nginx.conf配置
user www www; worker_processes auto; worker_cpu_affinity auto; error_log /home/wwwlogs/nginx_error.log crit; pid /usr/local/nginx/logs/nginx.pid; #Specifies the value for maximum file descriptors that can be opened by this process. worker_rlimit_nofile 51200; events { use epoll; worker_connections 51200; multi_accept off; accept_mutex off; } http { server { listen 443 ssl; server_name www.xxx.com; root /home/www/oscshop5/Webroot; index index.html index.htm; ssl_certificate /usr/local/nginx/conf/cert/www.xxx.com.pem; ssl_certificate_key /usr/local/nginx/conf/cert/www.xxx.com.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { proxy_pass http://127.0.0.1:9501; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_connect_timeout 300s; proxy_send_timeout 300s; proxy_read_timeout 300s; } # 前端项目资源匹配 location ~/statics/.*\.(gif|jpg|jpeg|png|txt|mp3|mp4|rmvb|mkv|avi|mov|MOV|json|ico|css|js|html|woff|woff2|ttf)$ { root /home/www/oscshop5/Webroot/; } # 上传资源 location ~/uploads/.*\.(gif|jpg|jpeg|png|txt|mp3|mp4|rmvb|mkv|avi|mov|MOV|json|ico|css|js|html|woff|woff2|ttf)$ { root /home/www/oscshop5/Webroot/; } access_log /home/wwwlogs/https_www.xxx.com.log; } include mime.types; default_type application/octet-stream; server_names_hash_bucket_size 128; client_header_buffer_size 32k; large_client_header_buffers 4 32k; client_max_body_size 50m; sendfile on; sendfile_max_chunk 512k; tcp_nopush on; keepalive_timeout 60; tcp_nodelay on; fastcgi_connect_timeout 300; fastcgi_send_timeout 300; fastcgi_read_timeout 300; fastcgi_buffer_size 64k; fastcgi_buffers 4 64k; fastcgi_busy_buffers_size 128k; fastcgi_temp_file_write_size 256k; gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.1; gzip_comp_level 2; gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml application/xml+rss; gzip_vary on; gzip_proxied expired no-cache no-store private auth; gzip_disable "MSIE [1-6]\."; #limit_conn_zone $binary_remote_addr zone=perip:10m; ##If enable limit_conn_zone,add "limit_conn perip 10;" to server section. server_tokens off; access_log off; include vhost/*.conf; }