#user nobody;
error_log stderr notice;
worker_processes auto;
worker_rlimit_nofile 130048; #worker进程的最大打开文件数限制
worker_shutdown_timeout 10s; #状态超时退出配置
worker_rlimit_core 50M; #core文件大小限制
events {
use epoll; #事件处理模型优化use epoll模式,优化并发连接能力
worker_connections 65535; #worker进程同时打开的最大连接数
multi_accept on; #告诉nginx收到一个新连接通知后接受尽可能多的连接
accept_mutex off; #Nginx网络连接序列化,吞吐量大时关闭,默认关闭
}
http {
include /usr/local/openresty/nginx/conf/mime.types; #引用资源的媒体类型
index index.php index.html index.htm;
aio_write on;
server_tokens off; #错误页面关闭nginx版本提示,提升网站安全性
server_names_hash_max_size 4096; #设置hash桶大小,提高现代处理器在hash中搜索密钥的速度
server_names_hash_bucket_size 64;
default_type text/html;
tcp_nopush on; #提升网络包的传输效率,senfile打开时有效
tcp_nodelay on;
sendfile on;
keepalive_requests 100; #设置一个keep-alive连接上可以服务的请求的最大数量,当最大请求数量达到时,连接被关闭
keepalive_timeout 900s; #设置keep-alive客户端(浏览器)连接在服务器端(nginx端)保持开启的超时值,值为0会禁用keep-alive客户端连接
client_header_buffer_size 1k; #设置请求行+请求头的大小,如果没超过1k,放行请求
large_client_header_buffers 4 4k; #如请求行+请求头的大小如果超过1k,则以此配置为准
client_body_buffer_size 100m; #设置Nginx分配给请求数据的Buffer大小,大于该值则传送失败
client_max_body_size 0; #客户端请求服务器最大允许大小
autoindex off; #当URL以/ 结尾是,尝试以html/xml/json/jsonp等格式返回
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
#ssl_session_timeout 5m;
#ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
#ssl_prefer_server_ciphers on;
underscores_in_headers on; #新版本不允许header头出现下划线,打开开关规避
#include /usr/local/openresty/nginx/openstar/conf/waf.conf; #Web Application Firewall--基于lua模块的网站防火墙配置
server {
listen 80;
listen [::]:80 ipv6only=on;
server_name localhost;
## https转http时配置
# ssl_certificate /etc/nginx/conf.d/ssl/server.crt;
# ssl_certificate_key /etc/nginx/conf.d/ssl/server.key;
# ssl_session_timeout 5m;
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# ssl_ciphers HIGH:!aNULL:!MD5:!EXPORT:+MEDIUM:!SHA;
# ssl_prefer_server_ciphers on;
location / {
rewrite '{
set $var_x_forwarded_for $remote_addr;
if ($http_x_forwarded_for != "") {
set $var_x_forwarded_for "${http_x_forwarded_for}, ${realip_remote_addr}";
}
proxy_set_header X-Forwarded-For $var_x_forwarded_for;
access_by_lua_block {
local new = string.gsub(ngx.var.var_x_forwarded_for, "%[", "")
local new = string.gsub(new, "%]", "")
ngx.var.var_x_forwarded_for = new
}
}' http://172.21.131.82;
proxy_pass http://xx.xxx.xxx.xx; # 跳转到服务
proxy_connect_timeout 3s;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
标签:http,forwarded,ssl,server,nginx,proxy,IPV6,监听 From: https://www.cnblogs.com/libruce/p/17269923.html