Nginx基础配置

nginx配置文件
ls /usr/local/nginx
ls /usr/local/openresty/nginx/conf

查看安装的nginx模块
nginx -V

查看cpu核数
lscpu
CPU(s): 16

嵌套关系
http -> server -> location

配置解释

# nginx 的运行用户，如果写作 nobody nobody代表用户和所属组，比如limingze:limingze
#user  nobody;
# 运行的ork数量，可以设置成cpu的核数，用lscpu命令查看，这里可以改成16
#worker_processes 1;

# Enables the use of JIT for regular expressions to speed-up their processing.
pcre_jit on;


#error_log  logs/error.log; #不写默认代表error级别
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid; #存放pid的路径

# ulimit -n 查看最多连接数
events {
    worker_connections  1024;
}


http {
    include       mime.types; # vim下gf可以查看所有类型,:bd或者ctrl+o返回
    default_type  application/octet-stream; # 未知类型时，默认的返回类型

    # Enables or disables the use of underscores in client request header fields.
    # When the use of underscores is disabled, request header fields whose names contain underscores are marked as invalid and become subject to the ignore_invalid_headers directive.
    # underscores_in_headers off;

    server_tokens off; #关闭版本信息输出。curl -I 127.0.0.1，可以看到Server后面跟着版本号


    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main; # main指代log_format，如果打开access_log，上面的log_format也要打开
    # docker 安装后 access.log -> /dev/stdout 日志会重定向，需要在容器外面 docker logs <容器id> 查看


    # See Move default writable paths to a dedicated directory (#119)
    # https://github.com/openresty/docker-openresty/issues/119
    client_body_temp_path /var/run/openresty/nginx-client-body;
    proxy_temp_path       /var/run/openresty/nginx-proxy;
    fastcgi_temp_path     /var/run/openresty/nginx-fastcgi;
    uwsgi_temp_path       /var/run/openresty/nginx-uwsgi;
    scgi_temp_path        /var/run/openresty/nginx-scgi;

    sendfile        on;
    tcp_nopush      on;
    tcp_nodelay     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;
    keepalive_requests 100;

    # http Response Headers中，Content-Encoding：gzip
    gzip  on;

    server {
    	# 虚拟主机配置
    }
    include /etc/nginx/conf.d/*.conf;
}

虚拟主机配置

server {
    	listen 80; # 也可以写作127.0.0.1:80，这时候只有本地才能够访问
    	server_name xiaolee.xyz;

    	charset utf-8; #字符集
    	access_log logs/xiaolee.xyz.log main; #自定义日志路径

    	location / {
    		autoindex on; 列目录
    		root html; #根路径
    		index index.php index.html index.html; #默认请求文件

    	}

    	error_page 404	/404.html;
    	
    	error_page 500 501 502 503 504 /50x.html;
    	location = /50x.html {
    		root html;
    	}

    }

虚拟主机:多域名，多端口，多ip

server {
	listen 80;
	server_name xiaolee.xyz;

	root /data/nginx/www;
	index index.php index.html;
}

端口转发

与 http{} 平级，插入
stream {
	include /etc/nginx/tcp.d/*.conf;
}

upstream clash_7890 {
    hash $remote_addr consistent;
    server 192.168.31.17:7890 weight=5 max_fails=3 fail_timeout=30s;
}

server {
    listen 7890;
    proxy_connect_timeout 1s; # 连接超时时间
    proxy_timeout 3s; # 超时时间
    proxy_pass clash_7890; # 转发目标的IP及端口号
}

server {
    listen 7890 udp;
    proxy_connect_timeout 1s; # 连接超时时间
    proxy_timeout 3s; # 超时时间
    proxy_pass clash_7890; # 转发目标的IP及端口号
}

upstream clash_7891 {
    hash $remote_addr consistent;
    server 192.168.31.17:7891 weight=5 max_fails=3 fail_timeout=30s;
}

server {
    listen 7891;
    proxy_connect_timeout 1s; # 连接超时时间
    proxy_timeout 3s; # 超时时间
    proxy_pass clash_7891; # 转发目标的IP及端口号
}

server {
    listen 7891 udp;
    proxy_connect_timeout 1s; # 连接超时时间
    proxy_timeout 3s; # 超时时间
    proxy_pass clash_7891; # 转发目标的IP及端口号
}

防盗链

location ~* \.(jpg|png|gif) {
	valid_referers none blocked www.xiaolee.xyz xiaolee.xyz;
	root html;
	if($invalid_referer){
		#return 403;
		rewrite /(.*) /daotu.jpg break;
	}
}