Config on Rickyhttps://9855cc0f.linzeyan.pages.dev/zh-tw/tags/config/Recent content in Config on RickyHugo -- gohugo.iozh-twFri, 19 Nov 2021 14:35:58 +0800Nginx 筆記https://9855cc0f.linzeyan.pages.dev/zh-tw/posts/2021/20211119-nginx/Fri, 19 Nov 2021 14:35:58 +0800https://9855cc0f.linzeyan.pages.dev/zh-tw/posts/2021/20211119-nginx/<h1 id="紀錄-nginx-設定檔及說明">紀錄 Nginx 設定檔及說明</h1> <h2 id="檔案結構">檔案結構</h2> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>. </span></span><span style="display:flex;"><span>├── geoip.conf </span></span><span style="display:flex;"><span>├── nginx.conf </span></span><span style="display:flex;"><span>├── sites-available </span></span><span style="display:flex;"><span>│ ├── default.conf </span></span><span style="display:flex;"><span>├── sites-enabled </span></span><span style="display:flex;"><span>│ ├── default.conf -&gt; ../sites-available/default.conf </span></span><span style="display:flex;"><span>├── upstream.conf </span></span></code></pre></div><h3 id="geoipconf">geoip.conf</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#75715e">## module: ngx_http_geoip2_module </span></span></span><span style="display:flex;"><span><span style="color:#75715e">## https://github.com/leev/ngx_http_geoip2_module </span></span></span><span style="display:flex;"><span><span style="color:#75715e">## 讀取 GeoIP 資料庫,並進行變數設定 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span><span style="color:#66d9ef">geoip2</span> <span style="color:#e6db74">/usr/share/GeoIP/GeoLite2-Country.mmdb</span> { </span></span><span style="display:flex;"><span> <span style="color:#f92672">auto_reload</span> <span style="color:#ae81ff">60m</span>; </span></span><span style="display:flex;"><span> <span style="color:#f92672">$geoip2_metadata_country_build</span> <span style="color:#e6db74">metadata</span> <span style="color:#e6db74">build_epoch</span>; </span></span><span style="display:flex;"><span> <span style="color:#75715e">## 自定義 $geoip2_data_country_code 值為 $remote_addr 對應的 ISO 3116 規範的國碼 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">$geoip2_data_country_code</span> <span style="color:#e6db74">source=</span>$remote_addr <span style="color:#e6db74">country</span> <span style="color:#e6db74">iso_code</span>; </span></span><span style="display:flex;"><span> <span style="color:#75715e">## 自定義 $geoip2_data_country_name 值為對應的英文城市名 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">$geoip2_data_country_name</span> <span style="color:#e6db74">country</span> <span style="color:#e6db74">names</span> <span style="color:#e6db74">en</span>; </span></span><span style="display:flex;"><span>} </span></span></code></pre></div><h3 id="upstreamconf">upstream.conf</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#75715e">## module: ngx_http_upstream_module </span></span></span><span style="display:flex;"><span><span style="color:#75715e">## 定義 server 組別 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span><span style="color:#66d9ef">upstream</span> <span style="color:#e6db74">to_nodejs1</span> { </span></span><span style="display:flex;"><span> <span style="color:#75715e">## server address [parameters]; 定義 server </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#75715e">## parameters: </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#75715e">## weight=number 定義權重,預設為 1 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#75715e">## max_fails=number 設定到 upstream server 的最大重試次數,預設為 1 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#75715e">## fail_timeout=time 設定到達 max_fails 次數之後,暫停向此 upstream server 傳送請求的時間,預設為 10 秒 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#75715e">## backup 標記此 upstream server 為備用,當其他 upstream server 不可用時,此 upstream server 可接受請求 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#75715e">## down 標記此 upstream server 為不可用 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">server</span> 10.7.0.12:<span style="color:#ae81ff">90</span> <span style="color:#e6db74">max_fails=3</span> <span style="color:#e6db74">fail_timeout=5s</span>; </span></span><span style="display:flex;"><span> <span style="color:#f92672">server</span> 10.7.0.12:<span style="color:#ae81ff">91</span> <span style="color:#e6db74">max_fails=3</span> <span style="color:#e6db74">fail_timeout=5s</span> <span style="color:#e6db74">backup</span>; </span></span><span style="display:flex;"><span>} </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#66d9ef">upstream</span> <span style="color:#e6db74">to_nodejs2</span> { </span></span><span style="display:flex;"><span> <span style="color:#f92672">server</span> 10.7.0.12:<span style="color:#ae81ff">92</span> <span style="color:#e6db74">max_fails=3</span> <span style="color:#e6db74">fail_timeout=5s</span>; </span></span><span style="display:flex;"><span> <span style="color:#f92672">server</span> 10.7.0.12:<span style="color:#ae81ff">93</span> <span style="color:#e6db74">max_fails=3</span> <span style="color:#e6db74">fail_timeout=5s</span> <span style="color:#e6db74">backup</span>; </span></span><span style="display:flex;"><span>} </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#66d9ef">upstream</span> <span style="color:#e6db74">to_nodejs95</span> { </span></span><span style="display:flex;"><span> <span style="color:#f92672">server</span> 10.7.0.12:<span style="color:#ae81ff">95</span> <span style="color:#e6db74">max_fails=3</span> <span style="color:#e6db74">fail_timeout=5s</span>; </span></span><span style="display:flex;"><span>} </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e">## module: ngx_http_map_module </span></span></span><span style="display:flex;"><span><span style="color:#75715e">## map string $variable { ... } 建立一個新的變數 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span><span style="color:#66d9ef">map</span> $arg_agent $game_api { </span></span><span style="display:flex;"><span> <span style="color:#75715e">## $arg_agent 請求中 agent 的值(https://abc.com/?agent=123) </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#75715e">## agent=60037, $game_api 的值為 to_nodejs95 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">60037</span> <span style="color:#e6db74">to_nodejs95</span>; </span></span><span style="display:flex;"><span> <span style="color:#75715e">## agent 結尾是 1, 2, 3, 或是 4, $game_api 的值為 to_nodejs1 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">~*1$</span> <span style="color:#e6db74">to_nodejs1</span>; </span></span><span style="display:flex;"><span> <span style="color:#f92672">~*2$</span> <span style="color:#e6db74">to_nodejs1</span>; </span></span><span style="display:flex;"><span> <span style="color:#f92672">~*3$</span> <span style="color:#e6db74">to_nodejs1</span>; </span></span><span style="display:flex;"><span> <span style="color:#f92672">~*4$</span> <span style="color:#e6db74">to_nodejs1</span>; </span></span><span style="display:flex;"><span> <span style="color:#75715e">## 若 agent 不符合上開規則,預設 $game_api 的值為 to_nodejs2 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">default</span> <span style="color:#e6db74">to_nodejs2</span>; </span></span><span style="display:flex;"><span>} </span></span></code></pre></div><h3 id="defaultconf">default.conf</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#75715e">## module: ngx_http_limit_req_module </span></span></span><span style="display:flex;"><span><span style="color:#75715e">## 限制請求處理 </span></span></span><span style="display:flex;"><span><span style="color:#75715e">## limit_req_zone key zone=name:size rate=rate [sync]; 定義限制請求的規則 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span><span style="color:#66d9ef">limit_req_zone</span> $binary_remote_addr$server_name <span style="color:#e6db74">zone=websocket:10m</span> <span style="color:#e6db74">rate=1r/m</span>; </span></span><span style="display:flex;"><span><span style="color:#75715e">## limit_req_status code; 設定被拒絕連線的 HTTP 狀態碼,預設為 503 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span><span style="color:#66d9ef">limit_req_status</span> <span style="color:#ae81ff">502</span>; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e">## 設定虛擬主機 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span><span style="color:#66d9ef">server</span> { </span></span><span style="display:flex;"><span> <span style="color:#75715e">## listen port [default_server] [ssl] [http2 | spdy] [proxy_protocol] [setfib=number] [fastopen=number] [backlog=number] [rcvbuf=size] [sndbuf=size] [accept_filter=filter] [deferred] [bind] [ipv6only=on|off] [reuseport] [so_keepalive=on|off|[keepidle]:[keepintvl]:[keepcnt]]; </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#75715e">## 設定監聽的埠口,預設為 *:80 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#75715e">## 下方設定為監聽 80 port,且為預設的虛擬主機 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">listen</span> <span style="color:#ae81ff">80</span> <span style="color:#e6db74">default_server</span>; </span></span><span style="display:flex;"><span> <span style="color:#75715e">## server_name name ...; 設定虛擬主機名,可使用正則表示式,預設為 &#34;&#34; </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">server_name</span> <span style="color:#e6db74">_</span>; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">access_log</span> <span style="color:#e6db74">logs/default/default.log</span> <span style="color:#e6db74">json</span>; </span></span><span style="display:flex;"><span> <span style="color:#f92672">error_log</span> <span style="color:#e6db74">logs/default/default.error.log</span> <span style="color:#e6db74">warn</span>; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e">## module: ngx_http_access_module </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#75715e">## allow address | CIDR | unix: | all; 允許 IP 訪問 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">allow</span> 1.1.1.1; </span></span><span style="display:flex;"><span> <span style="color:#75715e">## deny address | CIDR | unix: | all; 禁止 IP 訪問 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">deny</span> 12.34.56.78; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e">## 設定請求訪問的根資料夾 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">root</span> <span style="color:#e6db74">/usr/share/nginx/html</span>; </span></span><span style="display:flex;"><span> <span style="color:#75715e">## limit_req zone=name [burst=number] [nodelay | delay=number]; 設定限制請求的規則 zone </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">limit_req</span> <span style="color:#e6db74">zone=websocket</span> <span style="color:#e6db74">nodelay</span>; </span></span><span style="display:flex;"><span> <span style="color:#75715e">## limit_req_log_level info | notice | warn | error; 設定被拒絕連線的請求日誌等級,預設為 error </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">limit_req_log_level</span> <span style="color:#e6db74">warn</span>; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e">## location [ = | ~ | ~* | ^~ ] uri { ... } </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#75715e">## location @name { ... } 依據請求的 URI 配置 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">location</span> <span style="color:#e6db74">/</span> { </span></span><span style="display:flex;"><span> <span style="color:#f92672">default_type</span> <span style="color:#e6db74">application/json</span>; </span></span><span style="display:flex;"><span> <span style="color:#75715e">## 返回 HTTP 狀態碼 200,並包含字串 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">return</span> <span style="color:#ae81ff">200</span> <span style="color:#e6db74">&#39;</span>{<span style="color:#f92672">&#34;Code&#34;:</span> <span style="color:#e6db74">&#34;</span>$status&#34;, <span style="color:#e6db74">&#34;IP&#34;:</span> <span style="color:#e6db74">&#34;</span>$remote_addr&#34;}&#39;; </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span>} </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#f92672">server</span> { </span></span><span style="display:flex;"><span> <span style="color:#75715e">## 下方設定為監聽 443 port,且為預設的虛擬主機,所有連線都使用 SSL </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">listen</span> <span style="color:#ae81ff">443</span> <span style="color:#e6db74">default_server</span> <span style="color:#e6db74">ssl</span>; </span></span><span style="display:flex;"><span> <span style="color:#f92672">server_name</span> <span style="color:#e6db74">_</span>; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">access_log</span> <span style="color:#e6db74">logs/default/default.log</span> <span style="color:#e6db74">json</span>; </span></span><span style="display:flex;"><span> <span style="color:#f92672">error_log</span> <span style="color:#e6db74">logs/default/default.error.log</span> <span style="color:#e6db74">warn</span>; </span></span><span style="display:flex;"><span> <span style="color:#75715e">## module: ngx_http_ssl_module </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#75715e">## 設定 PEM 格式的證書 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">ssl_certificate</span> <span style="color:#e6db74">/etc/ssl/hddv1.com.crt</span>; </span></span><span style="display:flex;"><span> <span style="color:#75715e">## 設定 PEM 格式的密鑰 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">ssl_certificate_key</span> <span style="color:#e6db74">/etc/ssl/hddv1.com.key</span>; </span></span><span style="display:flex;"><span> <span style="color:#75715e">## 設定 SSL 版本,預設為 TLSv1 TLSv1.1 TLSv1.2 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">ssl_protocols</span> <span style="color:#e6db74">TLSv1.2</span> <span style="color:#e6db74">TLSv1.3</span>; </span></span><span style="display:flex;"><span> <span style="color:#75715e">## 設定啟用的加密方法,預設為 HIGH:!aNULL:!MD5 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">ssl_ciphers</span> <span style="color:#e6db74">&#34;EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC2:!RC4:!aNULL:!eNULL:!LOW:!IDEA:!DES:!TDES:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!EXPORT:!ANON&#34;</span>; </span></span><span style="display:flex;"><span> <span style="color:#75715e">## 為 DHE 加密法指定帶有 DH 參數的文件 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">ssl_dhparam</span> <span style="color:#e6db74">/etc/ssl/dhparams.pem</span>; </span></span><span style="display:flex;"><span> <span style="color:#75715e">## 是否優先使用 server 的加密法,預設為 off </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">ssl_prefer_server_ciphers</span> <span style="color:#66d9ef">on</span>; </span></span><span style="display:flex;"><span> <span style="color:#75715e">## ssl_session_cache off | none | [builtin[:size]] [shared:name:size]; </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#75715e">## 設定緩存及大小,預設為 none </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">ssl_session_cache</span> <span style="color:#e6db74">shared:SSL:1m</span>; </span></span><span style="display:flex;"><span> <span style="color:#75715e">## 設定 session 可重複使用的時間,預設為 5 分鐘 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">ssl_session_timeout</span> <span style="color:#ae81ff">5m</span>; </span></span><span style="display:flex;"><span> <span style="color:#f92672">add_header</span> <span style="color:#e6db74">X-Frame-Options</span> <span style="color:#e6db74">&#34;SAMEORIGIN&#34;</span>; </span></span><span style="display:flex;"><span> <span style="color:#f92672">add_header</span> <span style="color:#e6db74">X-XSS-Protection</span> <span style="color:#e6db74">&#34;1</span>; <span style="color:#f92672">mode=block&#34;</span>; </span></span><span style="display:flex;"><span> <span style="color:#f92672">add_header</span> <span style="color:#e6db74">Strict-Transport-Security</span> <span style="color:#e6db74">&#34;max-age=31536000</span>; <span style="color:#f92672">includeSubdomains</span>; <span style="color:#f92672">preload&#34;</span>; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">root</span> <span style="color:#e6db74">/usr/share/nginx/html</span>; </span></span><span style="display:flex;"><span> <span style="color:#f92672">limit_req</span> <span style="color:#e6db74">zone=websocket</span> <span style="color:#e6db74">nodelay</span>; </span></span><span style="display:flex;"><span> <span style="color:#f92672">limit_req_log_level</span> <span style="color:#e6db74">warn</span>; </span></span><span style="display:flex;"><span> <span style="color:#f92672">default_type</span> <span style="color:#e6db74">application/json</span>; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">location</span> <span style="color:#e6db74">/</span> { </span></span><span style="display:flex;"><span> <span style="color:#f92672">default_type</span> <span style="color:#e6db74">application/json</span>; </span></span><span style="display:flex;"><span> <span style="color:#f92672">return</span> <span style="color:#ae81ff">200</span> <span style="color:#e6db74">&#39;</span>{<span style="color:#f92672">&#34;Code&#34;:</span> <span style="color:#e6db74">&#34;</span>$status&#34;, <span style="color:#e6db74">&#34;IP&#34;:</span> <span style="color:#e6db74">&#34;</span>$remote_addr&#34;}&#39;; </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span>} </span></span></code></pre></div><h3 id="nginxconf">nginx.conf</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#75715e">## module: ngx_core_module </span></span></span><span style="display:flex;"><span><span style="color:#75715e">## worker_processes number | auto; 啟動 Nginx worker 程序數量, 設定 auto 即和 CPU 的數量相等 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span><span style="color:#66d9ef">worker_processes</span> <span style="color:#e6db74">auto</span>; </span></span><span style="display:flex;"><span><span style="color:#75715e">## worker_rlimit_nofile number; Nginx worker 程序最大打開文件數,預設為系統 RLIMIT_NOFILE </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span><span style="color:#66d9ef">worker_rlimit_nofile</span> <span style="color:#ae81ff">131072</span>; </span></span><span style="display:flex;"><span><span style="color:#75715e">## worker_shutdown_timeout time; 設定關閉超時時間,當執行 reload 或是其他相關指令,超過 time 時間之後,Nginx 會主動關閉所有受影響的 worker </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span><span style="color:#66d9ef">worker_shutdown_timeout</span> <span style="color:#ae81ff">60</span>; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e">## error_log file [level]; 設定錯誤日誌寫入位置 </span></span></span><span style="display:flex;"><span><span style="color:#75715e">## debug, info, notice, warn, error, crit, alert, emerg </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span><span style="color:#66d9ef">error_log</span> <span style="color:#e6db74">logs/error.log</span> <span style="color:#e6db74">warn</span>; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e">## pid file; 主程序 ID 文件位置 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span><span style="color:#66d9ef">pid</span> <span style="color:#e6db74">logs/nginx.pid</span>; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e">## module: ngx_core_module </span></span></span><span style="display:flex;"><span><span style="color:#75715e">## 設定連線處理相關 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span><span style="color:#66d9ef">events</span> { </span></span><span style="display:flex;"><span> <span style="color:#75715e">## worker_connections number; 單個 Nginx worker 程序的最大並發連接數,預設為 512,需要小於 worker_rlimit_nofile </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#75715e">## 最大連接數 = worker_connections * worker_processes </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">worker_connections</span> <span style="color:#ae81ff">102400</span>; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e">## accept_mutex on | off; 預設為 off </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#75715e">## 只有一個新連線進入,如果設定為 on,只有一個 worker 會接受連線,其餘持續休眠 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#75715e">## 如果設定為 off,所有 worker 會被喚醒,只有一個 worker 會接受連線,其餘重新休眠 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#75715e">## 業務上使用 TCP 長連線、流量大,off 的效能以及 QPS 表現較佳 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">accept_mutex</span> <span style="color:#66d9ef">off</span>; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e">## multi_accept on | off; 是否同時接受所有的請求,預設為 off </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">multi_accept</span> <span style="color:#66d9ef">on</span>; </span></span><span style="display:flex;"><span>} </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e">## module: ngx_http_core_module </span></span></span><span style="display:flex;"><span><span style="color:#75715e">## 設定 HTTP server 相關 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span><span style="color:#66d9ef">http</span> { </span></span><span style="display:flex;"><span> <span style="color:#75715e">## module: ngx_core_module </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#75715e">## include file | mask; 使用文件中的設定 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#75715e">## 下方為設定 MIME 類型,類型由 mime.type 文件定義 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">include</span> <span style="color:#e6db74">mime.types</span>; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e">## default_type mime-type; 定義默認 MIME 類型,預設為 text/plain </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">default_type</span> <span style="color:#e6db74">application/octet-stream</span>; </span></span><span style="display:flex;"><span> <span style="color:#75715e">## server_names_hash_max_size size; 設定 server_name 的 hash 表最大值,預設為 512 kb </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">server_names_hash_max_size</span> <span style="color:#ae81ff">2048</span>; </span></span><span style="display:flex;"><span> <span style="color:#75715e">## 設定 server_name 的 hash 表的大小,用於快速找到對應的 server_name,預設值取決於 CPU 的 L1 cache </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">server_names_hash_bucket_size</span> <span style="color:#ae81ff">256</span>; </span></span><span style="display:flex;"><span> <span style="color:#75715e">## server_tokens on | off | build | string; 是否在 Nginx 錯誤頁面顯示 Nginx 版本,預設為 on </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">server_tokens</span> <span style="color:#66d9ef">off</span>; </span></span><span style="display:flex;"><span> <span style="color:#75715e">## 是否在錯誤日誌記錄 404 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">log_not_found</span> <span style="color:#66d9ef">off</span>; </span></span><span style="display:flex;"><span> <span style="color:#75715e">## 是否啟用 sendfile() 提高文件傳輸效率,預設為 off </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">sendfile</span> <span style="color:#66d9ef">on</span>; </span></span><span style="display:flex;"><span> <span style="color:#75715e">## 文件是否使用完整封包發送,預設為 off </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">tcp_nopush</span> <span style="color:#66d9ef">on</span>; </span></span><span style="display:flex;"><span> <span style="color:#75715e">## 數據是否儘快傳送,預設為 on </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">tcp_nodelay</span> <span style="color:#66d9ef">on</span>; </span></span><span style="display:flex;"><span> <span style="color:#75715e">## 設定長連線持續秒數,超過時間 Nginx 會主動關閉連線,預設為 75 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">keepalive_timeout</span> <span style="color:#ae81ff">70</span>; </span></span><span style="display:flex;"><span> <span style="color:#75715e">## client_max_body_size size; 設定請求允許最大的 body 大小 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">client_max_body_size</span> <span style="color:#e6db74">64M</span>; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e">## module: ngx_http_gzip_module </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#75715e">## 是否啟用 gzip 壓縮,預設為 off </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">gzip</span> <span style="color:#66d9ef">on</span>; </span></span><span style="display:flex;"><span> <span style="color:#75715e">## 設定要壓縮的 Content-Length 最小值,預設為 20 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">gzip_min_length</span> <span style="color:#ae81ff">1k</span>; </span></span><span style="display:flex;"><span> <span style="color:#75715e">## 設定壓縮緩衝大小,預設為一頁記憶體 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#75715e">## gzip_buffers number size; </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">gzip_buffers</span> <span style="color:#ae81ff">4</span> <span style="color:#ae81ff">32k</span>; </span></span><span style="display:flex;"><span> <span style="color:#75715e">## 設定壓縮等級,範圍 1 ~ 9,預設為 1 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">gzip_comp_level</span> <span style="color:#ae81ff">7</span>; </span></span><span style="display:flex;"><span> <span style="color:#75715e">## 設定要壓縮的 MIME 類型,預設為 text/html </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">gzip_types</span> <span style="color:#e6db74">text/plain</span> <span style="color:#e6db74">application/x-javascript</span> <span style="color:#e6db74">text/css</span> <span style="color:#e6db74">application/xml</span> <span style="color:#e6db74">text/javascript</span> <span style="color:#e6db74">application/x-httpd-php</span> <span style="color:#e6db74">application/json</span>; </span></span><span style="display:flex;"><span> <span style="color:#75715e">## 是否在 HTTP response header 增加 Vary: Accept-Encoding,預設為 off </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">gzip_vary</span> <span style="color:#66d9ef">on</span>; </span></span><span style="display:flex;"><span> <span style="color:#75715e">## 針對特定 User-Agent 禁用壓縮 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#75715e">## 下方為設定禁用 IE 6 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">gzip_disable</span> <span style="color:#e6db74">&#34;MSIE</span> <span style="color:#e6db74">[1-6]\.&#34;</span>; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e">## resolver address ... [valid=time] [ipv6=on|off] [status_zone=zone]; 使用指定的 NS 解析 server_name, upstream server 等 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">resolver</span> 114.114.114.114 8.8.8.8 1.1.1.1; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e">## module: ngx_http_headers_module </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#75715e">## add_header name value [always]; 在 HTTP response header 增加欄位 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#75715e">## 下方為設定允許跨域 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">add_header</span> <span style="color:#e6db74">Access-Control-Allow-Origin</span> <span style="color:#e6db74">*</span>; </span></span><span style="display:flex;"><span> <span style="color:#f92672">add_header</span> <span style="color:#e6db74">Access-Control-Allow-Headers</span> <span style="color:#e6db74">DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type</span>; </span></span><span style="display:flex;"><span> <span style="color:#f92672">add_header</span> <span style="color:#e6db74">Access-Control-Allow-Methods</span> <span style="color:#e6db74">GET,POST,OPTIONS</span>; </span></span><span style="display:flex;"><span> <span style="color:#f92672">add_header</span> <span style="color:#e6db74">Access-Control-Expose-Headers</span> <span style="color:#e6db74">&#39;WWW-Authenticate,Server-Authorization,User-Identity-Token&#39;</span>; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e">## module: ngx_http_realip_module </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#75715e">## set_real_ip_from address | CIDR | unix:; 設定信任的可被替代的伺服器 IP,如反向代理伺服器 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">set_real_ip_from</span> 10.0.0.0<span style="color:#e6db74">/8</span>; </span></span><span style="display:flex;"><span> <span style="color:#f92672">set_real_ip_from</span> 172.16.0.0<span style="color:#e6db74">/12</span>; </span></span><span style="display:flex;"><span> <span style="color:#f92672">set_real_ip_from</span> 192.168.0.0<span style="color:#e6db74">/16</span>; </span></span><span style="display:flex;"><span> <span style="color:#75715e">## real_ip_header field | X-Real-IP | X-Forwarded-For | proxy_protocol; 定義使用哪個標頭取代獲取到的 client IP,預設為 X-Real-IP </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">real_ip_header</span> <span style="color:#e6db74">X-Forwarded-For</span>; </span></span><span style="display:flex;"><span> <span style="color:#75715e">## 將 real_ip_header 設定的標頭中,「最後一個非信任伺服器 IP」或是「最後一個 IP」當成真實 IP,預設為 off </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">real_ip_recursive</span> <span style="color:#66d9ef">on</span>; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#75715e">## module: ngx_http_log_module </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#75715e">## log_format name [escape=default|json|none] string ...; 設定日誌格式 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">log_format</span> <span style="color:#e6db74">json</span> <span style="color:#e6db74">escape=json</span> <span style="color:#e6db74">&#39;</span>{<span style="color:#f92672">&#34;@timestamp&#34;:&#34;$time_iso8601&#34;,&#39;</span> </span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#39;&#34;@source&#34;:&#34;</span>$server_addr&#34;,&#39; </span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#39;&#34;ip&#34;:&#34;</span>$http_x_forwarded_for&#34;,&#39; </span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#39;&#34;client&#34;:&#34;</span>$remote_addr&#34;,&#39; </span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#39;&#34;request_method&#34;:&#34;</span>$request_method&#34;,&#39; </span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#39;&#34;scheme&#34;:&#34;</span>$scheme&#34;,&#39; </span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#39;&#34;domain&#34;:&#34;</span>$server_name&#34;,&#39; </span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#39;&#34;client_host&#34;:&#34;</span>$host&#34;,&#39; </span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#39;&#34;referer&#34;:&#34;</span>$http_referer&#34;,&#39; </span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#39;&#34;request&#34;:&#34;</span>$request_uri&#34;,&#39; </span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#39;&#34;args&#34;:&#34;</span>$args&#34;,&#39; </span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#39;&#34;sent_bytes&#34;:</span>$body_bytes_sent,&#39; </span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#39;&#34;status&#34;:</span>$status,&#39; </span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#39;&#34;responsetime&#34;:</span>$request_time,&#39; </span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#39;&#34;upstreamtime&#34;:&#34;</span>$upstream_response_time&#34;,&#39; </span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#39;&#34;upstreamaddr&#34;:&#34;</span>$upstream_addr&#34;,&#39; </span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#39;&#34;http_user_agent&#34;:&#34;</span>$http_user_agent&#34;,&#39; </span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#39;&#34;Country&#34;:&#34;</span>$geoip2_data_country_name&#34;,&#39; </span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#39;&#34;State&#34;:&#34;</span>$geoip2_data_state_name&#34;,&#39; </span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#39;&#34;City&#34;:&#34;</span>$geoip2_data_city_name&#34;,&#39; </span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#39;&#34;all_agent&#34;:&#34;</span>$arg_agent&#34;,&#39; </span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#39;&#34;dfw_agent&#34;:&#34;</span>$arg_proxy&#34;,&#39; </span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#39;&#34;nw2_agent&#34;:&#34;</span>$arg_channel&#34;,&#39; </span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#39;&#34;https&#34;:&#34;</span>$https&#34;&#39; </span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#39;</span><span style="color:#960050;background-color:#1e0010">}</span><span style="color:#e6db74">&#39;</span>; </span></span><span style="display:flex;"><span> <span style="color:#f92672">log_format</span> <span style="color:#e6db74">main</span> <span style="color:#e6db74">&#39;</span>$remote_addr <span style="color:#e6db74">-</span> $remote_user <span style="color:#e6db74">[</span>$time_local] <span style="color:#e6db74">&#34;</span>$request&#34; <span style="color:#e6db74">&#39;</span> </span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#39;</span>$status $body_bytes_sent <span style="color:#e6db74">&#34;</span>$http_referer&#34; <span style="color:#e6db74">&#39;</span> </span></span><span style="display:flex;"><span> <span style="color:#e6db74">&#39;&#34;</span>$http_user_agent&#34; <span style="color:#e6db74">&#34;</span>$http_x_forwarded_for&#34;&#39;; </span></span><span style="display:flex;"><span> <span style="color:#75715e">## access_log path [format [buffer=size] [gzip[=level]] [flush=time] [if=condition]]; 設定日誌寫入位置以及使用的日誌名稱 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#75715e">## access_log off; 不紀錄日誌 </span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span> <span style="color:#f92672">access_log</span> <span style="color:#e6db74">logs/access.log</span> <span style="color:#e6db74">json</span>; </span></span><span style="display:flex;"><span>} </span></span></code></pre></div>