LINUX

nginx关于服务静态文件的配置

日期:2015/6/28来源: IT猫扑网

  我们的目标是配置一个服务最快且cpu/io利用最有效的服务器,更重要的是一个安全的web服务器,下面的配置文件适用于最新版nginx

  写道

  #######################################################

  ### Calomel.org /etc/nginx.conf BEGIN

  #######################################################

  #

  pid /var/run/nginx.pid;

  user nginx nginx;

  worker_processes 2;

  events {

  worker_connections 1024;

  }

  http {

  ## MIME types

  include mime.types;

  # types {

  # image/gif gif;

  # image/jpeg jpg;

  # image/png png;

  # image/bmp bmp;

  # image/x-icon ico;

  # text/css css;

  # text/html html;

  # text/plain bob;

  # text/plain txt;

  }

  default_type application/octet-stream;

  ## Size Limits

  client_body_buffer_size 8k;

  client_header_buffer_size 1k;

  client_max_body_size 1k;

  large_client_header_buffers 1 1k;

  ## Timeouts

  client_body_timeout 5;

  client_header_timeout 5;

  keepalive_timeout 5 5;

  send_timeout 5;

  ## General Options

  ignore_invalid_headers on;

  limit_zone gulag $binary_remote_addr 1m;

  recursive_error_pages on;

  sendfile on;

  server_name_in_redirect off;

  server_tokens off;

  ## TCP options

  tcp_nodelay on;

  tcp_nopush on;

  ## Compression

  gzip on;

  gzip_static on;

  gzip_buffers 16 8k;

  gzip_comp_level 9;

  gzip_http_version 1.0;

  gzip_min_length 0;

  gzip_types text/plain text/html text/css image/x-icon image/bmp;

  gzip_vary on;

  ## Log Format

  log_format main '$remote_addr $host $remote_user [$time_local] "$request" '

  '$status $body_bytes_sent "$http_referer" "$http_user_agent" "$gzip_ratio"';

  ## Deny access to any host other than (www.)mydomain.com

  server {

  server_name _; #default

  return 444;

  }

  ## Server (www.)mydomain.com

  server {

  access_log /var/log/nginx/access.log main buffer=32k;

  error_log /var/log/nginx/error.log info;

  expires 31d;

  limit_conn gulag 5;

  listen 127.0.0.1:8080 rcvbuf=64k backlog=128;

  root /disk01/htdocs;

  server_name mydomain.com www.mydomain;

  ## SSL Options (only enable if you use a SSL certificate)

  # ssl on;

  # ssl_certificate /ssl_keys/mydomain.com_ssl.crt;

  # ssl_certificate_key /ssl_keys/mydomain_ssl.key;

  # ssl_ciphers HIGH:!ADH:!MD5;

  # ssl_prefer_server_ciphers on;

  # ssl_protocols SSLv3;

  # ssl_session_cache shared:SSL:1m;

  # ssl_session_timeout 5m;

  ## Only allow GET and HEAD request methods

  if ($request_method !~ ^(GET|HEAD)$ ) {

  return 444;

  }

  ## Deny illegal Host headers

  if ($host !~* ^(mydomain.com|www.mydomain.com)$ ) {

  return 444;

  }

  ## Deny certain User-Agents (case insensitive)

  ## The ~* makes it case insensitive as opposed to just a ~

  if ($http_user_agent ~* (Baiduspider|Jullo) ) {

  return 444;

  }

  ## Deny certain Referers (case insensitive)

  ## The ~* makes it case insensitive as opposed to just a ~

  if ($http_referer ~* (babes|click|diamond|forsale|girl|jewelry|love|nudit|organic|poker|porn|poweroversoftware|sex|teen|video|webcam|zippo) ) {

  return 444;

  }

  ## Redirect from www to non-www

  if ($host = 'www.mydomain.com' ) {

  rewrite ^/(.*)$ https://mydomain.com/$1 permanent;

  }

  ## Stop Image and Document Hijacking

  location ~* (\.jpg|\.png|\.css)$ {

  if ($http_referer !~ ^(https://mydomain.com) ) {

  return 444;

  }

  }

  ## Restricted Access directory

  location ^~ /secure/ {

  allow 127.0.0.1/32;

  allow 10.10.10.0/24;

  deny all;

  auth_basic "RESTRICTED ACCESS";

  auth_basic_user_file /var/www/htdocs/secure/access_list;

  }

  ## Only allow these file types to document root

  location / {

  if ($request_uri ~* (^\/|\.html|\.jpg|\.org|\.png|\.css|favicon\.ico|robots\.txt)$ ) {

  break;

  }

  return 444;

  }

  ## Serve an empty 1x1 gif _OR_ an error 204 (No Content) for favicon.ico

  location = /favicon.ico {

  #empty_gif;

  return 204;

  }

  ## System Maintenance (Service Unavailable)

  if (-f $document_root/system_maintenance.html ) {

  error_page 503 /system_maintenance.html;

  return 503;

  }

  ## All other errors get the generic error page

  error_page 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417

  500 501 502 503 504 505 /error_page.html;

  location /error_page.html {

  internal;

  }

  }

  }

  #

  #######################################################

  ### Calomel.org /etc/nginx.conf END

  #######################################################

  2. nginx关于对后端服务器的反向代理配置

  有三个后端服务,一个为web内容服务,一个是论坛服务,一个为文件服务。

  当一个请求来时,nginx代理服务器其查看url把请求定向到相应的服务器,这个配置也缓冲文件服务的内容,但是论坛的和数据下载的内容就不缓存了,这个配置也使用了压缩,更好的节省内存

  写道

  #######################################################

  ### Calomel.org /etc/nginx.conf BEGIN

  #######################################################

  pid /var/run/nginx.pid;

  user nginx nginx;

  worker_processes 10;

  events {

  worker_connections 1024;

  }

  http {

  ## MIME types

  #include /etc/nginx_mime.types;

  default_type application/octet-stream;

  ## Size Limits

  client_body_buffer_size 128K;

  client_header_buffer_size 128K;

  client_max_body_size 1M;

  large_client_header_buffers 1 1k;

  ## Timeouts

  client_body_timeout 60;

  client_header_timeout 60;

  expires 24h;

  keepalive_timeout 60 60;

  send_timeout 60;

  ## General Options

  ignore_invalid_headers on;

  keepalive_requests 100;

  limit_zone gulag $binary_remote_addr 5m;

  recursive_error_pages on;

  sendfile on;

  server_name_in_redirect off;

  server_tokens off;

  ## TCP options

  tcp_nodelay on;

  tcp_nopush on;

  ## Compression

  gzip on;

  gzip_buffers 16 8k;

  gzip_comp_level 6;

  gzip_http_version 1.0;

  gzip_min_length 0;

  gzip_types text/plain text/css image/x-icon application/x-perl application/x-httpd-cgi;

  gzip_vary on;

  ## Log Format

  log_format main '$remote_addr $host $remote_user [$time_local] "

相关文章

相关下载

网友评论

我要评论...
    没有更早的评论了
    取消