记一次nginx生产环境配置，以备后用

原创创建时间：2020-09-09 访问量：184 赞：0 踩：0

# nginx.conf  --  docker-openresty
#
# This file is installed to:
#   `/usr/local/openresty/nginx/conf/nginx.conf`
# and is the file loaded by nginx at startup,
# unless the user specifies otherwise.
#
# It tracks the upstream OpenResty's `nginx.conf`, but removes the `server`
# section and adds this directive:
#     `include /etc/nginx/conf.d/*.conf;`
#
# The `docker-openresty` file `nginx.vh.default.conf` is copied to
# `/etc/nginx/conf.d/default.conf`.  It contains the `server section
# of the upstream `nginx.conf`.
#
# See https://github.com/openresty/docker-openresty/blob/master/README.md#nginx-config-files
#

#user  nobody;
worker_processes  8;

# 添加并发数，与下面的worker_connections一起配置
worker_rlimit_nofile 655350;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  655350;
}

stream {
    
    upstream mysql_server {
        hash $remote_addr consistent;
        server 127.0.0.1:3306 weight=1 max_fails=1 fail_timeout=10s;
        server 127.0.0.1:3307 weight=1 max_fails=1 fail_timeout=10s;
    }
    
    server {
        listen 3309 so_keepalive=60s::;
        proxy_pass mysql_server;
    }
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    # See Move default writable paths to a dedicated directory (#119)
    # https://github.com/openresty/docker-openresty/issues/119
    
    client_body_temp_path /var/run/openresty/nginx-client-body;
    proxy_temp_path       /var/run/openresty/nginx-proxy;
    fastcgi_temp_path     /var/run/openresty/nginx-fastcgi;
    uwsgi_temp_path       /var/run/openresty/nginx-uwsgi;
    scgi_temp_path        /var/run/openresty/nginx-scgi;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;
	
    upstream bsp_backend {
        server 127.0.0.1:8080 weight=1 max_fails=1 fail_timeout=10s;
        server 127.0.0.1:8081 weight=1 max_fails=1 fail_timeout=10s;
        server 127.0.0.1:8082 weight=1 max_fails=1 fail_timeout=10s;
       # 提高并发连接速度
        keepalive 50;
    }
    
    upstream dataviz {
        server 127.0.0.1:5000 weight=1 max_fails=1 fail_timeout=10s;
        keepalive 50;
    }
    
    upstream bsp_strive {
        server 127.0.0.1:8281 weight=1 max_fails=1 fail_timeout=10s;
        keepalive 50;
    }
    
    server {
        listen       80;
        server_name  www.xxx.com;
        location / {
            rewrite ^(.*)$  https://$host$1 permanent;
        }
    }

    server {
        listen       80;
        server_name  bsp.xxx.com;
        location / {
            rewrite ^(.*)$  https://$host$1 permanent;
        }
    }

    server {
        listen 443 ssl;
        server_name  bsp.xxx.com;
        # ssl on;
        ssl_certificate   /opt/ssl/3989015__xxx.com.pem;
        ssl_certificate_key  /opt/ssl/3989015__xxx.com.key;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        
        location /complaint {
            root /usr/local/openresty/nginx/html;
            index index.html;
        }
        
        location /bsp-web {
            root /usr/local/openresty/nginx/html;
            index index.html;
        }
        
        location /bspn-web {
            root /usr/local/openresty/nginx/html;
            index index.html;
        }
        
        location /strive-web {
            root /usr/local/openresty/nginx/html;
            index index.html;
        }
        
        location /bsp-sys {
            proxy_pass http://bsp_backend;
            client_max_body_size 1024M;
            proxy_connect_timeout 3600s;
            proxy_send_timeout 3600s;
            proxy_read_timeout 3600s;
            proxy_buffer_size 64k;
            proxy_buffers 32 32k;
            proxy_busy_buffers_size 128k;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header REMOTE-HOST $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            # 下载两个配置提高并发数，防止高并发下nginx请求过早关闭。要保持长连接
            proxy_http_version 1.1;
            proxy_set_header Connection "";
        }
        
        location /dataviz {
            proxy_pass http://dataviz;
            client_max_body_size 1024M;
            proxy_connect_timeout 3600s;
            proxy_send_timeout 3600s;
            proxy_read_timeout 3600s;
            proxy_buffer_size 64k;
            proxy_buffers 32 32k;
            proxy_busy_buffers_size 128k;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header REMOTE-HOST $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_http_version 1.1;
            proxy_set_header Connection "";
        }
        
        location /strive {
            proxy_pass http://bsp_strive;
            client_max_body_size 1024M;
            proxy_connect_timeout 3600s;
            proxy_send_timeout 3600s;
            proxy_read_timeout 3600s;
            proxy_buffer_size 64k;
            proxy_buffers 32 32k;
            proxy_busy_buffers_size 128k;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header REMOTE-HOST $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_http_version 1.1;
            proxy_set_header Connection "";
        }
    }
    
    server {
        listen 443 ssl;
        server_name  www.xxx.com;
        # ssl on;
        ssl_certificate   /opt/ssl/3989015__xxx.com.pem;
        ssl_certificate_key  /opt/ssl/3989015__xxx.com.key;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        
        location / {
            root /usr/local/openresty/nginx/html;
            index index.html;
        }
    }

}

上一篇：nginx访问量大时会出现网络连接失败的解决方案

更多关于nginx配置文件请访问：

单击查询

相关资源列表：

nginx缓存无效有缓存文件存在但任然访问后台怎么配置都没有用

配置文件的使用

openresty nginx location 配置详解

基于XML的Spring配置文件引入多个子配置文件

记一次nginx生产环境配置，以备后用

MySQL的配置文件详细介绍

如何查看nginx Docker镜像的dockerfile文件中内容?

直播系统开发：基于Nginx与Nginx-rtmp-module.pdf