Nginx 配置
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
#upstream Microservice{
# server 127.0.0.1:5191;
# server 127.0.0.1:5190;
#}
upstream myserver{
#默认是轮询
#最小连接数 least_conn;
#weight权重 server 127.0.0.1:5255 weight=1;
#根据ip经过hash后的结果进行分配,这样每个ip只能固定访问一个服务 ip_hash
#fair 按照请求时长、页面大小智能化分配请求 需要下载nginx-upstream-fair
#失败重试
#fail_timeout:时间段内计数失败次数
#max_fails:需要fail_timeout时间段统计的失败次数
#两个参数说明:在5秒时间段时,处理请求失败2次,则标记为不可用状态
#重要的一点说明:fail_timeout还有一个作用,标记为不可用状态的节点,在等待5秒后,
#会被尝试分配一个请求过来以便检测是否恢复可用状态!!!
#默认使用轮询节点分配请求
#max_fails默认=1,fail_timeout默认=10s;
# 5秒内2次失败 重试
#server 127.0.0.1:5255 weight=1 max_fails=2 fail_timeout=5s;
#backup 备份 server 127.0.0.1:5256 backup;
#backup和ip_hash无法同时使用 ip_hash不支持backup指令。
#least_conn;
least_conn;
server 127.0.0.1:5255 max_fails=2 fail_timeout=5s;
server 127.0.0.1:5256 max_fails=2 fail_timeout=5s;
server 127.0.0.1:5257 backup;
}
#限流 通过模块 ngx_http_limit_conn_module
#$server_name=server_name 这种是对服务器端进行限流 zone 是字典存储缓存空间 perserver 为10M大小
#limit_conn perserver 2; #只允许2个并发请求到后端 缺陷如果有个客户端(黑客)一次发送1万个请求导致 其他客户端无法请求
#limit_conn_zone $server_name zone=perserver:10m;
#对客户端进行限流 用binary_remote_addr
#limit_conn_zone $binary_remote_addr zone=perserver:10m; 这种方式 有一个缺陷
#如果 是1万个客户端每个客户端发送一个请求 就是同时有1万个请求 到达服务端,此时可能存在宕机风险所以要采用平滑限流
#对服务端限流
#limit_conn_zone $server_name zone=perserver:10m;
#对客户端限流
#limit_conn_zone $binary_remote_addr zone=perserver:10m;
#平滑限流 使用的 是limit_req_zone 增加了rate=2r/s; 解释 1秒处理2个请求 如果 同时有个10个请求
#那么就是1000毫秒除以10个请求 就是100毫秒 处理1个请求 将时间分片处理请求
limit_req_zone $binary_remote_addr zone=addr:10m rate=2r/s;
#代理缓存
proxy_cache_path D:/nginx-1.17.8/cache/nginx/ levels=1:2 keys_zone=mycache:64m;
server {
listen 8371;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
# 将http重定向到https
if ($scheme = http ) {
return 301 https://$host:4435$request_uri;
}
location / {
proxy_cache mycache;
proxy_pass http://myserver;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_cache_methods GET HEAD;
proxy_cache_revalidate on;
proxy_cache_valid 200 302 10m;
proxy_cache_valid 404 1m;
proxy_cache_valid any 1m;
proxy_cache_min_uses 1;
proxy_cache_use_stale error timeout invalid_header http_500 http_502 http_503 http_504;
#limit_conn perserver 2; #只允许2个并发请求到后端
limit_req zone=addr burst=5 nodelay;#平滑限流 burst是令牌桶直接取出5个 不加nodelay是不去令牌桶拿令牌 直接请求
#突发流量控制
#假如按上面例子限制 2r/s,但有时正常流量突然增大,超出的请求将会被拒绝,无法处理突发流量,
#我们可以在以上配置中加入burst 参数来解决该问题
#proxy_pass http://Microservice;
#proxy_pass http://127.0.0.1;
#proxy_pass http://myserver;
#proxy_pass http://127.0.0.1;
}
location ~ \.(ico|js|css|png|jpg|mp4)$ {
root D:/wwwroot;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
#使用include增加 https 配置
include https.conf;
}
#4层反向代理
stream {
server {
listen 13306;
proxy_connect_timeout 1s;
proxy_timeout 3s;
proxy_pass localhost:3306;
}
upstream mysql {
server localhost:3306;
}
}
server {
listen 4435 ssl;
server_name localhost;
ssl_certificate D:/nginx-1.17.8/certs/server-cert.pem;
ssl_certificate_key D:/nginx-1.17.8/certs/server-key.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
location / {
proxy_pass http://myserver;
}
location ~ \.(ico|js|css|png|jpg|mp4)$ {
root D:/wwwroot;
}
}
初始 配置文件
#user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; server { listen 80; server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; location / { root html; index index.html index.htm; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root html; # index index.html index.htm; # } #} # HTTPS server # #server { # listen 443 ssl; # server_name localhost; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { # root html; # index index.html index.htm; # } #} }
浙公网安备 33010602011771号