Nginx配置文件详细介绍
Eave
2025.12.08
一、nginx.conf配置
user www www;
worker_processes 4;
worker_cpu_affinity 0001 0010 0100 1000;
worker_rlimit_nofile 10240;
pid /usr/local/nginx/nginx.pid;
error_log /var/log/nginx/error.log notice;
events
{
use epoll;
accept_mutex on;
multi_accept on;
worker_connections 1024;
}
# socket proxy
stream
{
upstream socket
{
server 127.0.0.1:9501;
}
server
{
listen 1120;
proxy_pass socket;
}
}
http
{
include mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
# 去除 nginx 版本
server_tokens off;
# 去除 Nginx 的 X-Powered-By header
fastcgi_hide_header X-Powered-By;
# 不允许被 iframe 加载
add_header X-Frame-Options SAMEORIGIN;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 20m;
client_body_buffer_size 2m;
client_header_timeout 60;
client_body_timeout 60;
send_timeout 60;
# 为打开文件指定缓存,默认是没有启用的,max 指定缓存数量,建议和打开文件数一致,inactive 是指经过多长时间文件没被请求后删除缓存
open_file_cache max=10240 inactive=60s;
# open_file_cache 指令中的inactive 参数时间内文件的最少使用次数,如果超过这个数字,文件描述符一直是在缓存中打开的
open_file_cache_min_uses 1;
fastcgi_intercept_errors on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
# gzip压缩功能设置
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 6;
gzip_types text/plain text/css text/javascript application/json application/javascript application/x-javascript application/xml;
gzip_vary on;
# http_proxy 设置
client_body_temp_path /var/cache/nginx/client_body 3 2;
proxy_connect_timeout 75;
proxy_send_timeout 75;
proxy_read_timeout 75;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_temp_path /var/cache/nginx/proxy_temp 1 2;
# HTTP头部有下划线的,在Nginx上就可以正常获取到了
underscores_in_headers on;
# 限制同一客户端ip地址的最大并发数
limit_conn_zone $binary_remote_addr zone=one:10m;
# 定义内网IP地址段
geo $remote_addr $internal_network
{
default 0; # 默认是外网
192.168.10.0/24 1; # 替换为你的内网网段
10.0.0.0/8 1; # 另一个常见的内网网段示例
}
# 根据内外网状态映射不同的限速值
map $internal_network $connection_speed
{
0 1m; # 外网 (0) 限速为 1MB/秒
1 1000m; # 内网 (1) 限速为 1000MB/秒
}
# 使用map映射限制下载速度
limit_rate $connection_speed;
log_format access '$remote_addr - $remote_user [$time_local] "$request" "$uri" $status $body_bytes_sent $request_time $upstream_response_time "$http_referer" "$http_user_agent" $http_x_forwarded_for "$server_name" "$http_host" "$cookie_userid" "$http_cookie" "$request_body"';
log_format api '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent $request_time $upstream_response_time "$http_user_agent" $http_x_forwarded_for "$server_name" "$http_host" "$http_x_uid" "$http_x_token" "$http_x_app_version" "$http_x_app_channel" "$request_body"';
server
{
listen 80 default_server;
listen [::]:80; # IPv6
server_name _;
charset utf-8;
return 404;
}
# 设定负载均衡的服务器列表
upstream phpfpm
{
# weigth参数表示权值,权值越高被分配到的几率越大
# ip_hash;
server 192.168.10.8:9000 max_fails=2 fail_timeout=30s;
server 192.168.10.10:9000 backup;
}
upstream backend
{
least_conn;
server 192.168.10.8 weight=10 max_fails=3 fail_timeout=20s;
server 192.168.10.10 weight=2 max_fails=3 fail_timeout=20s;
}
upstream tomcat
{
least_conn;
server 192.168.10.8:8080 weight=10 max_fails=3 fail_timeout=10s;
server 192.168.10.10:8080 weight=2 max_fails=3 fail_timeout=10s;
}
include vhosts/*.conf;
}二、server文件配置
1、server配置
server
{
listen 80;
location /
{
# 用于配合 browserHistory使用 VUE
try_files $uri $uri/ /index.html;
}
# 错误页面配置
error_page 401 /error/401.html;
error_page 403 /error/403.html;
error_page 404 /error/404.html;
error_page 405 /error/405.html;
error_page 406 /error/406.html;
error_page 412 /error/412.html;
error_page 431 /error/431.html;
error_page 500 /error/500.html;
error_page 501 /error/501.html;
error_page 502 /error/502.html;
# 错误页面目录配置
location /error
{
internal; # 内部访问
root html;
}
}
server
{
listen 80;
server_name 127.0.0.1;
# 限制同一客户端ip地址的最大并发数为5
limit_conn one 5;
root /var/www/vhosts/www;
index index.html index.htm;
access_log /var/log/nginx/access.log access;
error_log /var/log/nginx/error.log notice;
charset utf-8;
autoindex off;
autoindex_exact_size off;
autoindex_localtime on;
# 允许跨域访问
add_header Access-Control-Allow-Origin *;
# add_header Access-Control-Allow-Origin "https://www.google.com,https://www.baidu.com";
# 添加响应cookie
add_header Set-Cookie 'cookiename=cookievalue;path=/';
location ~* \.html$
{
rewrite ^/(.*)\.html$ /index.php?$1 last;
break;
}
location /
{
# 页面内容替换
sub_filter_once off;
sub_filter 'hello' 'HELLO';
if (!-e $request_filename)
{
rewrite ^/(.*)$ /index.php?$1 last;
break;
}
}
location /user/
{
try_files $uri $uri/ /user1/index.php?q=$uri&$args;
}
# 严格匹配 301 永久 302 临时
location = /api/share
{
return 301 http://www.domian.com/game/share?$query_string;
}
location /login/callback
{
return http://www.domian.com$request_uri;
}
location ^~ /api/
{
rewrite /api/userinfo /api.php?s=/game/userinfo last;
rewrite /api/usermore /api.php?s=/game/usermore last;
rewrite /api/pay /api.php?s=/game/pay last;
}
# 对 /avatar 改变root目录
location ^~ /avatar|avt
{
root /var/www/vhosts/avatar;
}
location /status
{
stub_status on;
access_log off;
allow 192.168.10.0/24;
deny all;
}
# 过滤.git文件夹
location ^~ /\.git
{
return 444;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~* \.php?$
{
fastcgi_pass phpfpm;
fastcgi_index index.php;
include fastcgi.conf;
}
location ~* \.(css|js|jpg|jpeg|png|gif|ico|svg|woff|woff2|ttf|eot|otf|webp|avif|mp4|webm|ogg|mp3|wav|flac|aac|pdf|zip|tar|gz|bz2|rar|7z|doc|docx|xls|xlsx|ppt|pptx|txt)$
{
expires 30d;
access_log off;
}
# 禁止访问敏感文件
location ~* \.(ht|sh|sql|conf|env)$
{
deny all;
}
}
server
{
listen 80;
server_name www.domain.com
set $root_dir "/var/www/vhosts/www.v1.domain.com";
if ($cookie_userid = "112093")
{
set $root_dir "/var/www/vhosts/www.v2.domain.com";
}
root $root_dir;
index index.html index.htm;
access_log /var/log/nginx/access.log access;
error_log /var/log/nginx/error.log notice;
}
server
{
listen 80;
server_name websocket.domain.com;
access_log /var/log/nginx/api.domain.com.log access;
error_log /var/log/nginx/api.domain.com.err debug_http;
location /
{
content_by_lua_file '/usr/local/nginx/conf/lua/websocket.lua';
}
location /websocket
{
proxy_pass http://127.0.0.1:9502;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
server
{
listen 80;
server_name www.domain.com
set $group "v1";
if ($cookie_userid = "112093")
{
set $group "v2";
}
location /
{
proxy_pass http://$group;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-Port $remote_port;
proxy_set_header X-Remote-Addr $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
}
server
{
listen 80;
server_name www.domain.com;
root /var/www/www.domain.com;
access_log /var/log/nginx/www.domain.com.log access;
error_log /var/log/nginx/error.log debug_http;
charset utf-8;
autoindex off;
autoindex_exact_size off;
autoindex_localtime on;
location /
{
try_files $uri $uri/ @backend;
}
location @backend
{
rewrite /(.+)\.((s|x)?htm(l)?|do|json)$ /$1 break;
proxy_pass http://tomcat/www.domain.com/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-Port $remote_port;
proxy_set_header X-Remote-Addr $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header From $http_host;
proxy_cookie_path /www.domain.com /;
proxy_set_header Cookie $http_cookie;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
location ^~ /backend1
{
proxy_pass http://tomcat;
# /backend1/merchant -> /backend1/merchant
}
location ^~ /backend2(废弃)
{
proxy_pass http://tomcat/;
# /backend2/merchant -> //merchant
}
location ^~ /backend3/(废弃)
{
proxy_pass http://tomcat;
# /backend3/merchant -> /backend3/merchant
}
location ^~ /backend4/
{
proxy_pass http://tomcat/;
# /backend4/merchant -> /merchant
}
# 对根目录下的txt文件做特殊处理
location ^~ ^/([^/]+)\.txt$
{
}
# 文件不存在则转发到远程服务器,并将文件保存本地对应目录
location ^~ /book
{
try_files $uri @genpic;
}
location @genpic
{
proxy_pass http://images.domain.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-Port $remote_port;
proxy_set_header X-Remote-Addr $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
# 只在成功时触发回调
if($upstream_status = 200)
{
post_action @callback;
}
# 关键配置:保存响应到本地
proxy_store on;
proxy_store_access user:rw group:rw all:r;
# 设置保存路径(与 root 对应)
proxy_temp_path /var/www/tmp;
# 设置超时
proxy_connect_timeout 30s;
proxy_read_timeout 60s;
}
# 回调通知
location @callback
{
internal;
# 异步发送通知请求
proxy_pass http://images.domain.com/api/callback;
proxy_set_header Host $host;
proxy_set_header X-Original-URI $request_uri;
proxy_set_header X-Cache-Status $upstream_cache_status;
# 重要:不等待响应
proxy_ignore_client_abort on;
proxy_connect_timeout 3s;
proxy_read_timeout 3s;
}
location ~* \.(css|js|jpg|jpeg|png|gif|ico|svg|woff|woff2|ttf|eot|otf|webp|avif|mp4|webm|ogg|mp3|wav|flac|aac|pdf|zip|tar|gz|bz2|rar|7z|doc|docx|xls|xlsx|ppt|pptx|txt)$
{
expires 30d;
}
}2、正向代理配置
server
{
listen 80;
server_name www.domain.com;
resolver 114.114.114.114;
proxy_connect;
proxy_connect_allow 80 443;
proxy_connect_connect_timeout 10s;
proxy_connect_read_timeout 10s;
proxy_connect_send_timeout 10s;
location /
{
proxy_pass $scheme://$http_host$request_uri;
proxy_set_header Host $http_host;
# 其他代理设置
proxy_buffers 256 4k;
proxy_max_temp_file_size 0;
proxy_connect_timeout 30;
# 缓存设置(可选)
proxy_cache_valid 200 302 10m;
proxy_cache_valid 301 1h;
proxy_cache_valid any 1m;
}
}