user www; worker_processes auto; worker_cpu_affinity auto; worker_rlimit_nofile 65535; #Nginx 工作进程可以打开的最大文件描述符数量,查看系统文件描述符数再确认 error_log /var/log/nginx/error.log; pid /run/nginx.pid; include /usr/share/nginx/modules/*.conf; events { use epoll; #默认开启的:epoll 是一种在 Linux 操作系统上用于处理大量并发连接的高效事件通知机制 multi_accept on; #默认关闭:启用了 Nginx 的多连接接受模式。这意味着 Nginx 在接受新连接时可以一次性处理多个连接。 worker_connections 20240; #每个工作进程能够同时处理的最大连接数。(worker_rlimit_nofile > worker_connections) } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; log_format access_format '[$time_local] "$http_x_forwarded_for" $remote_user "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" - $remote_addr'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream; gzip on; #启用Gzip压缩功能 gzip_min_length 256; #设置压缩的最小响应体大小 gzip_buffers 4 16k; gzip_http_version 1.0; gzip_types text/plain application/x-javascript text/css application/xml application/json application/javascript; gzip_comp_level 3; gzip_vary on; include /etc/nginx/conf.d/*.conf; }
目录conf.d/test.conf
upstream grafana { server 192.168.213.224:3000 weight=1 max_fails=2 fail_timeout=3s; } server { listen 80; server_name grafana.test.cn; rewrite ^(.*)$ https://$host$1 permanent; #HTTP请求重定向到HTTPS请求 } server { listen 443 ssl http2; server_name grafana.test.cn; ssl_certificate "/etc/nginx/ssl/test.cn.pem"; ssl_certificate_key "/etc/nginx/ssl/test.cn.key"; ssl_session_cache shared:SSL:1m; #SSL会话缓存的大小 ssl_session_timeout 10m; #SSL会话缓存的超时时间 ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; location / { proxy_pass http://grafana; rewrite ^/grafana/(.*) /$1 break; proxy_buffering off; #关闭代理缓冲,适用于实时或动态内容,避免缓冲延迟 proxy_http_version 1.1; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }
标签:http,log,ssl,配置,nginx,proxy,gzip,优化 From: https://www.cnblogs.com/tingwei/p/18264621