Nginx核心配置-作为上传服务器配置
作者:尹正杰
版权声明:原创作品,谢绝转载!否则将追究法律责任。
一.关键参数说明
client_max_body_size 1m;
设置允许客户端上传单个文件的最大值,默认值为1m,推荐值500M
client_body_buffer_size size;
用于接收每个客户端请求报文的body部分的缓冲区大小;默认16k;超出此大小时,其将被暂存到磁盘上的由下面client_body_temp_path指令所定义的位置。推荐之2048k
client_body_temp_path path [level1 [level2 [level3]]];
设定存储客户端请求报文的body部分的临时存储路径及子目录结构和数量,目录名为16进制的数字,使用hash之后的值从后往前截取1位、2位、2位作为文件名:
二.上传服务器参数配置案例
1>.修改主配置文件(在主配置的httpd标签中定义后,会对所有server标签生效,包括加载进来的server标签哟,这样如果有多个虚拟主机需要上传功能,我们只需要在主配置文件配置一份即可)
[root@node101.yinzhengjie.org.cn ~]# cat /yinzhengjie/softwares/nginx/conf/nginx.conf
worker_processes 4;
worker_cpu_affinity 00000001 00000010 00000100 00001000;
events {
worker_connections 100000;
use epoll;
accept_mutex on;
multi_accept on;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
gzip on;
charset utf-8;
#当文件大于等于给定大小时,同步(直接)写磁盘,而非写缓存。
directio 4m;
#上传文件相关参数
client_max_body_size 10m;
client_body_buffer_size 16k;
client_body_temp_path /yinzhengjie/data/web/nginx/temp 1 2 2;
#禁用IE系列的长连接,默认就是禁用了IE的长连接功能.
keepalive_disable msie6;
#开启长连接后,返回客户端的会话保持时间为60s,单次长连接累计请求达到指定次数请求或65秒就会被断开,后面的60为发送给客户端应答报文头部中显示的超时时间设置为60s:如不设置
客户端将不显示超时时间。 keepalive_timeout 65 60;
#在一次长连接上所允许请求的资源的最大数量
keepalive_requests 3;
#导入其他路径的配置文件
include /yinzhengjie/softwares/nginx/conf.d/*.conf;
}
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# nginx -t
nginx: the configuration file /yinzhengjie/softwares/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /yinzhengjie/softwares/nginx/conf/nginx.conf test is successful
[root@node101.yinzhengjie.org.cn ~]#
2>.修改子配置文件
[root@node101.yinzhengjie.org.cn ~]# vim /yinzhengjie/softwares/nginx/conf.d/share.conf
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# cat /yinzhengjie/softwares/nginx/conf.d/share.conf
server {
listen 80;
server_name node101.yinzhengjie.org.cn;
location / {
root /yinzhengjie/data/web/nginx/static;
index index.html;
}
location /download {
root /yinzhengjie/data/web/nginx;
autoindex on;
autoindex_exact_size on;
autoindex_localtime on;
limit_rate 10k;
}
location /upload {
root /yinzhengjie/data/web/nginx;
#排除GET方法外,其它方法均可以在当前localtion使用,而且我们只允许172.30.1.108节点来访问。
limit_except GET {
allow 172.30.1.108;
deny all;
}
}
}
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# nginx -t
nginx: the configuration file /yinzhengjie/softwares/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /yinzhengjie/softwares/nginx/conf/nginx.conf test is successful
[root@node101.yinzhengjie.org.cn ~]#
3>.创建数据目录
[root@node101.yinzhengjie.org.cn ~]# mkdir /yinzhengjie/data/web/nginx/upload #该目录需要自动手动创建出来
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# ll /yinzhengjie/data/web/nginx/ #使用nginx -t命令时会自动创建client_body_temp_path所对应的目录
total 4
drwxr-xr-x 2 root root 166 Dec 17 14:54 download
-rw-r--r-- 1 root root 43 Dec 17 13:04 index.html
drwxr-xr-x 3 root root 51 Dec 17 13:08 login
drwxr-xr-x 2 root root 44 Dec 17 12:54 static
drwx------ 2 nginx root 6 Dec 17 15:24 temp
drwxr-xr-x 2 root root 6 Dec 17 15:26 upload
[root@node101.yinzhengjie.org.cn ~]#
4>.重新加载nginx的配置文件
[root@node101.yinzhengjie.org.cn ~]# ps -ef | grep nginx | grep -v grep
root 2840 1 0 09:37 ? 00:00:00 nginx: master process nginx
nginx 5023 2840 0 14:48 ? 00:00:00 nginx: worker process
nginx 5024 2840 0 14:48 ? 00:00:00 nginx: worker process
nginx 5025 2840 0 14:48 ? 00:00:00 nginx: worker process
nginx 5026 2840 0 14:48 ? 00:00:00 nginx: worker process
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# nginx -s reload
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]# ps -ef | grep nginx | grep -v grep
root 2840 1 0 09:37 ? 00:00:00 nginx: master process nginx
nginx 5477 2840 7 16:10 ? 00:00:00 nginx: worker process
nginx 5478 2840 9 16:10 ? 00:00:00 nginx: worker process
nginx 5479 2840 10 16:10 ? 00:00:00 nginx: worker process
nginx 5480 2840 11 16:10 ? 00:00:00 nginx: worker process
[root@node101.yinzhengjie.org.cn ~]#
[root@node101.yinzhengjie.org.cn ~]#
5>.IP地址为172.30.1.101的节点上传文件到web服务器
[root@node101.yinzhengjie.org.cn ~]# curl -XPUT /etc/passwd http://node101.yinzhengjie.org.cn/upload #由于nginx只允许172.30.1.108节点可以使用所有方法(GET方法除外),当前IP地址被nginx拒绝了 curl: (3) <url> malformed <html> <head><title>403 Forbidden</title></head> <body bgcolor="white"> <center><h1>403 Forbidden</h1></center> <hr><center>nginx/1.14.2</center> </body> </html> [root@node101.yinzhengjie.org.cn ~]#
5>.IP地址为172.30.1.108的节点上传文件到web服务器
[root@node108.yinzhengjie.org.cn ~]# curl -XPUT /etc/passwd http://node101.yinzhengjie.org.cn/upload #Nginx已经允许当前节点上传数据,但是程序未支持上传功能。 curl: (3) <url> malformed <html> <head><title>405 Not Allowed</title></head> <body bgcolor="white"> <center><h1>405 Not Allowed</h1></center> <hr><center>nginx/1.14.2</center> </body> </html> [root@node108.yinzhengjie.org.cn ~]#