nginx配置文件生产环境优化
主配置文件:
/etc/nginx/nginx.conf
# 全局配置优化
user nginx;
worker_processes auto;
worker_cpu_affinity auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
# 事件处理模型优化
events {
worker_connections 10240;
use epoll;
multi_accept on;
}
# HTTP核心配置优化
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
# 日志配置
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
# 性能优化
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
keepalive_requests 100;
# 压缩优化(删除重复的text/javascript)
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 5;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types # 已移除重复的text/javascript
text/css
application/javascript # 保留application/javascript
application/json
text/xml
application/xml
application/xml+rss
image/svg+xml; # Vue项目常用的SVG资源
# 客户端请求限制
client_max_body_size 10m;
client_body_buffer_size 128k;
# 引入子配置(server块)
include /etc/nginx/conf.d/*.conf;
}子配置文件:
/etc/nginx/conf.d/default.conf
# 虚拟主机配置
server {
listen 80;
server_name localhost;
server_tokens off;
# 安全头加固(确保所有响应携带)
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
# 根路径配置(入口文件 index.html)
location / {
root /usr/share/nginx/html;
index index.html;
try_files $uri $uri/ /index.html;
# 入口文件不缓存,确保获取最新版本
add_header Cache-Control "no-cache, no-store, must-revalidate" always;
add_header Pragma "no-cache" always;
}
# 带哈希的静态资源(适配“文件名-哈希.扩展名”格式)
# 哈希规则:Vite 生成的 base64 字符集(A-Za-z0-9-_)
location ~* ^.+-[A-Za-z0-9-_]+\.(js|css|ico|svg|png|jpg|jpeg|gif)$ {
root /usr/share/nginx/html;
# 长期缓存(1年),标记资源不可变(哈希变化即失效)
add_header Cache-Control "public, immutable, max-age=31536000" always;
add_header ETag "" always; # 禁用ETag,减少验证请求
}
# 不带哈希的静态资源(如未哈希的图片、ico等)
location ~* \.(js|css|ico|svg|png|jpg|jpeg|gif)$ {
root /usr/share/nginx/html;
# 短缓存(1小时),平衡缓存与更新
add_header Cache-Control "public, max-age=3600" always;
}
# 反向代理:backend服务
location /backend/ {
proxy_pass http://host:port/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 30s;
proxy_send_timeout 30s;
proxy_read_timeout 60s;
proxy_buffering on;
proxy_buffer_size 16k;
proxy_buffers 4 64k;
proxy_busy_buffers_size 128k;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
# 错误页配置
error_page 404 /404.html;
location = /404.html {
root /usr/share/nginx/html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
浙公网安备 33010602011771号