Nginx 常用配置模板
一、全局配置结构:
user www-data; # 指定运行用户
worker_processes auto; # 自动设置为CPU核心数
pid /run/nginx.pid; # PID文件路径
events {
worker_connections 1024; # 每个进程最大连接数
}
http {
include mime.types; # MIME类型映射
default_type application/octet-stream;
nginx复制编辑
sendfile on; # 高效文件传输 tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; # 长连接超时 server_tokens off; # 隐藏版本信息 gzip on; # 开启Gzip压缩 gzip_disable "msie6"; gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; include /etc/nginx/conf.d/*.conf;
}
二、静态站点配置:
server {
listen 80;
server_name example.com www.example.com;
nginx复制编辑
root /var/www/html; index index.html index.htm; access_log /var/log/nginx/example_access.log main; error_log /var/log/nginx/example_error.log warn; location / { try_files $uri $uri/ =404; } error_page 404 /404.html; error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; }
}
三、HTTPS 配置及 HTTP 跳转:
server {
listen 80;
server_name example.com www.example.com;
return 301 https://$host$request_uri; # 强制跳转HTTPS
}
server {
listen 443 ssl http2;
server_name example.com www.example.com;
nginx复制编辑
ssl_certificate /etc/ssl/certs/example.pem; ssl_certificate_key /etc/ssl/private/example.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; root /var/www/html; index index.html index.htm; location / { try_files $uri $uri/ =404; }
}
四、反向代理配置(适用于Node、Python、Java等):
server {
listen 80;
server_name api.example.com;
nginx复制编辑
location / { proxy_pass http://127.0.0.1:3000; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; }
}
五、负载均衡配置:
http {
upstream backend {
server 192.168.1.10:8080 weight=3;
server 192.168.1.11:8080;
}
nginx复制编辑
server { listen 80; server_name loadbalance.example.com; location / { proxy_pass http://backend; proxy_set_header Host $host; } }
}
调度算法:
默认轮询(round-robin)
ip_hash(按客户端IP)
least_conn(最少连接数)
weight 权重(如 weight=3)
六、静态资源缓存优化:
location ~* .(jpg|jpeg|png|gif|ico|css|js)$ {
expires 30d;
access_log off;
add_header Cache-Control "public";
}
七、安全限制:
location ~ /. {
deny all;
}
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
server {
location /api/ {
limit_req zone=one burst=5;
proxy_pass http://127.0.0.1:3000;
}
}
八、跨域配置(接口支持 CORS):
location /api/ {
add_header Access-Control-Allow-Origin ;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
add_header Access-Control-Allow-Headers ;
nginx复制编辑
if ($request_method = OPTIONS) { return 204; } proxy_pass http://127.0.0.1:5000;
}
九、WebSocket 支持:
location /ws/ {
proxy_pass http://localhost:6001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
十、性能优化建议:
打开文件限制提升
worker_rlimit_nofile 65535;事件连接优化
events {
worker_connections 65535;
multi_accept on;
}启用 HTTP/2(443端口)
listen 443 ssl http2;静态与动态资源分离
Nginx 服务静态文件,应用服务处理动态请求控制日志级别
生产环境设置 error 或 warn,减少磁盘压力
十一、重载与测试命令:
nginx -t # 检查配置语法
nginx -s reload # 热重载配置
systemctl restart nginx # 重启服务
Comment