相关nginx代理设置webman
nginx.conf配置
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
use epoll;
worker_connections 65535;
multi_accept on;
}
http {
##
# Basic Settings
##
include /etc/nginx/mime.types;
default_type application/octet-stream;
#开启高效文件传输模式,sendfile指令指定nginx是否调用sendfile函数来输出文件,对于普通应用设为 on,如果用来进行下载等应用磁盘IO重负载应用,可设置为off,以平衡磁盘与网络I/O处理速度,降低系统的负载。注意:如果图片显示不正常把这个改成off。
#sendfile指令指定 nginx 是否调用sendfile 函数(zero copy 方式)来输出文件,对于普通应用,必须设为on。如果用来进行下载等应用磁盘IO重负载应用,可设置为off,以平衡磁盘与网络IO处理速度,降低系统uptime。
sendfile on;
#此选项允许或禁止使用socke的TCP_CORK的选项,此选项仅在使用sendfile的时候使用,告诉nginx在一个数据包里发送所有头文件,而不一个接一个的发送。就是说数据包不会马上传送出去,等到数据包最大时,一次性的传输出去,这样有助于解决网络堵塞
tcp_nopush on;
#告诉nginx不要缓存数据,而是一段一段的发送--当需要及时发送数据时,就应该给应用设置这个属性,这样发送一小块数据信息时就不能立即得到返回值
tcp_nodelay on;
keepalive_timeout 120;
types_hash_max_size 2048;
server_tokens off; #错误页面的标签上是否表示Nginx的版本。
server_names_hash_bucket_size 64;
server_name_in_redirect off;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log notice;
#access_log /var/log/nginx/access.log;
#error_log /var/log/nginx/error.log;
##
#防DDOS攻击
##
##触发条件,所有访问ip 限制每秒10个请求
limit_req_zone $binary_remote_addr zone=one:10m rate=10r/s;
##限制IP连接数
limit_conn_zone $binary_remote_addr zone=addr:10m;
##
# Gzip Settings
##
gzip on;
#gzip_vary on;
#gzip_proxied any;
#gzip_comp_level 6;
#gzip_buffers 16 8k;
#gzip_http_version 1.1;
#gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
gzip_min_length 2k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png;
gzip_vary on;
gzip_disable "MSIE [1-6].";
##
# Virtual Host Configs
##
#FastCGI相关参数是为了改善网站的性能:减少资源占用,提高访问速度。下面参数看字面意思都能理解。
#这个指令为FastCGI缓存指定一个路径,目录结构等级,关键字区域存储时间和非活动删除时间
fastcgi_cache_path /etc/nginx/conf.d/fastcgi_cache levels=1:2
keys_zone=TEST:10m inactive=5m;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffers 4 64k;
fastcgi_buffer_size 128k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
fastcgi_intercept_errors on;
send_timeout 60;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
proxy_headers_hash_max_size 512;
client_header_buffer_size 4k;
large_client_header_buffers 4 64k;
client_body_buffer_size 10m;#设置为 10MB,这意味着 Nginx 会为每个请求分配 10MB 的内存来存储请求体。
client_body_temp_path /mnt/webfiles/tmp/nginx-client-body 1 2; # 设置了临时文件的存储路径,并设置了子目录结构以避免文件名冲突。
client_body_in_file_only on; #设置为 on,表示所有请求体内容都将被写入临时文件。
client_max_body_size 500m; #允许上传的最大请求体大小为 500m。
include /etc/nginx/conf.d/*.conf;
#include /etc/nginx/sites-enabled/*;
}webman配置
upstream cc {
server 127.0.0.1:8787;
keepalive 10240;
}
#server {
# listen 80;
# server_name cc.zfox.top;
# rewrite ^(.*)$ https://${server_name}$1 permanent;
#}
server {
server_name domain;
listen 80;
access_log off;
root /webman/public;
#listen 443 ssl; # 添加HTTPS支持
#SSL配置
#ssl_certificate /usr/share/nginx/html/ccssl/cc.crt; # 配置证书
#ssl_certificate_key /usr/share/nginx/html/ccssl/cc_nopass.key; # 配置证书私钥
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # 配置SSL协议版本
#ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; # 配置SSL加密算法
#ssl_prefer_server_ciphers on; # 优先采取服务器算法
#ssl_session_cache shared:SSL:10m; # 配置共享会话缓存大小
#ssl_session_timeout 10m; # 配置会话超时时
location ^~ / {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Range $http_range;
proxy_store off;
proxy_temp_path /mnt/webfiles/tmp/nginx-proxy-temp 1 2;
if (!-f $request_filename){
proxy_pass http://cc;
}
}
# 拒绝访问所有以 .php 结尾的文件
location ~ \.php$ {
return 404;
}
# 拒绝访问所有以 . 开头的文件或目录
location ~ /\. {
return 404;
}
}alist 设置
upstream pp{
server 127.0.0.1:5244 ;
#内部加入weight参数,则表示权重寻址:表示访问两次8002,访问一次8001。循环下去
#server 192.168.10.21:8001 weight=1;
#server 192.168.10.21:8002 weight=2;
#fail_timeout和slow_start。fail_timeout表示服务请求超过多长时间,就认为该服气宕机了,slow_start表示继续监控该服务多长时间,如果正常则认为服务已恢复正常。注意slow_start参数不能与 hash,ip_hash和随机 负载平衡方法一起使用
#server 192.168.10.21:5244 fail_timeout=5s slow_start=30s;
}
server {
listen 80;
server_name domainname;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Range $http_range;
proxy_set_header If-Range $http_if_range;
proxy_redirect off;
proxy_pass http://pp ;
# 上传的最大文件尺寸
client_max_body_size 30000m;
}
}常用配置
nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
error_log /var/log/nginx/error.log;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
#ssl_prefer_server_ciphers on;
##
# Logging Settings
##
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
server_tokens off;
server_names_hash_bucket_size 512;
client_header_buffer_size 32k;
client_max_body_size 50m;
keepalive_timeout 60;
keepalive_requests 100000;
##
# Gzip Settings
##
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml;
gzip_vary on;
gzip_proxied expired no-cache no-store private auth;
gzip_disable "MSIE [1-6]\.";
limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_conn_zone $server_name zone=perserver:10m;
limit_conn perip 30; # 每个 IP 地址最多允许 10 个并发连接
limit_conn perserver 100; # 每个服务器名称最多允许 100 个并发连接
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
#开启缓存配置
proxy_temp_path /tmp/proxy_temp_dir;
proxy_cache_path /tmp/proxy_cache_dir levels=1:2 keys_zone=proxy_cache_panel:20m inactive=1d max_size=1g;
client_body_buffer_size 512k;
proxy_connect_timeout 60;
proxy_read_timeout 60;
proxy_send_timeout 60;
proxy_buffer_size 32k;
proxy_buffers 4 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
proxy_cache proxy_cache_panel;
}vhost.conf
upstream qq {
server 192.168.10.123:8787;
keepalive 10240;
}
server {
listen 80 ;
server_name qq.mfan.top;
index index.php index.html index.htm default.php default.htm default.html;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
#access_log /www/sites/qq.mfan.top/log/access.log main;
#error_log /www/sites/qq.mfan.top/log/error.log;
location ^~ /.well-known/acme-challenge {
allow all;
root /etc/nginx/html;
}
#include /www/sites/qq.mfan.top/proxy/*.conf;
#include /www/sites/qq.mfan.top/redirect/*.conf;
location ^~ / {
proxy_pass http://qq;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
add_header X-Cache $upstream_cache_status;
add_header Cache-Control no-cache;
proxy_ssl_server_name off;
proxy_ssl_name $proxy_host;
#开启缓存配置
if ( $uri ~* "\.(gif|png|jpg|css|js|woff|woff2)$" ) {
expires 1m;
}
proxy_ignore_headers Set-Cookie Cache-Control expires;
proxy_cache proxy_cache_panel;
proxy_cache_key $host$uri$is_args$args;
proxy_cache_valid 200 304 301 302 10m;
}
}nfs挂载
mount -t nfs -o noatime,nodiratime,nodev,noexec,rsize=131072,wsize=131072 -o tcp 192.168.10.123:/mnt/user/webfiles /mnt/webfiles
微信
支付宝本作品采用 知识共享署名-相同方式共享 4.0 国际许可协议 进行许可。