInterfaceFnt {
proxy_pass http://192.168.3.196;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
2、访问php文件转发到对应的php解析
location ^~ /wxInterfaceFnt {
root /var/www/html;
fastcgi_pass 192.168.3.196:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /$document_root$fastcgi_script_name;
include fastcgi_params;
}
后端修改配置文件
php-fpm.conf
后端nginx
listen = 127.0.0.1:9000
listen = 192.168.3.196:9000
location ~ \.php$ {
root /var/www/html;
fastcgi_pass 192.168.3.196:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /$document_root$fastcgi_script_name;
include fastcgi_params;
}1、项目限制IP,同时允许的IP需要能够访问php
location ^~ /jiaoyin_diaries_fnt/app/manage/ {
allow 119.;
allow 221.;
allow 180.;
allow 119.;
deny all;
location ~ \.php$ {
root /var/www/html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}需求:负载机器转发到前端的是内网请求,需要修改配置
服务器 A 的转发配置(负载)
location ^~ /namesg/ {
proxy_pass http://172.16.16.11;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
}
服务器 B 的 nginx.conf log 配置(前端)
log_format my_format '$http_x_real_ip -'
'$remote_addr- [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log my_format;
访问报错:
1\转发到php-fpm的请求提示file not found
Nginx配置 root /var/www/html;
ssl配置
ssl on;
ssl_certificate /usr/local/nginx/conf/sogood.crt;
ssl_certificate_key /usr/local/nginx/conf/sogood.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:-LOW:!aNULL:!eNULL;
ssl_prefer_server_ciphers on;
上传文件限制(Request Entity Too Large)
http {
include mime.types;
default_type application/octet-stream;
include blacklist.conf;
#文件上传大小,默认1M
client_max_body_size 20m;2\nginx
upstream sent too big header while reading response header from upstream
server{
proxy_buffer_size 64k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
}
3\nginx 出现504 Gateway Time-out的解决方法
转发到其他端口超时设置
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
php转发超时设置
keepalive_timeout 300;
fastcgi_connect_timeout 6000;
fastcgi_send_timeout 6000;
fastcgi_read_timeout 6000;
fastcgi_buffer_size 256k;
fastcgi_buffers 8 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
限流配置参考
https://www.jianshu.com/p/2cf3d9609af3
https://www.cnblogs.com/biglittleant/p/8979915.html
https://blog.csdn.net/qq_31226223/article/details/78766314