2016年12月07日 星期三

nginx 常用配置

编译配置SSL,开启http2模块,和css,js合并模块

./configure --with-openssl=/home/chengziqing/openssl-1.0.2j --with-http_v2_module --with-http_concat_module

配置包括,开机GZIP,反向代理,开启SSL

worker_processes  1;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    gzip  on;
	gzip_buffers 16 8k;
	gzip_comp_level 6;
	gzip_http_version 1.1;
	gzip_min_length 256;
	gzip_proxied any;
	gzip_vary on;
	gzip_types
	    text/xml application/xml application/atom+xml application/rss+xml application/xhtml+xml image/svg+xml
	    text/javascript application/javascript application/x-javascript
	    text/x-json application/json application/x-web-app-manifest+json
	    text/css text/plain text/x-component
	    font/opentype application/x-font-ttf application/vnd.ms-fontobject
	    image/x-icon;
	gzip_disable  "msie6";
	server {
	    listen 80 default_server;
	    server_name  _;
	    return 404;
	}
	server {
        listen       80;
        server_name  blog.guoqiangti.com;
        location / {
              proxy_pass    http://127.0.0.1:9000/;
              proxy_set_header    Host             $host;
              proxy_set_header    X-Real-IP        $remote_addr;
              proxy_set_header    X-Forwarded-For  $remote_addr;
              proxy_redirect default ;
        }
    }
    server {
        listen       443 ssl;
        server_name  blog.guoqiangti.com;

        ssl_certificate      blog.guoqiangti.com.pem;
        ssl_certificate_key  blog.guoqiangti.com.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
        ssl_prefer_server_ciphers on;

        location / {
              proxy_pass    http://127.0.0.1:9000/;
              proxy_set_header    Host             $host;
              proxy_set_header    X-Real-IP        $remote_addr;
              proxy_set_header    X-Forwarded-For  $remote_addr;
              proxy_redirect default ;
        }
    }
}