nginx配置文件详解 made by qwe

2021/3/21:对http2进行增加,对ssl语法不严谨的地方进行修改。使用systemctl代替service
2021/9/15 对一处正则表达式的错误进行更正,新增ipv6监听,新增正向代理与webdev配置,新增tls下的http跳转到https,新增http跳转https。

代码架构为linux+nginx1.19.1+php7.2+apache+mysql
一般静态交给nginx,动态由apache负责,不过nginx也可以负责动态,看nginx的配置啦。
命令 systemctl start nginx nginx启动
systemctl restart nginx  nginx重启
systemctl start httpd  apache启动
systemctl restart httpd  apache重启

建议使用

nginx -t

检查语法是否出现问题

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

这样的语法就是正确的

nginx: [emerg] directive "http" has no opening "{" in /usr/local/nginx/conf/nginx.conf:16
nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed

这里第16行报错你需要检查一下代码,但不一定就是第16行报错,你要结合先后语句进行分析

最后,本篇文章已经较详细描述了nginx的配置文件,仔细看一下会减少大量的报错几率,本篇文章内的所有代码,都经过了检查,保证无错误(除了ssl的证书名哈)
详细配置可参考 lnmp、lamp、lnmpa一键安装包(Updated: 2019-02-17)内的描述

user www www;
worker_processes auto;

error_log /data/wwwlogs/error_nginx.log crit;
pid /var/run/nginx.pid;
worker_rlimit_nofile 51200;

events {
  use epoll;
  worker_connections 51200;
  multi_accept on;
}

http {
  include mime.types;
  default_type application/octet-stream;
  server_names_hash_bucket_size 128;
  client_header_buffer_size 32k;
  large_client_header_buffers 4 32k;
  client_max_body_size 1024m;
  client_body_buffer_size 10m;
  sendfile on;
  tcp_nopush on;
  keepalive_timeout 120;
  server_tokens off;
  tcp_nodelay on;

  fastcgi_connect_timeout 300;
  fastcgi_send_timeout 300;
  fastcgi_read_timeout 300;
  fastcgi_buffer_size 64k;
  fastcgi_buffers 4 64k;
  fastcgi_busy_buffers_size 128k;
  fastcgi_temp_file_write_size 128k;
  fastcgi_intercept_errors on;

  #Gzip Compression
  gzip on;
  gzip_buffers 16 8k;
  gzip_comp_level 6;
  gzip_http_version 1.1;
  gzip_min_length 256;
  gzip_proxied any;
  gzip_vary on;
  gzip_types
    text/xml application/xml application/atom+xml application/rss+xml application/xhtml+xml image/svg+xml
    text/javascript application/javascript application/x-javascript
    text/x-json application/json application/x-web-app-manifest+json
    text/css text/plain text/x-component
    font/opentype application/x-font-ttf application/vnd.ms-fontobject
    image/x-icon;
  gzip_disable "MSIE [1-6]\.(?!.*SV1)";

  ##Brotli Compression
  #brotli on;
  #brotli_comp_level 6;
  #brotli_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript image/svg+xml;

  ##If you have a lot of static files to serve through Nginx then caching of the files' metadata (not the actual files' contents) can save some latency.
  #open_file_cache max=1000 inactive=20s;
  #open_file_cache_valid 30s;
  #open_file_cache_min_uses 2;
  #open_file_cache_errors on;

nginx开头

以上为nginx标准开头文件复制粘贴就行了

server {
服务开头,这一行表示你要开始配置端口了
listen 443 ssl http2 #
这一行主要是确认使用的端口号#号后面是解释信息,nginx不做解析,并将ssl启动选项加到此处,使nginx -t时不会报提醒,顺便启用http2,基于脚本编译的nginx默认有配置http2的选项需人工启用。
listen [::1]:443 ipv6only=on ssl http2
[::1]是本地链路地址,跟127.0.0.1的意思差不多,ipv6only=on只需要配置一次,下面就算写了ipv6的监听项,也可以不写ipv6only=on了
error_page 497  @400;
此处自定义400提示https不能使用http访问的报错提示,定义到了@400这个路径上面
server_name ddns.10086.fund;
#填写绑定证书的域名
root /data/wwwroot/default;  
#网站主页路径。此路径仅供参考,具体请您按照实际目录操作。
index index.html index.php;  
允许解析的文件类型
 ssl_certificate  /usr/local/nginx/conf/ssl/00.crt; 
#证书文件名称及证书的绝对路径
ssl_certificate_key /usr/local/nginx/conf/ssl/00.key; 
#私钥文件名称及私钥的绝对路径
ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
ssl的协议
 add_header Access-Control-Allow-Origin *; #跨域 *号代表所有
   add_header Access-Control-Allow-Headers X-Custom-Header; #跨域
  add_header Access-Control-Allow-Methods GET,POST,OPTIONS; #跨域
跨域配置文件,注意跨域文件不能写到location里面!应该是只能全局跨域
以下为nginx里面最重要的配置部分了,详细解释文末有链接,可以去看看
location / {
配置开头
index index.html index.htm index.php;
解析文件类型
}
注意括号保证代码完整性!
location @400 {
       rewrite ^(.*)$ https://${server_name}:23350$1 permanent;
     }
此处自定义了@400的配置,将原有的http定向到了https://host:23350后面跟上原有路径
location ~ [^/]\.php(/|$) {
      #fastcgi_pass remote_php_ip:9000;
      fastcgi_pass unix:/dev/shm/php-cgi.sock;
      fastcgi_index index.php;
      include fastcgi.conf;
    }
php的解析,这个文件一般在安装lnmp和lnamp架构的时候自动生成!
 location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
      expires 30d;
      access_log off;
    }
    location ~ .*\.(js|css)$ {
      expires 7d;
      access_log off;
    }
    location ~ ^/(\.user.ini|\.ht|\.git|\.svn|\.project|LICENSE|README.md) {
      deny all;
    }
} 
照抄就行了,此处对于location ~ .*\.(js|css)$应注意在结尾不应跟上正则表达式中的?号,因为这个js/css是需要出现的,?号不适用

######################## default ############################

以下的http有lnamp架构与lnmp架构,注意区分!

这个是lnamp架构

server {
    listen 80;
    server_name _;
    access_log /data/wwwlogs/access_nginx.log combined;
    root /data/wwwroot/default;
    index index.html index.htm index.php;
    #error_page 404 /404.html;
    #error_page 502 /502.html;
    location /nginx_status {
      stub_status on;
      access_log off;
      allow 127.0.0.1;
      deny all;
    }
不解释!
location / {
      try_files $uri @apache;
    }
    location @apache {
      proxy_pass http://127.0.0.1:88;
      include proxy.conf;
    }
    location ~ [^/]\.php(/|$) {
      proxy_pass http://127.0.0.1:88;
      include proxy.conf;
    }
这部分表示将php文件交由阿帕奇处理 location ~ [^/]\.php(/|$) { 这个是匹配php的意思,详见文末引用链接!
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
      expires 30d;
      access_log off;
    }
    location ~ .*\.(js|css)$ {
      expires 7d;
      access_log off;
    }
    location ~ ^/(\.user.ini|\.ht|\.git|\.svn|\.project|LICENSE|README.md) {
      deny all;
    }
    
  }
照抄!
server {
    listen 82; 
    server_name _;
    access_log /data/wwwlogs/access_nginx.log combined;
    root /data/wwwroot/default/fw;
    index  index.html index.php;
    #error_page 404 /404.html;
    #error_page 502 /502.html;
    location /nginx_status {
      stub_status on;
      access_log off;
      allow 127.0.0.1;
      deny all;
    }
依然不解释
 location / {
   if (!-e $request_filename) {
   rewrite  ^(.*)$  /index.php?s=/$1  last;
   break;
    }
 }
伪静态,仅做参考
location ~ [^/]\.php(/|$) {
      #fastcgi_pass remote_php_ip:9000;
      fastcgi_pass unix:/dev/shm/php-cgi.sock;
      fastcgi_index index.php;
      include fastcgi.conf;
    }
该部分表示php由nginx解析,不交给阿帕奇
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
      expires 30d;
      access_log off;
    }
    location ~ .*\.(js|css)$ {
      expires 7d;
      access_log off;
    }
    location ~ ^/(\.user.ini|\.ht|\.git|\.svn|\.project|LICENSE|README.md) {
      deny all;
    }
}
照抄
server {
    listen 83; #aria默认位置的文件提取
    server_name _;
    access_log /data/wwwlogs/access_nginx.log combined;
    root /data/wwwroot/data/;
不解释
 if ($uri ~ '\.(php|sql|php3|php4|phtml|pl|js|py|jsp|asp|htm|shtml|sh|cgi)$') { #限制这部分不解析
    return 403;  #直接403拒绝解析
}
这部分表示php|sql|php3|php4|phtml|pl|js|py|jsp|asp|htm|shtml|sh|cgi这些都不解析
}
不要忘了代码完整性!
server {
        listen       85; #转路由器
        server_name _;
 location /  { 
            proxy_pass http://192.168.123.1;
        }
反向代理到192.168.123.1
server_name  xm.10086.fund; #限制xm.10086.fund才能访问
    if ($host != '你允许访问的域名'){
   return https://10086.fund; #非指定域名外,一切直接转主页
    }
只有指定域名才能访问,其他域名将转到https://10086.fund上面
 server {
    listen  96; 
   
 
     # dns resolver used by forward proxying
     resolver       223.5.5.5;
此处意思是配置dns地址,最好填公共的,路由器的ip就不要当dns了
  # forward proxy for CONNECT request
     proxy_connect;
启用正向代理
  proxy_connect_allow            443 563;
配置端口
 proxy_connect_connect_timeout  10s;
     proxy_connect_read_timeout     10s;
     proxy_connect_send_timeout     10s;
 
      #forward proxy for non-CONNECT request
     location / {
         proxy_pass http://$host;
      proxy_set_header Host $host;
     }
}
server {
    listen       98; #
    
    server_name  localhost;
    auth_basic "TETS";
    auth_basic_user_file /etc/nginx/webdavpasswd;
配置用于存储哈希加密的密码的地方

    location /
    {
        client_max_body_size 5G;
        alias /;
        index index.html index.htm;
        autoindex on;
        client_body_temp_path /mnt;
client_body_temp_path处填写需要webdav的路径
  # ngx_http_dav_module 模块支持
        dav_methods PUT DELETE MKCOL COPY MOVE;
        create_full_put_path on;
         
        # nginx-dav-ext-module 模块支持
        dav_ext_methods PROPFIND OPTIONS LOCK UNLOCK;   
    }
}
########################## vhost #############################
  include vhost/*.conf;
}
希望你没有忘记这个分号

文章参考了以下链接

对了有问题记得留言喔

made by qwe

点赞

发表评论

必填项已用 * 标注

百度已收录