nginx配置文件相关

 原始的配置文件内容 

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;
   client_max_body_size 200m;
    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    server {
        listen       80;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            root   html;
            index  index.html index.htm;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

}
                         

可在http{}中任意一行(不影响其他代码)添加 include /etc/nginx/conf.d/*.conf; 

 例如在server{}前添加include /etc/nginx/conf.d/*.conf; 

http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;
   client_max_body_size 200m;
    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;
    #引入外部配置文件
    include /etc/nginx/conf.d/*.conf;
    server {
        listen       80;
        server_name  localhost;
...(省略后续代码)

即引用外部配置文件,无需再原本的配置文件中进行设置,只需要在配置的/etc/nginx/conf.d/

添加对应的配置文件,命名格式需要与*.conf格式一致,例如:api.conf,多个项目可建立多个配置文件(同时监听80端口)  

server_name 指定前端访问域名,前端使用对应域名访问时(前提是需要域名解析的是对应的公网ip服务器或者你的计算机),则优先使用对应配置文件

upstream mtomcat{

        #ip_hash;
        server 127.0.0.1:8090;


}


server {
                listen       80;
                server_name  m.rchat.com.cn;

                #charset koi8-r;

                #access_log  logs/host.access.log  main;

                location / {
                        proxy_pass http://mtomcat/waysion_medical_backend;
                        proxy_set_header Host $http_host;
                        proxy_set_header X-Real-IP $remote_addr;
                        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                        proxy_set_header X-Forwarded-Proto $scheme;
                }

                location /waysion_medical_backend {
                        proxy_pass http://mtomcat/waysion_medical_backend;
                        proxy_set_header Host $http_host;
                        proxy_set_header X-Real-IP $remote_addr;
                        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                        proxy_set_header X-Forwarded-Proto $scheme;
                }

                location /uploadFiles {
                        proxy_pass http://mtomcat/uploadFiles;
                        proxy_set_header Host $http_host;
                        proxy_set_header X-Real-IP $remote_addr;
                        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                        proxy_set_header X-Forwarded-Proto $scheme;
                }

                error_page   500 502 503 504  /50x.html;
                location = /50x.html {
                        root   html;
                }

                #location ~ \.php$ {
                #    proxy_pass   http://127.0.0.1;
                #}

    }

---------------------------------------------------------------------------------------------------------------------------------

备注:

worker_processes  1;   worker 进程数

配置文件中的 worker 进程数,一般会设置成机器 cpu 核数

更多的worker 数,只会导致进程相互竞争 cpu,从而带来不必要的上下文切换。

 events中可优化位置:

events {
    use epoll;
    worker_connections  1024;
}

反向代理和负载均衡:

upstream mysvr { 
      server 127.0.0.1:7878
      server 192.168.10.121:3333    
}
location /userapi{
	  #配置路径
      proxy_pass http://mysvr/userapi;
        #正确获取getRequestURL的值
      proxy_redirect off;
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;                                                                                               
}
#是否是解决nginx time_wait连接过多的配置 不确定。
proxy_http_version 1.1;
proxy_set_header Connection "";
#在proxy_pass中添加对应的keepalive
upstream http_backend {
    server 127.0.0.1:8080;
    keepalive 16;
}

---------------------------------------------------------------------------------------------------------------------------------

Nginx 导致后台time_wait连接过多的问题:

原因:nginx在负载均衡的时候采取短连接机制,并且主动断开连接?

问题不大,但是可能导致端口占用过多而无法启动新的tcp连接

优化系统参数

  1. vi /etc/sysctl.conf  
  2. net.ipv4.tcp_syncookies = 1  
  3. net.ipv4.tcp_tw_reuse=1 #TIME_WAIT状态可以重用,这样即使TIME_WAIT占满了所有端口,也不会拒绝新的请求造成障碍 默认是0  
  4. net.ipv4.tcp_tw_recycle=1 #TIME_WAIT尽快回收 默认0  
  5. net.ipv4.tcp_fin_timeout=30  
  6. /sbin/sysctl -p 让修改生效  

 net.ipv4.tcp_tw_recycle=1 #TIME_WAIT尽快回收 默认0   在线上不建议开启,会导致NAT内的部分连接被拒绝

1. MSL 由来

  发起连接关闭方回复最后一个fin ack,为避免对方ack 收不到、重发的或还在中间路由上的fin 把新连接给丢掉了,等个2MSLlinux 默认2min)。

  也就是连接有谁关闭的那一方有time_wait问题,被关那方无此问题。

2. reuserecycle

     通过timestamp的递增性来区分是否新连接,新连接的timestamp更大,那么保证小的timestamp fin 不会fin掉新连接,不用等2MSL

3. reuse

     通过timestamp 递增性,客户端、服务器能够处理outofbind fin

4. recycle

    对于服务端,同一个src ip,可能会是NAT后很多机器,这些机器timestamp递增性无可保证,服务器会拒绝非递增请求连接。

你可能感兴趣的