Nginx配置

Nginx Configuration

Posted by Tony Chan on 2017-06-26

nginx在工作中已经有好几个环境在使用了,每次都是重新去网上扒博客,各种编译配置,今天自己也整理一份安装文档和nginx.conf配置选项的说明,留作以后参考。像负载均衡配置(包括健康检查)、缓存(包括清空缓存)配置实例,请参考 http://segmentfault.com/a/1190000002873747 ,ssl加密请参考 http://seanlook.com/2015/05/28/nginx-ssl/

Nginx常用配置


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
server {
listen 80;
server_name dev-admin.paascloud.net;
location / {
proxy_pass http://localhost:7020;
}

error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 80;
server_name dev-login.paascloud.net;
location / {
proxy_pass http://localhost:7010;
}

error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 80;
server_name dev-mall.paascloud.net;
location / {
proxy_pass http://localhost:7030;
}

error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 80;
server_name dev-api.paascloud.net;
location ~ {
proxy_pass http://localhost:7979;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}

增加nginx虚拟主机配置文件(conf.d)


新版本默认有 假如无的话

在原来文件/etc/nginx/nginx.conf 的http 块下加一句话就可以

1
include /etc/nginx/conf.d/*.conf;

root用户问题


众所周知,sshd_config是sshd的配置文件,其中PermitRootLogin可以限定root用户通过ssh的登录方式,如禁止登陆、禁止密码登录、仅允许密钥登陆和开放登陆,以下是对可选项的概括:

/etc/ssh/sshd_config

yes|允许|没有限制|没有限制
without-password|允许|除密码以外|没有限制
forced-commands-only|允许|仅允许使用密钥|仅允许已授权的命令
no|不允许|N/A|N/A

但是这样还是不安全

对单个文件开放权限算了

chmod 777 /etc/nginx/nginx.conf

Nginx配置文件的整体结构


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
user  nobody  nobody;
worker_processes 3;
error_log logs/error.log;
pid logs/nginx.pid;

events {
use epoll;
worker_connections 1024;
}


http {
include mime.types;
default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
sendfile on;
keepalive_timeout 65;

server {
listen 8088;
server_name codesheep;
access_log /codesheep/webserver/server1/log/access.log;
error_page 404 /404.html;

location /server1/location1 {
root /codesheep/webserver;
index index.server2-location1.htm;
}

location /server1/location2 {
root /codesheep/webserver;
index index.server2-location2.htm;
}

}

server {
listen 8089;
server_name 192.168.31.177;
access_log /codesheep/webserver/server2/log/access.log;
error_page 404 /404.html;

location /server2/location1 {
root /codesheep/webserver;
index index.server2-location1.htm;
}

location /srv2/loc2 {
alias /codesheep/webserver/server2/location2/;
index index.server2-location2.htm;
}

location = /404.html {
root /codesheep/webserver/;
index 404.html;
}

}

}

Nginx常见错误及处理方法


404 bad request


一般原因:请求的Header过大

解决方法:配置nginx.conf相关设置

1
2
client_header_buffer_size 16k;
large_client_header_buffers 4 64k;

500 Internal Server Rrror


一般原因:

用户名并没有修改 ubuntu 默认是www.daa 不存在用户名

脚本错误,(php语法错误、lua语法错误)

访问量过大,系统资源限制,不能打开过多文件

磁盘空间不足。(access log开启可能导致磁盘满溢 关闭)

1
2
3
worker_rlimit_nofile 65535;
* soft nofile 65535
* hard nofile 65535

Reference:

GitHub Repo:Tony Studio

Follow: CoderTonyCHan · GitHub