lnmp多用户安全运行环境(chroot)(7)
cat >/usr/local/nginx/conf/proxy.inc <<EOF
proxy_connect_timeout 600s;
proxy_send_timeout 600s;
proxy_read_timeout 600s;
proxy_buffer_size 64k;
proxy_buffers 32 32k;
proxy_busy_buffers_size 128k;
#proxy_pass http://127.0.0.1:81;
proxy_redirect off;
proxy_hide_header Vary;
proxy_set_header Accept-Encoding '';
proxy_ignore_headers Cache-Control Expires;
proxy_set_header Host \$host;
proxy_set_header Referer \$http_referer;
proxy_set_header Cookie \$http_cookie;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_pass_header Set-Cookie;
proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
client_max_body_size 100m;
client_body_buffer_size 128k;
add_header X-Via "CWS/2.2";
proxy_hide_header X-AspNet-Version;
proxy_hide_header X-Powered-By;
proxy_hide_header X-Varnish;
proxy_hide_header Age;
proxy_hide_header Via;
proxy_hide_header X-Via;
EOF
cat >/usr/local/nginx/conf/proxy_cache.inc <<EOF
proxy_cache proxy;
proxy_cache_key \$host\$uri\$is_args\$args;
#proxy_cache_purge proxy \$host\$1\$is_args\$args;
proxy_cache_min_uses 1;
proxy_cache_valid 200 301 302 1h;
proxy_cache_valid any 1m;
proxy_cache_use_stale error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_temp_file_write_size 64k;
proxy_max_temp_file_size 100m;
proxy_cache_bypass \$cookie_nocache \$arg_nocache \$arg_comment;
proxy_no_cache \$cookie_nocache \$arg_nocache \$arg_comment;
proxy_cache_bypass \$http_pragma \$http_authorization;
proxy_no_cache \$http_pragma \$http_authorization;
proxy_cache_bypass \$skip_cache;
proxy_no_cache \$skip_cache;
add_header Nginx-Cache "$upstream_cache_status";
EOF
cat >/usr/local/nginx/conf/fastcgi_purge_cache.inc <<EOF
set \$skip_cache 0;
# POST requests and urls with a query string should always go to PHP
if ( \$request_method = POST ) {
set \$skip_cache 1;
}
if ( \$query_string != "" ) {
set \$skip_cache 1;
}
if ( \$request_method = "PURGE" ) {
rewrite ^(.*) /purge\$1 last;
}
location ~ /purge(/.*) {
allow all;
fastcgi_cache_purge fastcgi \$request_method\$scheme\$host\$1;
error_page 405 =200 /purge\$1;
add_header Nginx-Cache "Purged";
}
EOF
cat >/usr/local/nginx/conf/proxy_purge_cache.inc <<EOF
set \$skip_cache 0;
# POST requests and urls with a query string should always go to PHP
if ( \$request_method = POST ) {
set \$skip_cache 1;
}
if ( \$query_string != "" ) {
set \$skip_cache 1;
}
if ( \$request_method = "PURGE" ) {
rewrite ^(.*) /purge\$1 last;
}
location ~ /purge(/.*) {
allow all;
proxy_cache_purge proxy \$host\$1\$is_args\$args;
error_page 405 =200 /purge\$1;
add_header Nginx-Cache "Purged";
}
EOF
cat >/usr/local/nginx/conf/nginx.conf <<EOF
user www;
google_perftools_profiles /tmp/tcmalloc;
#worker_cpu_affinity 01 10;
# no need for more workers in the proxy mode
worker_processes 1;
#error_log /var/log/nginx/error.log info;
error_log /dev/null info;
worker_rlimit_nofile 5120;
events {
worker_connections 5120; # increase for busier servers
use epoll; # you should use epoll here for Linux kernels 2.6.x
}
http {
access_log off;
log_format bytes "\$bytes_sent";
server_name_in_redirect off;
server_names_hash_max_size 2048;
server_names_hash_bucket_size 256;
server_tokens off;
include mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
client_header_timeout 60s;
client_body_timeout 60s;
send_timeout 600s;
reset_timedout_connection on;
keepalive_timeout 5 60;
# keepalive_requests 100;
# keepalive_timeout 0;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_keep_conn on;
fastcgi_buffer_size 16k;
fastcgi_buffers 16 16k;
fastcgi_busy_buffers_size 32k;
fastcgi_temp_file_write_size 32k;
fastcgi_intercept_errors on;
open_file_cache max=51200 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 1;
ssi on;
ssi_silent_errors on;
ssi_types text/shtml;
gzip on;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
gzip_vary on;
gzip_http_version 1.0;
gzip_min_length 1100;
gzip_comp_level 6;
gzip_buffers 16 16k;
gzip_proxied any;
gzip_types application/ecmascript;
gzip_types application/javascript;
gzip_types application/pdf;
gzip_types application/postscript;
gzip_types image/svg+xml;
gzip_types text/plain;
gzip_types text/css;
gzip_types text/csv;
gzip_types application/json;
gzip_types application/x-javascript;
gzip_types text/xml;
gzip_types application/xml;
gzip_types application/xml+rss;
gzip_types text/javascript;
connection_pool_size 256;
client_max_body_size 100m;
client_body_buffer_size 128k;
client_header_buffer_size 4k;
large_client_header_buffers 4 4k;
request_pool_size 32k;
output_buffers 4 32k;
postpone_output 1460;
client_body_temp_path /tmp/nginx_client;
proxy_temp_path /tmp/nginx_proxy;
fastcgi_temp_path /tmp/nginx_fastcgi;
uwsgi_temp_path /tmp/nginx_uwsgi;
scgi_temp_path /tmp/nginx_scgi;
proxy_cache_path /var/cache/nginx/proxy_cache levels=1:2 keys_zone=proxy:50m inactive=30m max_size=2m;
fastcgi_cache_path /var/cache/nginx/fastcgi_cache levels=1:2 keys_zone=fastcgi:50m inactive=30m max_size=2m;
limit_conn_zone \$binary_remote_addr zone=one:10m;
set_real_ip_from 127.0.0.1;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
include "/usr/local/nginx/conf/proxy/*.conf";
include "/usr/local/nginx/conf/vhosts/*.conf";
}
EOF
- 上一篇:Linux下时钟同步ntpd服务配置方法汇总
- 下一篇:查看CentOS版本方法
