本文共 5644 字，大约阅读时间需要 18 分钟。

Nginx?????????????

??Nginx??????

Nginx?????????????????????????HTTP?TCP?UDP?????????????????????????Nginx??????5????????????????????????

?????????

????????????????????Nginx???????????

?????????????????????Nginx??????

??Nginx????

1. ?????

mkdir /soft/nginx && cd /soft/nginx

wget https://nginx.org/download/nginx-1.21.6.tar.gz

yum -y install wget gcc pcre-devel zlib-devel openssl openssl-devel

2. ?????

tar -xzf nginx-1.21.6.tar.gz

cd nginx-1.21.6./configure --prefix=/soft/nginx

make && make install

3. ??????

??/soft/nginx/conf/nginx.conf?

listen 80;server_name 192.168.0.1;location / {    root html;    index index.html index.htm index.jsp index.ftl;    proxy_pass http://nginx_boot;    proxy_set_header Host $host;    proxy_set_header X-Real-IP $remote_addr;    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;}

4. ??Nginx

????????

sbin/nginx -c conf/nginx.confps aux | grep nginx

??Nginx????????

????

??Spring Boot?????Nginx????

@Controllerpublic class IndexNginxController {    @Value("${server.port}")    private String port;    @RequestMapping("/")    public ModelAndView index() {        ModelAndView model = new ModelAndView();        model.addObject("port", port);        model.setViewName("index");        return model;    }}

????index.ftl?

???????????????${port}??

Nginx???

upstream nginx_boot {    server 192.168.0.1:8080 weight=100 max_fails=2 fail_timeout=30s;    server 192.168.0.2:8090 weight=200 max_fails=2 fail_timeout=30s;}server {    listen 80;    server_name 192.168.0.1;    location / {        root html;        proxy_pass http://nginx_boot;    }}

??Nginx????

??????????

??????????????????????????????????100+?????????????????Nginx???????????????

????

mkdir static_resources

location ~ .*\.(html|htm|gif|jpg|jpeg|bmp|png|ico|txt|js|css) {    root static_resources;    expires 7d;}

??Nginx????

????

?nginx.conf???Gzip???

http {    gzip on;    gzip_types text/plain application/javascript text/css application/xml text/javascript image/jpeg image/gif image/png;    gzip_comp_level 5;    gzip_vary on;    gzip_buffers 16 8k;    gzip_disable "MSIE [1-6]";}

????

??????JS?????

# ??????230KB# ??????69KB

??Nginx???

????

??????Nginx??????CPU??????????

client_body_buffer_size 512k;proxy_buffers 4 64k;proxy_buffer_size 16k;proxy_busy_buffers_size 128k;proxy_temp_path /soft/nginx/temp_buffer;

????

• proxy_temp_path???????????????
• proxy_temp_file_write_size????????????

??Nginx????

????

proxy_cache_path /soft/nginx/cache levels=1:2 keys_zone=hot_cache:128m inactive=3d max_size=2g;

proxy_cache_valid 200 206 304 301 302 1d;proxy_cache_valid any 30m;proxy_cache_min_uses 3;

????

?????????ngx_cache_purge????????????????

??Nginx??IP????

????

# ???deny 192.177.12.222;deny 192.177.44.201;deny 127.0.0.0/8;# ???allow 192.177.12.222;allow 192.177.44.201;allow 127.45.0.0/16;deny all;

include /soft/nginx/IP/BlocksIP.conf;

??Nginx????

????

?nginx.conf??

location / {    add_header 'Access-Control-Allow-Origin' '*';    add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT';    add_header 'Access-Control-Allow-Headers' '*';    add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';    if ($request_method = 'OPTIONS') {        add_header 'Access-Control-Max-Age' 1728000;        add_header 'Content-Type' 'text/plain; charset=utf-8';        add_header 'Content-Length' 0;        return 204;    }}

??Nginx?????

????

??????location??

location ~ .*\.(html|htm|gif|jpg|jpeg|bmp|png|ico|txt|js|css) {    valid_referers blocked 192.168.12.129;    if ($invalid_referer) {        return 403;    }    root static_resources;    expires 7d;}

????

• valid_referers???????????????
• ?????????ngx_http_accesskey_module??????????

??????????

????

client_max_body_size 10m;client_header_timeout 10;proxy_read_timeout 120;proxy_send_timeout 10;

sendfile on;

???Nginx??SSL??

????

??????????

• .crt??????
• .key?????
• .pem???????

????

??nginx.conf?

server {    listen 443;    server_name www.xxx.com;    ssl on;    ssl_certificate /soft/nginx/certificate/xxx.pem;    ssl_certificate_key /soft/nginx/certificate/xxx.key;    ssl_session_timeout 5m;    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;    ssl_prefer_server_ciphers on;}

???Nginx??????

Keepalived + ????

wget https://www.keepalived.org/software/keepalived-2.2.4.tar.gztar -xzf keepalived-2.2.4.tar.gzcd keepalived-2.2.4./configure --prefix=/soft/keepalivedmake && make install

global_defs {    router_id 192.168.12.129;}vrrp_instance VI_1 {    state MASTER;    interface ens33;    virtual_router_id 121;    priority 100;    nopreempt;    advert_int 1;    authentication {        auth_type PASS;        auth_pass 1111;    }    track_script {        script "/soft/scripts/keepalived/check_nginx_pid_restart.sh";    }    virtual_ipaddress {        192.168.12.111;    }}

#!/bin/shnginx_number=`ps -C nginx --no-header | wc -l`if [ $nginx_number -eq 0 ]; then    /soft/nginx/sbin/nginx -c /soft/nginx/conf/nginx.conf    sleep 1    if [ `ps -C nginx --no-header | wc -l` -eq 0 ]; then        systemctl stop keepalived.service    fifi

???Nginx????

?????

upstream nginx_boot {    keepalive 32;    keepalived_requests 100;    keepalive_timeout 60s;}

sendfile on;

worker_cpu_affinity auto;

worker_connections 10240;

worker_rlimit_nofile 20000;

??????????Nginx????????????????????????????????????????

转载地址：http://oqcfk.baihongyu.com/