本文汇总了我在工作中经常用到的nginx配置，适用于大部分的运维场景

1.日志格式配置

在http模块下，有json格式和竖线分割格式，具体在服务中使用哪种格式，只需要在access_log 最后添加对应的格式名称

    log_format json '{ "@timestamp": "$time_iso8601", "remote_addr": "$remote_addr","body_bytes_sent": "$body_bytes_sent", '                     '"request_time": $request_time,"status": $status,"upstream_response_time": $upstream_response_time, '                     '"upstream_addr": "$upstream_addr","request": "$request","request_method": "$request_method", '                     '"http_referer": "$http_referer","body_bytes_sent":$body_bytes_sent,"http_x_forwarded_for": "$http_x_forwarded_for", '                     '"http_x_real_ip": "$http_x_real_ip", "http_user_agent": "$http_user_agent" }';    log_format split '"$time_iso8601"|"$remote_addr"|"$upstream_addr"|$status|$request_time|'                    '$upstream_response_time|"$body_bytes_sent"|"$request"|"$request_method"|'                    '"$http_referer"|"$http_x_forwarded_for"|"$http_x_real_ip"|"$http_user_agent"';

2.静态文件压缩

具体压缩效果可以在浏览器调试模式中的网络中看到，比如实际文件大小为1M，在浏览器开发模式-网络中显示下载大小为500k，即代表文件压缩成功

http {    gzip on;      gzip_min_length 1k;      gzip_buffers 4 16k;      gzip_http_version 1.1;      gzip_comp_level 5;      gzip_vary on;      output_buffers 4 32k;    gzip_types text/css text/xml application/x-javascript image/x-ms-bmp application/x-httpd-php image/jpeg image/gif image/png;    gzip_proxied   any;     gzip_disable msie6;｝

3.常规的负载均衡

本配置支持后端健康检查,主要是在后端真实节点不可用时，请求不会转发到故障节点，故障节点恢复后，请求正常转发，nginx需要安装nginx_upstream_check_module模块，tengine自带该模块，无需在自行安装

upstream oss_web  {    server 127.0.0.1:8056;    server 127.0.0.1:8057;    keepalive 8;    check interval=3000 rise=1 fall=2 timeout=1000 type=http;    check_http_send "GET /index.html HTTP/1.0\r\n\r\n";    check_http_expect_alive http_2xx http_3xx;}server {    listen       8000;    server_name  ;    location / {        root   html;        proxy_pass  ;    }}

4.域名动态解析加缓存

本例是我公司访问某地图获取地理位置的配置，因为根据经纬度查询到的具体位置短时间内不会发生变化，于是把内容缓存下来，节省费用

http {proxy_cache_path /tmp/nginx levels=1:2 keys_zone=imooc_cache:10m max_size=5g inactive=60m use_temp_path=off;}server {    listen 80;    server_name  restapi.teses.com;    charset utf-8;    access_log  logs/restapi.teses.com.access.log main;    error_log  logs/restapi.teses.com.error.log;    location / {        resolver 8.8.8.8 114.114.114.114 valid=600s;        set $backend ";;        proxy_pass $backend;        proxy_cache imooc_cache;        proxy_cache_valid 200 1800s;        proxy_cache_valid any 10s;        proxy_cache_key $host$uri$is_args$args;    }}备注:inactive应该需要设置的比valid中时间长

5.跨域配置

location / {  add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS'; add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization'; if ($request_method = 'OPTIONS') { return 204; }}

6.正向代理模式

就是局域网中的用户通过网关做代理访问外部的网络，浏览器代理配置推荐Proxy SwitchyOmega

    server {        listen       8080;        location / {                proxy_pass $scheme://$http_host$request_uri;        }    }

7.代理指定的域名

适用于用户访问的地址和实际的后端节点访问地址不同的场景，比如节点只能通过某域名访问，但是客户不使用相同的域名也能访问

server {    listen 8000;    server_name kbe.get.com;    location /api {    proxy_pass ;    proxy_http_version 1.1;    proxy_set_header Upgrade $http_upgrade;    proxy_set_header Connection "upgrade";    proxy_set_header Host kube.app.com;  #kube.app.com    }}

8.防盗链

#图片防盗链location ~ .*\.(wma|wmv|asf|mp3|mmf|zip|rar|jpg|gif|png|swf|flv)$ {     valid_referers none blocked *.zhkdl.com zhkdl.com;     if ($invalid_referer) {     #rewrite ^/ ;     return 403;      }}#目录防盗链location /img/ {    root /data/img/;    valid_referers none blocked *.zhkdl.com zhkdl.com;    if ($invalid_referer) {                   rewrite  ^/  ;                   #return   403;    }}#文件下载防盗链./configure --add-module=path/to/nginx-accesskeyserver{     location /download {         accesskey             on;        accesskey_hashmethod  md5;        accesskey_arg         "key";        accesskey_signature   "mypass$remote_addr";    } }

9.nginx systemd配置

tee /etc/systemd/system/nginx.service  <<-"EOF"[Unit]Description=The nginx HTTP and reverse proxy serverAfter=network.target remote-fs.target nss-lookup.target[Service]Type=forkingLimitCORE=infinityLimitNOFILE=655350LimitNPROC=655350PIDFile=/usr/local/nginx/logs/nginx.pidExecStartPre=/usr/bin/rm -f /usr/local/nginx/logs/nginx.pidExecStartPre=/usr/local/nginx/sbin/nginx -tExecStart=/usr/local/nginx/sbin/nginxExecReload=/bin/kill -s HUP $MAINPIDKillSignal=SIGQUITTimeoutStopSec=5KillMode=processPrivateTmp=true[Install]WantedBy=multi-user.targetEOF