Nginx
→ 返回运维工具
高性能 Web 服务器 / 反向代理 / 负载均衡器,事件驱动架构,并发能力强。
常用命令
nginx -t # 检查配置语法
nginx -s reload # 热重载(不中断服务)
nginx -s quit # 优雅停止
systemctl status nginx配置文件结构
# /etc/nginx/nginx.conf
worker_processes auto;
events {
worker_connections 1024;
}
http {
include mime.types;
sendfile on;
gzip on;
include /etc/nginx/conf.d/*.conf;
}静态文件服务
server {
listen 80;
server_name example.com;
root /var/www/html;
index index.html;
location / {
try_files $uri $uri/ /index.html; # SPA 路由支持
}
location ~* \.(js|css|png|jpg|ico)$ {
expires 30d;
add_header Cache-Control "public";
}
}反向代理
server {
listen 80;
server_name api.example.com;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 60s;
}
}负载均衡
upstream backend {
least_conn;
server 192.168.1.10:8080 weight=2;
server 192.168.1.11:8080 weight=1;
server 192.168.1.12:8080 backup;
}
server {
listen 80;
location / {
proxy_pass http://backend;
}
}| 策略 | 说明 |
|---|---|
| 轮询(默认) | 依次分配 |
least_conn | 最少连接 |
ip_hash | 同一 IP 固定后端 |
weight | 按权重分配 |
HTTPS 配置
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/ssl/example.com.crt;
ssl_certificate_key /etc/ssl/example.com.key;
ssl_protocols TLSv1.2 TLSv1.3;
location / {
proxy_pass http://127.0.0.1:8080;
}
}
# HTTP 跳转 HTTPS
server {
listen 80;
server_name example.com;
return 301 https://$host$request_uri;
}常用配置片段
client_max_body_size 50m; # 限制请求体大小
server_tokens off; # 隐藏版本号
gzip on;
gzip_types text/plain text/css application/json application/javascript;
gzip_min_length 1024;
# 跨域
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";相关文档
- Docker — Nginx 容器化部署
- Kubernetes — Ingress 与 Nginx