nginx1.10.3一鍵安裝/系統核心優化/配置檔案優化/https/日誌切割
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
|
下面的是一鍵安裝nginx 1.10.3 最新穩定版本,編譯引數是官方推薦的。 yum groupinstall "Development Tools" -y
yum install wget zlib-devel openssl-devel pcre-devel -y
cd /usr/local/src
wget http: //nginx .org /download/nginx-1 .10.3. tar .gz
tar zxvf nginx-1.10.3. tar .gz
cd nginx-1.10.3
groupadd -g 58 nginx useradd -u 58 -g 58 -M nginx -s /sbin/nologin
mkdir -p /var/tmp/nginx/ {client,proxy,fastcgi,uwsgi,scgi}
mkdir -p /var/cache/nginx/client_temp
. /configure
--user=nginx --group=nginx --prefix= /etc/nginx
--sbin-path= /usr/sbin/nginx
--conf-path= /etc/nginx/nginx .conf
--error-log-path= /var/log/nginx/error .log
--http-log-path= /var/log/nginx/access .log
--pid-path= /var/run/nginx .pid
--lock-path= /var/run/nginx .lock
--http-client-body-temp-path= /var/cache/nginx/client_temp
--http-proxy-temp-path= /var/cache/nginx/proxy_temp
--http-fastcgi-temp-path= /var/cache/nginx/fastcgi_temp
--http-uwsgi-temp-path= /var/cache/nginx/uwsgi_temp
--http-scgi-temp-path= /var/cache/nginx/scgi_temp
--user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-threads --with-stream --with-stream_ssl_module --with-http_slice_module --with-mail --with-mail_ssl_module --with- file -aio
--with-http_v2_module --with-ipv6 make && make install
nginx -V Centos7 啟動方式 cat >> /lib/systemd/system/nginx .service <<EOF
[Unit] Description=nginx - high performance web server Documentation=http: //nginx .org /en/docs/
After=network.target remote-fs.target nss-lookup.target [Service] Type=forking PIDFile= /run/nginx .pid
ExecStartPre= /usr/sbin/nginx -t -c /etc/nginx/nginx .conf
ExecStart= /usr/sbin/nginx -c /etc/nginx/nginx .conf
ExecReload= /bin/kill -s HUP $MAINPID
ExecStop= /bin/kill -s QUIT $MAINPID
PrivateTmp= true
[Install] WantedBy=multi-user.target EOF systemctl enable nginx.service
systemctl start nginx.service netstat -lntup | grep 80
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
核心優化 cat >> /etc/sysctl .conf << EOF
net.ipv4.ip_forward = 0 net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.default.accept_source_route = 0 kernel.sysrq = 0 kernel.core_uses_pid = 1 net.ipv4.tcp_syncookies = 1 kernel.msgmnb = 65536 kernel.msgmax = 65536 kernel.shmmax = 68719476736 kernel.shmall = 4294967296 net.ipv4.tcp_max_tw_buckets = 6000 net.ipv4.tcp_sack = 1 net.ipv4.tcp_window_scaling = 1 net.ipv4.tcp_rmem = 4096 87380 4194304 net.ipv4.tcp_wmem = 4096 16384 4194304 net.core.wmem_default = 8388608 net.core.rmem_default = 8388608 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 net.core.netdev_max_backlog = 262144 net.core.somaxconn = 262144 net.ipv4.tcp_max_orphans = 3276800 net.ipv4.tcp_max_syn_backlog = 262144 net.ipv4.tcp_timestamps = 0 net.ipv4.tcp_synack_retries = 1 net.ipv4.tcp_syn_retries = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_mem = 94500000 915000000 927000000 net.ipv4.tcp_fin_timeout = 1 net.ipv4.tcp_keepalive_time = 30 net.ipv4.ip_local_port_range = 1024 6500 EOF |
1
2
3
|
sysctl -p cd /etc/nginx/
mv nginx.conf nginx.conf.bak
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
|
配置檔案優化,啟用HTTPS vim nginx.conf user nginx nginx; worker_processes auto; worker_rlimit_nofile 65535; error_log /var/log/nginx/error .log info;
pid /var/run/nginx .pid;
events { use epoll;
worker_connections 10240;
multi_accept on;
} http {
include mime.types;
default_type application /octet-stream ;
charset utf-8;
log_format main `$remote_addr - $remote_user [$time_local] "$request" `
`$status $body_bytes_sent "$http_referer" `
`"$http_user_agent" "$http_x_forwarded_for"` ;
access_log /var/log/nginx/access .log main;
server_names_hash_bucket_size 128;
client_header_buffer_size 16k;
large_client_header_buffers 4 16k;
client_max_body_size 50m;
server_tokens off;
autoindex off;
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;
client_header_timeout 15;
reset_timedout_connection on;
client_body_timeout 15;
send_timeout 15;
fastcgi_intercept_errors on;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 16k;
fastcgi_buffers 16 16k;
fastcgi_busy_buffers_size 16k;
fastcgi_temp_file_write_size 16k;
fastcgi_cache_path /etc/nginx/fastcgi_cache levels=1:2
keys_zone=TEST:10m
inactive=5m;
fastcgi_cache TEST;
fastcgi_cache_valid 200 302 1h;
fastcgi_cache_valid 301 1d;
fastcgi_cache_valid any 1m;
fastcgi_cache_min_uses 1;
fastcgi_cache_use_stale error timeout invalid_header http_500;
fastcgi_cache_key "$request_method://$host$request_uri" ;
open_file_cache max=204800 inactive=20s;
open_file_cache_min_uses 1;
open_file_cache_valid 30s;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 5;
gzip_types text /css application /javascript text /xml ;
gzip_vary on;
gzip_disable "MSIE [1-6].(?!.*SV1)" ;
server
{
listen 80;
server_name hequan.lol;
index index.php index.html index.htm;
root html;
return 301 https: // $server_name$request_uri;
}
server {
listen 443 ssl;
server_name hequan.lol;
index index.html index.htm index.php default.html default.htm default.php;
root html;
ssl on;
ssl_certificate /etc/nginx/key/1_www .hequan.lol_bundle.crt;
ssl_certificate_key /etc/nginx/key/2_www .hequan.lol.key;
ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5" ;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
location /status
{
stub_status on;
access_log off;
#allow 127.0.0.1;
#deny all;
}
error_page 400 401 402 403 404 /40x .html;
location = /40x .html {
root html;
index index.html index.htm;
}
error_page 500 501 502 503 504 /50x .html;
location = /50x .html {
root html;
index index.html index.htm;
}
location ~ .php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /etc/nginx/html $fastcgi_script_name;
include fastcgi_params;
}
location ~ .*.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*.(js|css)?$
{
expires 12h;
}
}
} 日誌切割 cat >> log.sh <<EOF
#!/bin/bash path= /var/log/nginx/backup
if [ ! -d "#path" ]; then
mkdir -p $path
fi cd /var/log/nginx
mv access.log backup/$( date +%F -d -1day).log
systemctl reload nginx.service EOF crontab -e
00 00 * * * /var/log/nginx/log .sh > /dev/null 2&1
|
關於證照 可以去
https://console.qcloud.com/ssl/apply (有效期一年) 申請,非常簡單。騰訊認證的。跟著流程走,幾分鐘就好。
1
2
|
ssl_certificate /etc/nginx/key/1_www .hequan.lol_bundle.crt;
ssl_certificate_key /etc/nginx/key/2_www .hequan.lol.key;
|
上面一個是證照,一個是金鑰。自定義目錄。
以上設定僅供參考。歡迎提出有疑問的地方。
本文轉自 295631788 51CTO部落格,原文連結:http://blog.51cto.com/hequan/1895932,如需轉載請自行聯絡原作者
相關文章
- MySQL優化-安裝配置優化MySql優化
- MySQL慢日誌優化MySql優化
- Oracle歸檔日誌暴增排查優化Oracle優化
- Android優化系列一:日誌清理Android優化
- Linux系統配置(系統優化)Linux優化
- ext4檔案系統的優化優化
- Tomcat—部署配置及優化(安裝部署;虛擬主機配置;優化)Tomcat優化
- (mysql優化-3) 系統優化MySql優化
- nginx日誌切割配置Nginx
- Apache 配置日誌切割Apache
- Linux 檔案許可權、系統優化Linux優化
- 免安裝版MySQL的優化與配置MySql優化
- MySQL-5.5.32 配置檔案優化詳解MySql優化
- MySQL優化之系統變數優化MySql優化變數
- 日誌檔案系統
- Nginx的SSL配置優化 – HTTPS SSL 教程Nginx優化HTTP
- SEO優化之淺談蜘蛛日誌優化
- 系統優化怎麼做-Tomcat優化優化Tomcat
- oracle效能優化二——作業系統優化Oracle優化作業系統
- Linux系統優化部分核心引數調優中文註釋Linux優化
- Nginx配置檔案詳解與優化建議Nginx優化
- 【http】https加速優化HTTP優化
- fedora 8上的系統日誌的配置檔案
- Linux系統常見的日誌檔案及優先順序別!Linux
- Mysql資料庫優化配置檔案my.ini檔案配置解釋MySql資料庫優化
- Android效能優化之UncaughtExceptionHandler定製自己的錯誤日誌系統Android優化Exception
- Tomcat安裝與優化Tomcat優化
- MySQL 核心深度優化MySql優化
- 【Go】使用壓縮檔案優化io (一)Go優化
- 【Go】使用壓縮檔案優化 io (一)Go優化
- 效能優化:紋理檔案優化
- Oracle 某行系統SQL優化案例(一)OracleSQL優化
- Linux 系統優化Linux優化
- 系統的優化思路優化
- 系統優化相關優化
- hadoop叢集搭建配置檔案優化引數Hadoop優化
- go開發屬於自己的日誌庫-日誌庫優化Go優化
- 【效能優化】秒殺系統效能優化初體驗優化