nginx常见配置


  1. nginx.conf accept_mutex # 对多个Nginx进程接受连接进行序列化,防止多个进程对连接的争抢
  2. ssl_ca http -> https

    server {
     listen 80;
     server_name www.test.com;
     return 301 https://$host$request_uri
     or
     rewrite ^ https://$server_name_$request_uri permanent;
  3. https证书配置

    http { ...

    server {
     listen              443 ssl;
     keepalive_timeout   70;
    
     ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
     ssl_ciphers         AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
     ssl_certificate     /usr/local/nginx/conf/cert.pem;
     ssl_certificate_key /usr/local/nginx/conf/cert.key;
     ssl_session_cache   shared:SSL:10m;
     ssl_session_timeout 10m;
     ...

    }

    缺少相关模块,需要重新configure、make、make install

    nginx: [emerg] the "ssl" parameter requires ngx_http_ssl_module in /usr/local/nginx/conf/nginx.conf:117 信号

    nginx -g QUIT #平缓停止 kill -HUP cat /usr/local/nginx/log/nginx.pid #平滑重启 Nginx -g USR2 #平滑升级 location匹配规则

  4. nginx防DDOS limit_req_zone $binary_remote_addr zone=one:10m rate=10r/m burst=20 nodelay; limit_conn_zone $binary_remote_addr zone=addr:10m;

    limit_req zone=one;
     limit_conn addr 10;
  5. 防止一些糟糕配置 root 应该放到server指令内,不要放到location指令内 index应该放到http指令内,不要放到server指令内 尽量避免使用if和rewrite,改用try_files和return