# 用户组,也可以使用root用户 #user nobody; # 与服务器核心数量一致,一般现在电脑内核4核8线程,8核16线程,如果CPU的使用率大,可以设置成内核*2,进程则会有多个worker worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; # 进程号保存地址 #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; # 日志格式 main 访问地址,时间,浏览器等信息 #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; # 全局日志保存地址,也可以在server里面单独配置 #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; server { # 监听端口 listen 80; # 服务名称 server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; # 拦截规则,拦截跳转地址 location / { root html; index index.html index.htm; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ .php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ .php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server # #server { # listen 443 ssl; # server_name localhost; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #} }
日志分割
我们实际应用中,可能会对日志进行分析,若日志全部在一个文件中,不方便我们进行分析,需要进行拆分
#user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; keepalive_timeout 65; server { listen 80; server_name localhost; if ($time_iso8601 ~ "^(d{4})-(d{2})-(d{2})T(d{2}):(d{2}):(d{2})") { set $year $1; set $month $2; set $day $3; set $hour $4; set $minutes $5; set $seconds $6; } access_log logs/$year-$month-$day-$hour-$minutes-$seconds-access.log main; location / { root html; index index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } }
以上配置为了测试配置的是每秒产生一个日志,可以根据需求改成每天,注意把logs文件夹的所有权限打开,不然可能会报产生文件无权限的错误
反向代理
理解反向代理之前首先我们要理解什么是正向代理
正向代理代理的是客户端,是位于客户端和原始服务器之间的服务器,客户端向代理服务器发送请求,然后代理服务器将请求转交给原始服务器。
而反向代理则是代理的服务端,也就是实现分布式部署,客户端发送请求,nginx接收到后,按照一定规则分发给后端业务处理器。
反向代理配置一般配置server{}这一部分。
location
location = pattern {} 精准匹配
location / pattern {} 一般匹配
location ~ pattern {} 正则匹配
样例:rewrite
server { listen 1234; server_name 10.32.16.195; location /goods { # 访问地址符合正则表达式则重定向页面 rewrite "goods-{d[1,5]}.html" /goods-ctrl.html; root html; index test.html; } }
样例:proxy
location /springboot { # header传入真实IP proxy_set_header X-real-ip $remote_addr proxy_pass http://10.32.16.179:8089;
}
样例:静态资源配置
location ~ .*.(js|css|jpg|jpeg|gif|png|ico|pdf|txt)$ { proxy_pass http://10.32.16.179:8089; }
负载均衡
三种方式:轮询(默认)、权重、ip_hash
轮询:
ngnix依次将请求发送至后台
upstream tomcatserver1 { server 192.168.72.49:8080; server 192.168.72.49:8081; } server { listen 80; server_name 8080.max.com; #charset koi8-r; #access_log logs/host.access.log main; location / { proxy_pass http://tomcatserver1; index index.html index.htm; } }
权重:
down:不参与负载均衡
weight:权重越大负载越大
max_fails:最大请求错误次数,超过这个值则返回proxy_next_upstream模块定义的错误
fail_timeout:超过max_fails后,暂停的时间
backup:其他所有非backup机器繁忙的时候,请求它,这台机器的压力最小
upstream myServer { server 192.168.72.49:9090 down; server 192.168.72.49:8080 weight=2 max_fails=2 fail_timeout=30; server 192.168.72.49:7070 backup; }
ip_hash
每个请求会根据IP的hash值来分配,保证每个访客固定访问一个后端服务,这种方式虽然解决了session共享问题,但严格来说并不属于负载均衡,且如果一台tomcat挂了,则这台服务器的所有用户就要重新再登入一次。
现在大部分工程都使用的jwt,避免了session共享的问题,所以还是用权重模式比较好。
upstream tomcatserver1 {
ip_hash; server 192.168.72.49:8080; server 192.168.72.49:8081; }