惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
C
CERT Recently Published Vulnerability Notes
C
Cybersecurity and Infrastructure Security Agency CISA
P
Proofpoint News Feed
Security Latest
Security Latest
P
Privacy International News Feed
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
AI
AI
Cisco Talos Blog
Cisco Talos Blog
K
Kaspersky official blog
S
Secure Thoughts
PCI Perspectives
PCI Perspectives
Simon Willison's Weblog
Simon Willison's Weblog
D
DataBreaches.Net
GbyAI
GbyAI
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
大猫的无限游戏
大猫的无限游戏
T
Tailwind CSS Blog
The Cloudflare Blog
阮一峰的网络日志
阮一峰的网络日志
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
罗磊的独立博客
V
Visual Studio Blog
aimingoo的专栏
aimingoo的专栏
H
Hackread – Cybersecurity News, Data Breaches, AI and More
IT之家
IT之家
V
V2EX
Last Week in AI
Last Week in AI
有赞技术团队
有赞技术团队
月光博客
月光博客
酷 壳 – CoolShell
酷 壳 – CoolShell
T
Tenable Blog
T
Threat Research - Cisco Blogs
T
Troy Hunt's Blog
V2EX - 技术
V2EX - 技术
S
Security @ Cisco Blogs
Security Archives - TechRepublic
Security Archives - TechRepublic
Project Zero
Project Zero
The GitHub Blog
The GitHub Blog
Recent Commits to openclaw:main
Recent Commits to openclaw:main
L
Lohrmann on Cybersecurity
F
Full Disclosure
H
Help Net Security
博客园 - Franky
Stack Overflow Blog
Stack Overflow Blog
N
Netflix TechBlog - Medium
Engineering at Meta
Engineering at Meta
A
Arctic Wolf
O
OpenAI News
S
Securelist

博客园 - e3tB8Wz7

Windows PowerShell 查看特定网卡的详细信息 阿里云 CentOS 7 yum镜像(Centos-7.repo) powershell上移文件夹下的所有文件 一行命令查看docker所有网络 + 子网 Microsoft Office 安装与激活 Microsoft Edge隐藏边栏快捷键 微信小程序hideLoading隐藏showToast提示的问题 前端开发解决方案 pl/sql developer设置oracle环境变量 postman-app下载官方历史版本 logback日志格式 springboot alibaba druid数据库连接池配置,输出可执行sql 统计accesslog日志中的慢接口,排序后取前几条 将多个文件的内容附加到一个文件中 统计accesslog日志中每个url的请求次数,排序后取前几条 如何在反向代理后面部署spring服务? Shell:用sed命令删除特定行 Git for Windows 国内下载站 oracle查询日期属于一年的第几周,日期所在周的周一是哪一天
nginx配置文件生产环境优化
e3tB8Wz7 · 2025-07-29 · via 博客园 - e3tB8Wz7

主配置文件:

/etc/nginx/nginx.conf
# 全局配置优化
user nginx;
worker_processes auto;
worker_cpu_affinity auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;

# 事件处理模型优化
events {
    worker_connections 10240;
    use epoll;
    multi_accept on;
}

# HTTP核心配置优化
http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    # 日志配置
    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';
    access_log /var/log/nginx/access.log main;

    # 性能优化
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    keepalive_requests 100;

    # 压缩优化(删除重复的text/javascript)
    gzip on;
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 5;
    gzip_buffers 16 8k;
    gzip_http_version 1.1;
    gzip_types  # 已移除重复的text/javascript
        text/css
        application/javascript  # 保留application/javascript
        application/json
        text/xml
        application/xml
        application/xml+rss
        image/svg+xml;  # Vue项目常用的SVG资源

    # 客户端请求限制
    client_max_body_size 10m;
    client_body_buffer_size 128k;

    # 引入子配置(server块)
    include /etc/nginx/conf.d/*.conf;
}

子配置文件:

/etc/nginx/conf.d/default.conf
# 虚拟主机配置
server {
    listen 80;
    server_name localhost;
    server_tokens off;

    # 安全头加固(确保所有响应携带)
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-XSS-Protection "1; mode=block" always;

    # 根路径配置(入口文件 index.html)
    location / {
        root /usr/share/nginx/html;
        index index.html;
        try_files $uri $uri/ /index.html;
        # 入口文件不缓存,确保获取最新版本
        add_header Cache-Control "no-cache, no-store, must-revalidate" always;
        add_header Pragma "no-cache" always;
    }

    # 带哈希的静态资源(适配“文件名-哈希.扩展名”格式)
    # 哈希规则:Vite 生成的 base64 字符集(A-Za-z0-9-_)
    location ~* ^.+-[A-Za-z0-9-_]+\.(js|css|ico|svg|png|jpg|jpeg|gif)$ {
        root /usr/share/nginx/html;
        # 长期缓存(1年),标记资源不可变(哈希变化即失效)
        add_header Cache-Control "public, immutable, max-age=31536000" always;
        add_header ETag "" always;  # 禁用ETag,减少验证请求
    }

    # 不带哈希的静态资源(如未哈希的图片、ico等)
    location ~* \.(js|css|ico|svg|png|jpg|jpeg|gif)$ {
        root /usr/share/nginx/html;
        # 短缓存(1小时),平衡缓存与更新
        add_header Cache-Control "public, max-age=3600" always;
    }

    # 反向代理:backend服务
    location /backend/ {
        proxy_pass http://host:port/;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_connect_timeout 30s;
        proxy_send_timeout 30s;
        proxy_read_timeout 60s;
        proxy_buffering on;
        proxy_buffer_size 16k;
        proxy_buffers 4 64k;
        proxy_busy_buffers_size 128k;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    # 错误页配置
    error_page 404 /404.html;
    location = /404.html {
        root /usr/share/nginx/html;
    }
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root /usr/share/nginx/html;
    }
}

posted @ 2025-07-29 15:36  e3tB8Wz7  阅读(34)  评论()    收藏  举报