目录
try_files
location / {
try_files $uri $uri/ /index.html;
}
443 强转
if ($ssl_protocol = "") { return 302 https://$host$request_uri; }
vhost配置
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /usr/local/openresty/nginx/conf/ssl/xxx.com.pem;
ssl_certificate_key /usr/local/openresty/nginx/conf/ssl/xxx.com.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256;
ssl_conf_command Ciphersuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256;
ssl_conf_command Options PrioritizeChaCha;
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_buffer_size 2k;
add_header Strict-Transport-Security max-age=15768000;
ssl_stapling on;
ssl_stapling_verify on;
server_name xxx;
access_log xxx.log combined;
index index.html index.htm index.php;
root xxx;
if ($ssl_protocol = "") { return 302 https://$host$request_uri; }
location ~ [^/]\.php(/|$) {
#fastcgi_pass remote_php_ip:9000;
fastcgi_pass unix:/dev/shm/php-cgi.sock;
fastcgi_index index.php;
include fastcgi.conf;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
expires 30d;
access_log off;
}
location ~ .*\.(js|css)?$ {
expires 7d;
access_log off;
}
location ~ /(\.user\.ini|\.ht|\.git|\.svn|\.project|LICENSE|README\.md|\.env) {
deny all;
}
location /.well-known {
allow all;
}
499问题
proxy_ignore_client_abort on;
# 确定在客户端关闭连接时是否应关闭与代理服务器的连接,而不在等待响应
proxy_read_timeout 600;
proxy_send_timeout 600;
# 如果超时(默认60s),Nginx 会主动断开连接,记录504
7层负载
upstream xxx.cn {
server 10.x:3050 weight=10 max_fails=3 fail_timeout=3s;
server 10.x:3050 weight=10 max_fails=3 fail_timeout=3s;
check interval=1000 rise=2 fall=3 timeout=5000 type=http default_down=false;
check_http_send "GET /services/route/ping HTTP/1.0\r\n\r\n";
check_http_expect_alive http_2xx http_3xx;
}
server {
listen 80;
server_name xx.cn;
index index.html index.htm;
access_log /var/log/nginx/xxx.cn.access.log main;
error_log /var/log/nginx/xxx.error.log warn;
location ~ ^/NginxStatus/ {
stub_status on;
access_log on;
}
location / {
proxy_redirect off ;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
proxy_ignore_client_abort on;
proxy_buffer_size 1600k;
proxy_buffers 4 3200k;
proxy_busy_buffers_size 6400k;
proxy_temp_file_write_size 6400k;
proxy_max_temp_file_size 128m;
proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
proxy_pass http://xxx.cn;
}
}
format json log
log_format main escape=json '{ "time_local": "$time_local", '
'"remote_user": "$remote_user", '
'"remote_addr": "$remote_addr", '
'"http_referer": "$http_referer", '
'"request": "$request", '
'"method": "$request_method", '
'"url_path": "$request_uri", '
'"request_body": "$request_body", '
'"status": $status, '
'"level": "$level",'
'"body_bytes_sent": $body_bytes_sent, '
'"http_user_agent": "$http_user_agent", '
'"http_host": "$http_host", '
'"http_requestid": "$http_requestid", '
'"http_authorization": "$http_authorization", '
'"business": "ngx_access-$http_host", '
'"http_x_forwarded_for": "$http_x_forwarded_for", '
'"upstream_addr": "$upstream_addr",'
'"trace_id": "$trace_id",'
'"upstream_response_time": "$upstream_response_timer",'
'"ssl_protocol": "$ssl_protocol",'
'"request_time": $request_time'
' }';