Featured image of post 2023 分享套 nginx 配置和性能优化
Linux

2023 分享套 nginx 配置和性能优化

本文含有: nginx 的配置文件, 主要关于在1H1G服务器中性能优化以及简化配置

nginx.conf

user www-data;
# cpu核心数
worker_processes 1;

error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;


events {
	worker_connections 512;
	use epoll;
	multi_accept on;
	accept_mutex off;
	#thread_pool my_pool threads=4;
}


http {
	# limit 限速
	# 限制请求
	# limit_req_zone $binary_remote_addr $uri zone=api_read:20m rate=50r/s;
	# # 按ip配置一个连接 zone
	# limit_conn_zone $binary_remote_addr zone=perip_conn:10m;
	# # 按server配置一个连接 zone
	# limit_conn_zone $server_name zone=perserver_conn:100m;

	# 启用缓存
	# 缓存区大小10m, inactive>缓存条目的有效时间
	# proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=my_cache:10m inactive=40m;
	# proxy_cache_valid 200 40m;
	# proxy_cache_valid 404 1m;
	# proxy_cache_bypass $http_pragma;
	# proxy_cache_revalidate on;

	##
	# Basic Settings
	##
	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	types_hash_max_size 2048;
	server_tokens off; # 关闭nginx版本标识
	keepalive_timeout 65;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
	'$status $body_bytes_sent "$http_referer" '
	'"$http_user_agent" "$http_x_forwarded_for"';

	# 定义一个变量,用于判断是否禁用日志记录
	map $http_user_agent $log_enabled {
		default 1;
		"~*python-requests" 0;
	}

	# 在全局范围内配置日志记录
	access_log /var/log/nginx/access.log combined if=$log_enabled;

	##
	# ssl Settings
	##
	ssl_protocols TLSv1.2 TLSv1.3;
	ssl_prefer_server_ciphers on;#设置为 on,表示优先使用服务端提供的加密算法。
	ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
	ssl_session_cache builtin:1000 shared:SSL:10m;
	ssl_session_timeout 5m;

	##
	# Gzip Settings
	##
	gzip on;
	gzip_min_length 1k;
	gzip_buffers 8 64k;
	gzip_http_version 1.1;
	gzip_comp_level 6;
	gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
	gzip_vary on;
	gzip_disable "MSIE [1-6]\.";

	# websocket 支持
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "upgrade";
	proxy_read_timeout 600; #连接成功后,后端服务器响应时间(代理接收超时)
	proxy_send_timeout 600; #后端服务器数据回传时间(代理发送超时)

	proxy_buffer_size 16k; #设置代理服务器(nginx)保存用户头信息的缓冲区大小
	proxy_buffers 8 32k;#proxy_buffers缓冲区,网页平均在32k以下的话,这样设置
	proxy_busy_buffers_size 64k; #高负荷下缓冲大小(proxy_buffers*2)
	proxy_max_temp_file_size 1024m; #设定缓存文件夹大小,大于这个值,将从upstream服务器传
	client_max_body_size 15000M;


	##
	# Virtual Host Configs
	##
	include /etc/nginx/conf.d/*.conf;
	# include /etc/nginx/banip.conf;


}

base.conf

server {
  listen 80;
  server_name abc.com;

  access_log /var/wwwlogs/abc.com.log;
  error_log /var/wwwlogs/abc.com.error.log warn;

  # must HTTPS
  return 301 https://$server_name$request_uri;
}

server {
  listen 443 ssl http2;
  #listen [::]:443 ssl http2;  # IPV6

  server_name abc.com;

  ssl_certificate /etc/nginx/ssl/abc.com/abc.com.cer;
  ssl_certificate_key /etc/nginx/ssl/abc.com/abc.com.key;

  proxy_ssl_verify off;

  ssl_session_timeout 5m;
  ssl_protocols TLSv1.2 TLSv1.3;
  ssl_prefer_server_ciphers on;
  ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
  ssl_session_cache builtin:1000 shared:SSL:10m;

  access_log /var/wwwlogs/abc.com.log;
  error_log /var/wwwlogs/abc.com.error.log warn;

  location / {
    # 启用缓存
    proxy_cache my_cache;
    proxy_cache_valid 200 10m;

    proxy_pass http://127.0.0.1:9880;
    index index.html index.htm index.jsp;

    # 设置代理请求中的 Host 头信息为代理服务器所接收到的客户端请求中的 Host 头信息。
    # 这是为了防止后端服务器在处理请求时出现歧义,导致数据处理出现错误。
    proxy_set_header Host $host;
    # 将客户端的真实 IP 地址传递给后端服务器
    proxy_set_header X-Real-IP $remote_addr;
    # 将客户端的 IP 地址追加到 X-Forwarded-For 头信息中
    # 如果客户端的请求经过多个代理服务器转发,则会依次追加到 X-Forwarded-For 头信息中
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    # 将客户端请求的 HTTPS/HTTP 协议类型传递给后端服务器。
    proxy_set_header X-Forwarded-Proto $scheme;
    # 将客户端请求的主机名传递给后端服务器。
    proxy_set_header X-Forwarded-Host $host;
    # 将客户端请求的端口号传递给后端服务器。
    proxy_set_header X-Forwarded-Port $server_port;

    proxy_connect_timeout 30s;
    proxy_send_timeout 30s;
    proxy_read_timeout 30s;
  }

}
Licensed under CC BY-NC-SA 4.0
本博客已稳定运行
发表了53篇文章 · 总计28.17k字
© 2022 - 2025 eezd
使用 Hugo 构建
主题 StackJimmy 设计