记一次nginx生产环境配置,以备后用

原创 创建时间:2020-09-09 访问量:88 赞:0 踩:0
# nginx.conf  --  docker-openresty
#
# This file is installed to:
#   `/usr/local/openresty/nginx/conf/nginx.conf`
# and is the file loaded by nginx at startup,
# unless the user specifies otherwise.
#
# It tracks the upstream OpenResty's `nginx.conf`, but removes the `server`
# section and adds this directive:
#     `include /etc/nginx/conf.d/*.conf;`
#
# The `docker-openresty` file `nginx.vh.default.conf` is copied to
# `/etc/nginx/conf.d/default.conf`.  It contains the `server section
# of the upstream `nginx.conf`.
#
# See https://github.com/openresty/docker-openresty/blob/master/README.md#nginx-config-files
#

#user  nobody;
worker_processes  8;

# 添加并发数,与下面的worker_connections一起配置
worker_rlimit_nofile 655350;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  655350;
}

stream {
    
    upstream mysql_server {
        hash $remote_addr consistent;
        server 127.0.0.1:3306 weight=1 max_fails=1 fail_timeout=10s;
        server 127.0.0.1:3307 weight=1 max_fails=1 fail_timeout=10s;
    }
    
    server {
        listen 3309 so_keepalive=60s::;
        proxy_pass mysql_server;
    }
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    # See Move default writable paths to a dedicated directory (#119)
    # https://github.com/openresty/docker-openresty/issues/119
    
    client_body_temp_path /var/run/openresty/nginx-client-body;
    proxy_temp_path       /var/run/openresty/nginx-proxy;
    fastcgi_temp_path     /var/run/openresty/nginx-fastcgi;
    uwsgi_temp_path       /var/run/openresty/nginx-uwsgi;
    scgi_temp_path        /var/run/openresty/nginx-scgi;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;
	
    upstream bsp_backend {
        server 127.0.0.1:8080 weight=1 max_fails=1 fail_timeout=10s;
        server 127.0.0.1:8081 weight=1 max_fails=1 fail_timeout=10s;
        server 127.0.0.1:8082 weight=1 max_fails=1 fail_timeout=10s;
       # 提高并发连接速度
        keepalive 50;
    }
    
    upstream dataviz {
        server 127.0.0.1:5000 weight=1 max_fails=1 fail_timeout=10s;
        keepalive 50;
    }
    
    upstream bsp_strive {
        server 127.0.0.1:8281 weight=1 max_fails=1 fail_timeout=10s;
        keepalive 50;
    }
    
    server {
        listen       80;
        server_name  www.xxx.com;
        location / {
            rewrite ^(.*)$  https://$host$1 permanent;
        }
    }

    server {
        listen       80;
        server_name  bsp.xxx.com;
        location / {
            rewrite ^(.*)$  https://$host$1 permanent;
        }
    }

    server {
        listen 443 ssl;
        server_name  bsp.xxx.com;
        # ssl on;
        ssl_certificate   /opt/ssl/3989015__xxx.com.pem;
        ssl_certificate_key  /opt/ssl/3989015__xxx.com.key;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        
        location /complaint {
            root /usr/local/openresty/nginx/html;
            index index.html;
        }
        
        location /bsp-web {
            root /usr/local/openresty/nginx/html;
            index index.html;
        }
        
        location /bspn-web {
            root /usr/local/openresty/nginx/html;
            index index.html;
        }
        
        location /strive-web {
            root /usr/local/openresty/nginx/html;
            index index.html;
        }
        
        location /bsp-sys {
            proxy_pass http://bsp_backend;
            client_max_body_size 1024M;
            proxy_connect_timeout 3600s;
            proxy_send_timeout 3600s;
            proxy_read_timeout 3600s;
            proxy_buffer_size 64k;
            proxy_buffers 32 32k;
            proxy_busy_buffers_size 128k;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header REMOTE-HOST $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            # 下载两个配置提高并发数,防止高并发下nginx请求过早关闭。要保持长连接
            proxy_http_version 1.1;
            proxy_set_header Connection "";
        }
        
        location /dataviz {
            proxy_pass http://dataviz;
            client_max_body_size 1024M;
            proxy_connect_timeout 3600s;
            proxy_send_timeout 3600s;
            proxy_read_timeout 3600s;
            proxy_buffer_size 64k;
            proxy_buffers 32 32k;
            proxy_busy_buffers_size 128k;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header REMOTE-HOST $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_http_version 1.1;
            proxy_set_header Connection "";
        }
        
        location /strive {
            proxy_pass http://bsp_strive;
            client_max_body_size 1024M;
            proxy_connect_timeout 3600s;
            proxy_send_timeout 3600s;
            proxy_read_timeout 3600s;
            proxy_buffer_size 64k;
            proxy_buffers 32 32k;
            proxy_busy_buffers_size 128k;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header REMOTE-HOST $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_http_version 1.1;
            proxy_set_header Connection "";
        }
    }
    
    server {
        listen 443 ssl;
        server_name  www.xxx.com;
        # ssl on;
        ssl_certificate   /opt/ssl/3989015__xxx.com.pem;
        ssl_certificate_key  /opt/ssl/3989015__xxx.com.key;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        
        location / {
            root /usr/local/openresty/nginx/html;
            index index.html;
        }
    }

}
评论
 我想说:
==已经到底了==
关注: 粉丝: 积分:
工联信息网
如有问题请致邮箱:need@glxxw2018.com(仅限本站无法查询到的资料);本站能够查询到的资料请关注“工联信息网”公众号,通过页面提供的资源码查询!
不良信息反馈及侵权投诉建议请致邮箱:accusation@glxxw2018.com