nginx.conf配置详解知识点
个人修改后:
#user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; upstream serverDispense{ #server 127.0.0.1:8080 weight=70; server 192.168.13.22:8080 weight=70; server 127.0.0.1:8090 weight=30; #server 192.168.13.22:8080; #server 192.168.13.21:8090; } server { listen 80; server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; location / { root html; index index.html index.htm; proxy_pass http://serverDispense; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server # #server { # listen 443 ssl; # server_name localhost; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #} }配置框架:
http { upstream { ... } server { location URL { root "/path/to/somedir"; ... } # 类似于httpd中的<Location>,用于定义URL与本地文件系统的映射关系; location URL { if ...{ ... } } } # 每个server类似于httpd中的一个<VirtualHost>; server { ... } } 注意:与httpd相关的指令仅能放置于http、server/location、upstream、if上下文,但有些指令仅应用于这5种上下文中的某种。 1. server {} 定义一个虚拟主机; 示例: server { listen 8080; server_name www.itwuyi.com; root "/myproject/web"; } 2. listen 指定监听的地址和端口: listen address[:port]; listen port; 3. server_name NAME [...]; 后可跟多个主机;名称还可以使用正则表达式(~)或通配符; (1)先做精确匹配检查: (2)左侧通配符匹配检查: *.itwuyi.com (3) 右侧通配符匹配检查;如mail.* (4)正则表达式匹配检查: 如~^.*\.itwuyi\.com$ (5) default_server; server { server_name www.itwuyi.com; } server { server_name *.itwuyi.com; } server { server_name mail.*; } 4. root path; 设置资源路径映射;用于指明请求的URL所对应的资源所在的文件系统上的起始路径; 5. location [ = | ~* | ^~] uri {} location @name {} 功能: 允许根据用户请求的URI来匹配定义的各location;匹配到时,此请求将被相应的location配置块中的配置所处理,例如 做访问控制等功能 =:精确匹配 ~:正则表达式模式匹配检查,区分字符大小写; ~*:正则表达式模块匹配检查,不区分字符大小写; ^~: URI的前半部分匹配,不检查正则表达式 匹配的优先级:精确匹配(=)、^~、~、~*、不带任何符号的location server { listen 80; server_name www.itwuyi.com; location / { root "/myproject/web"; } location /images/ { root "/myproject/images"; } location ~* \.php$ { fcgipass } } 6. alias path; 用于location配置段,定义路径别名 location /images/ { root "/myproject/web"; } http://www.itwuyi.com/images/a.jpg <-- /myproject/web/images/a.jpg location /images/ { alias "/www/pictures"; } http://www.itwuyi.com/images/a.jpg <-- /www/pictures/a.jpg 注意: root表示指明路径为对应的location "/" URL;alias表示路径映射,即location指令后定义的URL是相对于alias所指明的路径而言; 7.index file; 默认主页面; index index.php index.html; 8. error_page code [...] [=code] URI | @name 根据http响应状态码来指明特用的错误页面; error_page 404 /404_customed.html [=code]:以指定的响应吗进行响应,而不是默认的原来的响应;默认表示以新资源的响应吗为其响应吗 9. 基于IP的访问控制 allow IP/Network; deny IP/Network; 10. 基于用户的访问控制 basic, digest; auth_basic ""; auth_basic_user_file ".PATH/TO/PASSWORD_FILE" 账号密码文件建议使用htpasswd来创建 11. https服务 生成私钥,获得证书签署请求,并获得证书; #server { # listen 443 ssl; # server_name localhost; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #} 12. stub_status {on|off}; 仅能用于location上下文; location /status { stub_status on; allow 192.168.1.0/24; deny all; } 结果示例: Active connections:6 # 当前所有处于打开状态的连接数 server accepts handled requests 241 241 431 # 已经接受的连接,已经处理过的连接,已经处理过的请求数;在“保持连接”模式下,请求数量可能会多余连接数量 Reading: 0 Writing: 1 Waiting: 5 # Reading: 正处于接收请求状态的连接数; # Writing: 请求已经接收完成,正处于处理请求或响应的过程中的连接数 # Waiting: 保持连接模式,且处于活动状态的连接数 13. rewrite regex replacement flag; 例如: rewrite ^/images/(.*\.jpg)$ /imgs/$1 break; http://www.itwuyi.com/images/a/b/c/1.jpg --> /imgs/a/b/c/1.jpg flag: last: 此rewrite规则重写完成后,不再被后面其他的rewrite规则进行处理;而是由User Agent重新对重写后的URL再一次发起请求,并从头开始执行类似的过程 break:一旦此rewrite规则重写完成后,由User Agent对新的URL重新发起请求,且不再会被当前loation内的任何rewrite规则检查 redirect:以302响应码(临时重定向)返回新的URL; permanent:以301响应码(永久重定向)返回新的URL 14. if 语法: if (condition) {...} 应用环境: server, location condition: (1)变量名; 变量值为空串,或者以“0”开始,则为false;其他均为true (2)以变量为操作数构成的比较表达式 可使用=,!=类似的比较操作符进行测试 (3)正则表达式的模式匹配操作 ~: 区分大小写的模式匹配检查 ~*: 不区分大小写的模式匹配检查 !~和!~*:对上面两种测试取反 (4)测试路径为文件可能性: -f, !-f (5) 测试指定路径为目录的可能性: -d, !-d (6)测试文件的存在性:-e,!-e (7)检查文件是否有执行权限:-x,!-x 例如: if ($http_user_agent ~* MSIE) { rewrite ^(.*)$ /msie/$1 break; } 15. 防盗链 location ~* \.(jpg|gif|jpeg|png)$ { valid_referer none blocked www.itwuyi.com; if ($invalid_referer){ rewrite ^/ http://www.itwuyi.com/403.html; } } 16. 定制访问日志格式 log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log logs/access.log main; 注意: 此处可用变量为nginx各模块内建变量;