nginx学习记录|nginx配置文件相关 nginx学习记录|nginx

原始的配置文件内容

#usernobody; worker_processes1; #error_loglogs/error.log; #error_loglogs/error.lognotice; #error_loglogs/error.loginfo; #pidlogs/nginx.pid; events { worker_connections1024; }http { includemime.types; default_typeapplication/octet-stream; #log_formatmain'$remote_addr - $remote_user [$time_local] "$request" ' #'$status $body_bytes_sent "$http_referer" ' #'"$http_user_agent" "$http_x_forwarded_for"'; #access_loglogs/access.logmain; client_max_body_size 200m; sendfileon; #tcp_nopushon; #keepalive_timeout0; keepalive_timeout65; #gzipon; server { listen80; server_namelocalhost; #charset koi8-r; #access_loglogs/host.access.logmain; location / { roothtml; indexindex.html index.htm; }#error_page404/404.html; # redirect server error pages to the static page /50x.html # error_page500 502 503 504/50x.html; location = /50x.html { roothtml; }# proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { #proxy_passhttp://127.0.0.1; #}# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { #roothtml; #fastcgi_pass127.0.0.1:9000; #fastcgi_indexindex.php; #fastcgi_paramSCRIPT_FILENAME/scripts$fastcgi_script_name; #includefastcgi_params; #}# deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { #denyall; #} }# another virtual host using mix of IP-, name-, and port-based configuration # #server { #listen8000; #listensomename:8080; #server_namesomenamealiasanother.alias; #location / { #roothtml; #indexindex.html index.htm; #} #}# HTTPS server # #server { #listen443 ssl; #server_namelocalhost; #ssl_certificatecert.pem; #ssl_certificate_keycert.key; #ssl_session_cacheshared:SSL:1m; #ssl_session_timeout5m; #ssl_ciphersHIGH:!aNULL:!MD5; #ssl_prefer_server_cipherson; #location / { #roothtml; #indexindex.html index.htm; #} #}}

可在http{}中任意一行（不影响其他代码）添加 include /etc/nginx/conf.d/*.conf;

例如在server{}前添加include /etc/nginx/conf.d/*.conf;

http { includemime.types; default_typeapplication/octet-stream; #log_formatmain'$remote_addr - $remote_user [$time_local] "$request" ' #'$status $body_bytes_sent "$http_referer" ' #'"$http_user_agent" "$http_x_forwarded_for"'; #access_loglogs/access.logmain; client_max_body_size 200m; sendfileon; #tcp_nopushon; #keepalive_timeout0; keepalive_timeout65; #gzipon; #引入外部配置文件 include /etc/nginx/conf.d/*.conf; server { listen80; server_namelocalhost; ...（省略后续代码）

即引用外部配置文件，无需再原本的配置文件中进行设置，只需要在配置的/etc/nginx/conf.d/
添加对应的配置文件，命名格式需要与*.conf格式一致，例如：api.conf，多个项目可建立多个配置文件（同时监听80端口）
server_name 指定前端访问域名，前端使用对应域名访问时（前提是需要域名解析的是对应的公网ip服务器或者你的计算机），则优先使用对应配置文件

upstream mtomcat{#ip_hash; server 127.0.0.1:8090; }server { listen80; server_namem.rchat.com.cn; #charset koi8-r; #access_loglogs/host.access.logmain; location / { proxy_pass http://mtomcat/waysion_medical_backend; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; }location /waysion_medical_backend { proxy_pass http://mtomcat/waysion_medical_backend; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; }location /uploadFiles { proxy_pass http://mtomcat/uploadFiles; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; }error_page500 502 503 504/50x.html; location = /50x.html { roothtml; }#location ~ \.php$ { #proxy_passhttp://127.0.0.1; #}}

---------------------------------------------------------------------------------------------------------------------------------
备注：
worker_processes1; worker 进程数
配置文件中的 worker 进程数，一般会设置成机器 cpu 核数
更多的worker 数，只会导致进程相互竞争 cpu，从而带来不必要的上下文切换。
events中可优化位置：

events { use epoll; worker_connections1024; }

反向代理和负载均衡：

upstream mysvr { server 127.0.0.1:7878 server 192.168.10.121:3333 }

location /userapi{ #配置路径 proxy_pass http://mysvr/userapi; #正确获取getRequestURL的值 proxy_redirect off; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; }

#是否是解决nginx time_wait连接过多的配置不确定。 proxy_http_version 1.1; proxy_set_header Connection ""; #在proxy_pass中添加对应的keepalive upstream http_backend { server 127.0.0.1:8080; keepalive 16; }

---------------------------------------------------------------------------------------------------------------------------------
Nginx 导致后台time_wait连接过多的问题：
原因：nginx在负载均衡的时候采取短连接机制，并且主动断开连接？
问题不大，但是可能导致端口占用过多而无法启动新的tcp连接
优化系统参数

vi /etc/sysctl.conf
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse=1 #让TIME_WAIT状态可以重用，这样即使TIME_WAIT占满了所有端口，也不会拒绝新的请求造成障碍默认是0
net.ipv4.tcp_tw_recycle=1 #让TIME_WAIT尽快回收默认0
net.ipv4.tcp_fin_timeout=30
/sbin/sysctl -p 让修改生效

net.ipv4.tcp_tw_recycle=1 #让TIME_WAIT尽快回收默认0在线上不建议开启，会导致NAT内的部分连接被拒绝
1. MSL 由来
发起连接关闭方回复最后一个fin 的ack，为避免对方ack 收不到、重发的或还在中间路由上的fin 把新连接给丢掉了，等个2MSL（linux 默认2min）。
也就是连接有谁关闭的那一方有time_wait问题，被关那方无此问题。
2. reuse、recycle
【nginx学习记录|nginx配置文件相关】通过timestamp的递增性来区分是否新连接，新连接的timestamp更大，那么保证小的timestamp的 fin 不会fin掉新连接，不用等2MSL。
3. reuse
通过timestamp 递增性，客户端、服务器能够处理outofbind fin包
4. recycle
对于服务端，同一个src ip，可能会是NAT后很多机器，这些机器timestamp递增性无可保证，服务器会拒绝非递增请求连接。