Linux运维之路


nginx站点配置文件

admin 2019-10-27 73浏览 0条评论
首页/正文
分享到: / / / /
#cpu亲和力优化
worker_processes auto;
worker_cpu_affinity 01 10;
worker_rlimit_nofile 65535;
##aio池
thread_pool leilei threads=32;

events {
    use epoll;
    worker_connections  10240;
    accept_mutex on;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;

    log_not_found off;
#隐藏版本号
    server_tokens  off;

#日志定义
log_format aaa '$remote_addr - $remote_user [$time_local]'
                    '"$request" $status $body_bytes_sent'
                    '"$http_referer" "$http_user_agent"';

# OCSP Stapling
        ssl_stapling on;
        ssl_stapling_verify on;
        resolver 223.5.5.5 223.6.6.6 valid=60s;
        resolver_timeout 2s;

#反代tomcat
upstream leilei {
    server 127.0.0.1:8080;
}

#跳转
server {
        listen       80;
        server_name  www.chenleilei.net chenleilei.net;
        rewrite ^(.*)$ https://$host$1 permanent;
        }
				
#默认server
   server {
        listen 443 ssl http2 default_server;
        server_name  www.chenleilei.net chenleilei.net;
#aio应用
        aio threads=leilei;
#ssl配置 A+认证
        ssl_certificate /application/nginx/ssl_nginx/1_www.chenleilei.net_bundle.crt;
        ssl_certificate_key /application/nginx/ssl_nginx/2_www.chenleilei.net.key;
        ssl_session_timeout 5m;
        ssl_session_cache shared:SSL:10m;
        ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:10m;

#基于http2的主动推送
        http2_push /style.css;
        http2_push /layui.css;
        http2_push /templates/perfree-simple-pro/static/plugins/layui/css/layui.css;
        http2_push /application/tomcat/webapps/jpress/myssl-id.png;
        http2_push /ad/ali_210-377.png;
        http2_push /ad/xinyonghu_345x200.jpg;
        http2_push /ad/热门云产品3折起-1139068027fba560a97d2d5eb11dac318c067059.jpg;

#严格传输 A+认证
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";

#新增header头 A+认证
  add_header Strict-Transport-Security max-age=63072000;
  add_header X-Frame-Options DENY;
  add_header X-Content-Type-Options nosniff;


#日志优化
 access_log /application/nginx/logs/access_81.log aaa buffer=64k flush=1m;
 open_log_file_cache max=1500 inactive=60s min_uses=2 valid=1m;

#gzip优化
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml image/gif image/png font/woff2 image/jpeg;

        location / {
#反代
         proxy_pass http://leilei;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
         }

#防盗链配置
 location ~ .*\.(jpg|gif|bmp|png)$ {
     valid_referers none blocked ~\.chenleilei\. ~chenleilei.net\.  server_names ~\.google\. ~google\.  ~baidu\. ~\.baidu\. ~\.bing.com\. ~bing.com\. ~\.sougou\. ~sougou\.;
     if ($invalid_referer) {
       # return 403;
        rewrite ^/ https://www.chenleilei.net/daolian.jpg;
      }
        proxy_pass http://127.0.0.1:8080;
  }

#动静分离配置
#       location ~ ^/(images|javascript|js|css|flash|media|static)/ {
#               root /application/tomcat/webapps/jpress/;
#               #过期3天,静态文件不怎么更新
#               expires 3d;
#       }

        location = /50x.html {
            root   html;
        }

}
最后修改:2019-10-27 14:47:48 © 著作权归作者所有
如果觉得我的文章对你有用,请随意赞赏
扫一扫支付

上一篇

发表评论

评论列表

还没有人评论哦~赶快抢占沙发吧~