Nginx 常用配置
location / {
root /usr/share/nginx/html;
index index.html;
}
location / {
root /usr/share/nginx/html;
index index.html;
try_files $uri /index.html;
}
location /api {
proxy_pass http://server:port;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
listen 443 ssl;
http2 on;
server_name xxx.com;
root /usr/share/nginx/html/html/xxx;
access_log /var/log/nginx/xxx.access.log main;
ssl_certificate /cert/fullchain.pem;
ssl_certificate_key /cert/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
location /ws/api {
proxy_pass http://server:port;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /upload/ {
# 对于上传,可以适当增大此值,让小文件直接在内存中处理
client_body_buffer_size 128k;
client_max_body_size 200m;
}
| 配置项 | 作用 | 默认值 | 推荐设置场景 |
|---|
client_max_body_size | 限制请求体大小 | 1m | 最常用。在 location 块中为文件上传接口设置较大值(如 100m)。 |
proxy_buffer_size | 代理响应头缓冲区大小 | 4k/8k | 当后端响应头很大时,或日志有相关警告时。 |
proxy_buffers | 代理响应体缓冲区 | 8 4k/8k | 当后端返回大文件或数据,需要优化性能时。 |
proxy_max_temp_file_size | 代理临时文件最大大小 | 1024m | 当后端响应可能超过1GB时。 |
large_client_header_buffers | 限制请求头大小 | 4 8k | 当 URL 或 Cookie 特别长时。 |
limit_req_zone/limit_req | 限制请求速率 | N/A | 强烈推荐。用于防御 DDoS 和暴力破解,保护登录、搜索等关键接口。 |
评论已关闭