Article Title: nginx static service file configuration. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
Our goal is to configure a server with the fastest service and the most efficient cpu/io utilization, and more importantly, a secure web server. The following configuration file applies to the latest version of nginx.
Write
######################################## ###############
### Calomel.org/etc/nginx. conf BEGIN
######################################## ###############
#
Pid/var/run/nginx. pid;
User nginx;
Worker_processes 2;
Events {
Worker_connections 1024;
}
Http {
# MIME types
Include mime. types;
# Types {
# Image/gif;
# Image/jpeg jpg;
# Image/png;
# Image/bmp;
# Image/x-icon ico;
# Text/css;
# Text/html;
# Text/plain bob;
# Text/plain txt;
}
Default_type application/octet-stream;
# Size Limits
Client_body_buffer_size 8 k;
Client_header_buffer_size 1 k;
Client_max_body_size 1 k;
Large_client_header_buffers 1 1 k;
# Timeouts
Client_body_timeout 5;
Client_header_timeout 5;
Keepalive_timeout 5 5;
Send_timeout 5;
# General Options
Ignore_invalid_headers on;
Limit_zone gulag $ binary_remote_addr 1 m;
Recursive_error_pages on;
Sendfile on;
Server_name_in_redirect off;
Server_tokens off;
# TCP options
Tcp_nodelay on;
Tcp_nopush on;
# Compression
Gzip on;
Gzip_static on;
Gzip_buffers 16 8 k;
Gzip_comp_level 9;
Gzip_http_version 1.0;
Gzip_min_length 0;
Gzip_types text/plain text/html text/css image/x-icon image/bmp;
Gzip_vary on;
# Log Format
Log_format main '$ remote_addr $ host $ remote_user [$ time_local] "$ request "'
'$ Status $ body_bytes_sent "$ http_referer" "$ http_user_agent" "$ gzip_ratio "';
# Deny access to any host other than (www.) mydomain.com
Server {
Server_name _; # default
Return 444;
}
# Server (www.) mydomain.com
Server {
Access_log/var/log/nginx/access. log main buffer = 32 k;
Error_log/var/log/nginx/error. log info;
Expires 31d;
Limit_conn gulag 5;
Listen 127.0.0.1: 8080 rcvbuf = 64 k backlog = 128;
Root/disk01/htdocs;
Server_name mydomain.com www. mydomain;
# SSL Options (only enable if you use a SSL certificate)
# Ssl on;
# Ssl_certificate/ssl_keys/mydomain.com _ ssl. crt;
# Ssl_certificate_key/ssl_keys/mydomain_ssl.key;
# Ssl_ciphers HIGH :! ADH :! MD5;
# Ssl_prefer_server_ciphers on;
# Ssl_protocols SSLv3;
# Ssl_session_cache shared: SSL: 1 m;
# Ssl_session_timeout 5 m;
# Only allow GET and HEAD request methods
If ($ request_method !~ ^ (GET | HEAD) $ ){
Return 444;
}
[1] [2] [3] Next page