nginx一些有用的配置

发布于 作者:

1.防止svn代码外漏

location ~* \.svn/ { deny all; }
location ~* ^/resin-admin/ { deny all; }

2.reload时出现proxy_headers_hash_max_size过小的错误提示

之前我们由于主机头过多,在nginx主配置添加了

server_names_hash_max_size 2048;
server_names_hash_bucket_size 128;

但是这两个针对的是域名。这个proxy_headers_hash_max_size错误是我在添加了proxy_set_header之后出现的错误,说明这一部分的容量目前也不足了,添加以下两条解决

proxy_headers_hash_max_size 1024;
proxy_headers_hash_bucket_size 128;

3.tengine的主动健康检测

check interval=1000 rise=2 fall=5 timeout=1000 type=http;
check_http_send "GET /ok.jsp HTTP/1.0\r\n\r\n";
check_http_expect_alive http_2xx http_3xx http_5xx;

4.反向代理或多层代理透传真实用户IP

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

5.一个典型的fastcgi调用php的配置

server {
    server_name xxx.com;
    index index.php;
    root  /var/www/;
    access_log /home/logs/nginx/xxx.com.access.log main;
    error_log  /home/logs/nginx/xxx.com.log error;
    include  gzip.conf;

    location ~* \.php$ {
        include   fastcgi.conf;
        fastcgi_index  index.php;
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_connect_timeout 3;
        fastcgi_send_timeout 3;
        fastcgi_read_timeout 3;
   }
}

6.反向代理失败自动重试

proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

#需要注意此项目设置会在故障时造成不可预期的雪崩效应。另外,此配置写在nginx主配置中全局生效,而单独vhosts中可以写off关闭,覆盖全局配置,局部关闭此功能。

7.简单的acl,防止后台被非法访问

#acl.conf放置于nginx的conf目录下,写入allow一些允许的IP,最后一个deny all即可。

location ~* /admin/    {include acl.conf; proxy_pass http://xxx;}