经过优化,打开速度明显提升
worker_processes auto;
worker_cpu_affinity 0101 1010;
worker_rlimit_nofile 65535;
worker_priority -20;
pid /application/nginx/logs/nginx.pid;
error_log /var/log/nginx/error.log notice;
thread_pool leilei threads=32;
events {
use epoll;
worker_connections 100000;
multi_accept on;
accept_mutex on;
accept_mutex_delay 1ms;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
log_not_found off;
#隐藏版本号
server_tokens off;
#proxy cache缓存
proxy_cache_path /nginx/cache keys_zone=my_cache:10m levels=1:2 max_size=10g inactive=60m use_temp_path=off;
log_format aaa '$remote_addr - $remote_user [$time_local]'
'"$request" $status $body_bytes_sent'
'"$http_referer" - "$http_x_forwarded_for" - "$http_user_agent"';
#gzip优化
gzip on;
gzip_min_length 500;
gzip_buffers 4 256k;
gzip_http_version 1.1;
gzip_comp_level 5;
gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml application/xml+rss;
gzip_vary on;
gzip_proxied expired no-cache no-store private auth;
gzip_disable "MSIE [1-6]\.";
# OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on;
resolver 223.5.5.5 223.6.6.6 valid=60s;
resolver_timeout 2s;
upstream leilei {
zone backend 64k;
#ip_hash;
server 127.0.0.1:8080 max_fails=10;
keepalive 128;
keepalive_requests 100;
keepalive_timeout 45s;
}
server {
listen 80;
server_name www.chenleilei.net chenleilei.net;
rewrite ^(.*)$ https://$host$1 permanent;
}
server {
listen 443 ssl http2 default_server;
server_name www.chenleilei.net chenleilei.net;
aio threads=leilei;
ssl_certificate /application/nginx/ssl_nginx/1_www.chenleilei.net_bundle.crt;
ssl_certificate_key /application/nginx/ssl_nginx/2_www.chenleilei.net.key;
ssl_session_timeout 5m;
#这是对会话进行缓存,每次新用户访问需要重新建立会话,消耗CPU,添加缓存后可以减少CPU消耗
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
http2_push /style.css;
http2_push /layui.css;
http2_push /templates/perfree-simple-pro/static/plugins/layui/css/layui.css;
http2_push /application/tomcat/webapps/jpress/myssl-id.png;
http2_push /ad/ali_210-377.png;
http2_push /ad/xinyonghu_345x200.jpg;
http2_push /ad/热门云产品3折起-1139068027fba560a97d2d5eb11dac318c067059.jpg;
#严格传输
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
#新增
add_header Strict-Transport-Security max-age=63072000;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
#xss保护
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
#日志优化
# access_log /application/nginx/logs/access_81.log aaa buffer=64k flush=1m;
# open_log_file_cache max=1500 inactive=60s min_uses=2 valid=1m;
access_log /application/nginx/logs/access_82.log aaa buffer=1m;
location / {
#测试
server_name_in_redirect off;
#测试
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
proxy_cache_key $host:$server_port$request_uri;
proxy_cache_valid 200 304 1h;
proxy_cache_valid any 1m;
proxy_cache my_cache;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_pass http://leilei;
#测试
proxy_ignore_client_abort on;
#测试
#访问策略:
#deny 117.186.242.158;
allow 0.0.0.0/0;
}
#状态查看配置
location /status {
stub_status on;
access_log logs/status.log;
auth_basic "status";
# auth_basic_user_file ../pass;
}
location = /50x.html {
root html;
}
}
}
最后修改:2020-03-06 02:56:43
© 著作权归作者所有
如果觉得我的文章对你有用,请随意赞赏
扫一扫支付
发表评论