# 主要配置文件 #user nobody; worker_processes auto; #自动根据cpu分配多少个worker进程 worker_rlimit_nofile 65535; #worker进程打开的最大值,同ulimit或者/etc/security/limits一起取最小值,如果service启动,需要注意LimitNOFILE的取值,反正取之间最小值 worker_priority -20; #进程优先级,-20最高 worker_cpu_affinity auto; # CPU亲缘性,避免CPU来回切换,自动绑定CPU #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 100000; #最大worker链接数,同上面limits文件一样取值 accept_mutex on; #惊群,高并发off,低并发on multi_accept on; #开启时,每个worker接收多个网络链接 } http { include mime.types; #支持的文件类型 default_type application/octet-stream; #在mime.types找不到,用这个默认类似 #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; server_tokens off; #不显示nginx版本,也可自己源码编译,nginx.h更改自己的版本 sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 60 65; # 保持链接时间,前者是实际时间,后者是用户看到的时间 #访问日志格式改为json格式,为后面ELK配合使用 log_format access_json '{"@timestamp":"$time_iso8601",' '"host":"$server_addr",' '"clientip":"$remote_addr",' '"size":$body_bytes_sent,' '"responsetime":$request_time,' #总的处理时间 '"upstreamtime":"$upstream_response_time",' '"upstreamhost":"$upstream_addr",' #后端应用服务器处理时间 '"http_host":"$host",' '"uri":"$uri",' '"xff":"$http_x_forwarded_for",' '"referer":"$http_referer",' '"tcp_xff":"$proxy_protocol_addr",' '"http_user_agent":"$http_user_agent",' '"status":"$status"}'; # 子配置文件,关于多主机server配置 include /apps/nginx/conf.d/*.conf; }
主机www.noise.org
server { listen 80; # HSTS 配置 listen 443 ssl; ssl_certificate /data/certs/noisedu.cn.pem; ssl_certificate_key /data/certs/noisedu.cn.key; ssl_session_cache shared:sslcache:20m; ssl_session_timeout 10m; # 主机名 server_name www.noise.org; # 错误日志 error_log /data/nginx_error.log; # 定制错误页面 error_page 500 502 503 504 404 /error.html; location /error.html { alias /data/error/index.html; } location /images { root /data; index index.html index.htm; # 关images访问日志 access_log /data/www/access_json.log access_json; # 自动转换http为https if ( $scheme = http ) { rewrite ^/(.*)$ https://www.noise.org/$1 redirect; } } # 状态页 location /status { stub_status; auth_basic "admin log"; auth_basic_user_file /apps/nginx/conf.d/.htpasswd; } location /list { alias /etc/; autoindex on; # 开启下载list autoindex_localtime on; # 开启本地时间同步 autoindex_exact_size off; # 不精确大小 gzip on; # 自动压缩 gzip_comp_level 9; # 压缩比,最大9 gzip_min_length 10k; # 最小压缩大小,小于则不压缩 gzip_types * # 压缩类型,默认为text/html, 星号为mime.type文件中的全部类型 gzip_vary on; # 响应首部是否加上Vary: Accept-Encoding } #location / { #root /data/music; # 多文件尝试访问,访问不到则返回500错误 #try_files $uri $uri.html /about/default.html; #} # 第三方模块 - http://github.com/openresty/echo-nginx-module.git location /echo { echo $remote_user; default_type text/html; echo "hello world,main-->"; echo $remote_addr ; echo_reset_timer; echo "took $echo_timer_elapsed sec for total."; } }
主机mobile.noise.org
server { listen 80; server_name mobile.noise.org; location /images { alias /data/mobile/; index index.html index.htm; allow 10.0.0.15; deny all; } }
访问
[15:39:19 root@centos8 ~]#curl -I http://www.noise.org/status HTTP/1.1 401 Unauthorized Server: nginx/1.20.0 Date: Sat, 17 Jul 2021 07:39:27 GMT Content-Type: text/html Content-Length: 179 Connection: keep-alive WWW-Authenticate: Basic realm="admin log" [16:44:12 root@centos8 ~]#curl -I http://mobile.noise.org HTTP/1.1 200 OK Server: nginx/1.20.0 Date: Sat, 17 Jul 2021 09:11:17 GMT Content-Type: text/html Content-Length: 612 Last-Modified: Sun, 11 Jul 2021 13:12:18 GMT Connection: keep-alive Keep-Alive: timeout=65 ETag: "60eaee32-264" Accept-Ranges: bytes [18:21:33 root@centos8 ~]#curl -I --insecure https://www.noise.org/images HTTP/1.1 301 Moved Permanently Server: nginx Date: Sat, 17 Jul 2021 10:22:44 GMT Content-Type: text/html Content-Length: 162 Location: https://www.noise.org/images/ Connection: keep-alive Keep-Alive: timeout=65 [18:02:58 root@centos8 ~]#curl --head --compressed http://www.noise.org/list/ld.so.cache HTTP/1.1 200 OK Server: nginx Date: Sat, 17 Jul 2021 10:03:30 GMT Content-Type: application/octet-stream Last-Modified: Sat, 17 Jul 2021 09:18:25 GMT Connection: keep-alive Keep-Alive: timeout=65 ETag: W/"60f2a061-430b" Content-Encoding: gzip [16:44:12 root@centos8 ~]#curl -I http://mobile.noise.org HTTP/1.1 200 OK Server: nginx/1.20.0 Date: Sat, 17 Jul 2021 09:11:17 GMT Content-Type: text/html Content-Length: 612 Last-Modified: Sun, 11 Jul 2021 13:12:18 GMT Connection: keep-alive Keep-Alive: timeout=65 ETag: "60eaee32-264" Accept-Ranges: bytes [15:38:13 root@centos8 ~]#curl -I http://xiaoqiang:123456@www.noise.org/status HTTP/1.1 200 OK Server: nginx/1.20.0 Date: Sat, 17 Jul 2021 07:39:19 GMT Content-Type: text/plain Content-Length: 97 Connection: keep-alive