Cấu hình nginx (conf)
Trong đó:
- sites_available: chứa danh sách các file cấu hình cho từng ứng dụng.
- nginx.conf : file cấu hình.
- nginx-attt.conf: cấu hình các tham số an toàn thông tin.
- nginx-common.conf: cấu hình các tham số chung cho toàn hệ thống.
1.nginx.conf:
#user nobody;
worker_processes auto;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
multi_accept on;
use epoll;
}
http {
include mime.types;
include nginx-attt.conf;
include nginx-common.conf;
default_type application/octet-stream;
# include vt-attt.conf;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
#tcp_nopush on;
#keepalive_timeout 0;
#keepalive_timeout 65;
gzip on;
gzip_vary on;
gzip_min_length 10240;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
gzip_disable "MSIE [1-6]\.";
open_file_cache max=2000 inactive=20s;
open_file_cache_valid 60s;
open_file_cache_min_uses 5;
open_file_cache_errors off;
#add_header X-Server node7;
include sites-available/*;
}
#config load balance and https
#--------------------------------------------------------------------------------------------------------------------------
upstream cms {
ip_hash;
server 10.10.56.12:8610;
server 10.10.56.13:8610;
}
server {
listen 443;
server_name 10.10.56.14;
ssl on;
ssl_certificate /path/to/ssl/self-ssl.crt;
ssl_certificate_key /path/to/ssl/self-ssl.key;
if ($remote_addr = 125.235.40.59) {
return 404;
}
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
return 444;
}
# location ~* \.(js|css|jpg|jpeg|gif|png|svg|ico|pdf|html|htm)$ {
# root /var/www/html/www/web;
# expires 30d;
# }
location / {
proxy_pass http://cms;
proxy_set_header X-Real-IP $remote_addr;
include proxy_params;
proxy_connect_timeout 3600;
proxy_send_timeout 3600;
}
include vt-common.conf;
}
#config load balance and https
#--------------------------------------------------------------------------------------------------------------------------
upstream cms {
ip_hash;
server 10.10.56.12:8610;
server 10.10.56.13:8610;
}
server {
listen 443;
server_name 10.10.56.14;
ssl on;
ssl_certificate /path/to/ssl/self-ssl.crt;
ssl_certificate_key /path/to/ssl/self-ssl.key;
if ($remote_addr = 125.235.40.59) {
return 404;
}
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
return 444;
}
# location ~* \.(js|css|jpg|jpeg|gif|png|svg|ico|pdf|html|htm)$ {
# root /var/www/html/www/web;
# expires 30d;
# }
location / {
proxy_pass http://cms;
proxy_set_header X-Real-IP $remote_addr;
include proxy_params;
proxy_connect_timeout 3600;
proxy_send_timeout 3600;
}
include vt-common.conf;
}
#--------------------------------------------------------------------------------------------------------------------------
2.nginx-attt.conf
# ATTT
server_tokens off;
# kiem soat bo nho dem (tranh tan cong tran bo nho)
## Start: Size Limits & Buffer Overflows ##
client_body_buffer_size 1K;
client_header_buffer_size 1k;
client_max_body_size 1k;
large_client_header_buffers 8 16k;
## END: Size Limits & Buffer Overflows ##
## Start: Timeouts ##
client_body_timeout 10;
client_header_timeout 10;
keepalive_timeout 5 5;
send_timeout 10;
## End: Timeouts ##
### KIEM SOAT KET NOI DONG THOI
### Directive describes the zone, in which the session states are stored i.e. store in slimits. ###
### 1m can handle 32000 sessions with 32 bytes/session, set to 5m x 32000 session ###
# limit_conn_zone slimits $binary_remote_addr 5m;
### Control maximum number of simultaneous connections for one session i.e. ###
### restricts the amount of connections from a single ip address ###
# limit_conn slimits 5;
3.nginx-common.conf
# GIOI HAN PHUONG THUC
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
return 404;
}
location ~ /\.ht {
deny all;
}
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
fastcgi_busy_buffers_size 32k;
#######################################
4.sites-available/<port>-<app-name>.conf
sites-available/80-app-cms.conf
server {
listen 80;
root /u02/app/cms/web;
index index.php;
access_log /u02/app/env/nginx-1.9.7/logs/app_80.access.log main;
error_log /u02/app/env/nginx-1.9.7/logs/app_80.error.log;
client_max_body_size 200M;
location / {
try_files $uri $uri/ /index.php$uri?$args;
}
location ~ "^(.+\.php)($|/)" {
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
fastcgi_read_timeout 300;
}
location ~* ^.+\.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|pdf|txt|tar|wav|bmp|rtf|js|flv|swf)$ {
expires 1d;
access_log off;
}
}
5.proxy_params
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 0;
client_body_buffer_size 1m;
proxy_intercept_errors on;
proxy_buffering on;
proxy_buffer_size 128k;
proxy_buffers 256 16k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
proxy_max_temp_file_size 0;
proxy_read_timeout 300;
5.proxy_params
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 0;
client_body_buffer_size 1m;
proxy_intercept_errors on;
proxy_buffering on;
proxy_buffer_size 128k;
proxy_buffers 256 16k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
proxy_max_temp_file_size 0;
proxy_read_timeout 300;
Không có nhận xét nào:
Đăng nhận xét