常用技巧
配置片段
-
http转向https
rewrite ^(.*) https://$server_name$1 permanent; rewrite ^(.*) https://$host$1 permanent;- 两种写法,各有适合场合
- $server_name, 由nginx配置决定
- $host,由请求路径决定
-
正向代理
server { listen 80; location / { proxy_pass http://$host$request_uri; } }- 配合日志,可以用来调试
- 可以过滤掉特定请求
- 可以检查http请求是否被拦截
-
解决无法加载样式表
# 否则无法加载样式表 include /etc/nginx/mime.types; default_type application/octet-stream; -
支持http2
-
自定义安装带上v2,ssl
./configure --prefix=/Users/Shared/nginx \ --with-http_v2_module \ --with-http_ssl_module \ --with-openssl=/opt/homebrew/Cellar/openssl@1.1/1.1.1m\ --with-debug -
配置增加上http2
... server { # 默认情况http2都走ssl,所以在ssl加上http2 listen 443 ssl http2; ... } ...
-
-
支持http3
-
自定义安装带上v3,ssl,brotli
./auto/configure --with-http_v3_module \ --with-stream_quic_module \ --with-http_ssl_module \ --with-http_v2_module \ --add-module=../ngx_brotli \ --with-cc-opt="-I../libressl/build/include" \ --with-ld-opt="-L../libressl/build/lib" -
配置增加上http3
... http { brotli on; brotli_comp_level 6; brotli_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript image/svg+xml; server { # 默认情况http2都走ssl,所以在ssl加上http2 listen 443 ssl http2; listen 443 http3 reuseport; # UDP listener for QUIC+HTTP/3,在主域名表示reuseport,否则会提示冲突 ssl_protocols TLSv1.3; # QUIC requires TLS 1.3 # 一定要添加头部,否则无法开启 add_header alt-svc 'h3=":443"; ma=86400;quic=":443"; ma=2592000; v="46,43", h3-Q050=":443"; ma=2592000, h3-Q049=":443"; ma=2592000, h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-23=":443"; ma=2592000'; ... } ... } ...
-
-
四层代理-stream
-
自定义安装带上stream
./configure --prefix=/Users/Shared/nginx \ --with-stream \ --with-debug make && make install -
配置增加上stream
... stream { server { listen 8411; proxy_timeout 3s; proxy_pass xxx:8411; } } ...
-
-
gzip-压缩支持
... http { # 打开gzip指令,否则后面不会生效 gzip on; # 回包头部增加content-encoding: gzip gzip_vary on; # 压缩类型 gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript image/svg+xml; } ... -
location / { #可以多次映像/复制,从而起到放大流量功能 #产生一个http subrequest "/mirror?",跳转到相应location #所以mirror结果(包括超时,服务器关闭,50x,40x等等),不影响这个本身速度及结果 #但是占用内存,消费conn连接池之类还是要的 #mirror /mirror; #mirror /mirror; mirror /mirror; #允许丢掉body #mirror_request_body off; proxy_pass http://backend; } location = /mirror { # 判断请求方法,不是GET返回403,用其他类似手段缩小流量规模 # if ($request_method != GET) { # return 403; # } internal; #这里的回包是忽略 proxy_pass http://test_backend$request_uri; #允许丢掉body #proxy_pass_request_body off; #proxy_set_header Content-Length ""; proxy_set_header X-Original-URI $request_uri; } -
利用日志调试
server { ... #降低错误日志等级,例如notice,如果编译带有--with-debug,则可以debug,debug_http error_log logs/error.log info; #不同路径不同access日志文件,确认哪个loc使用 location /hello { ... access_log logs/hello_access.log; ... } location /world { ... access_log logs/world_access.log; ... } ... } -
root与alias区别
# 请求/abc/123 ==> /var/www/app/static/abc/123
location /abc {
# In case of the root directive, full path is appended to the root including the location part
# 请求的path附加上root指定path,组合本地路径
root /var/www/app/static;
autoindex off;
}
# 请求/abc/123 ==> /var/www/app/static/123
location /abc {
# only the portion of the path NOT including the location part is appended to the alias.
# 请求的path移除掉location的path,再附加上alias指定path,组合本地路径
alias /var/www/app/static;
autoindex off;
}
常用模块
-
http_memcached模块
... location /memcached { set $memcached_key "$uri"; memcached_pass 127.0.0.1:11211; #指示返回为html,方便浏览器直接显示 default_type text/html; error_page 404 502 504 = @notexit; } location @notexit { #echo为第三方模块引入指令,方便调试 echo "noexit$uri"; } ...
sequenceDiagram
actor u as user
actor n as nginx
actor m as memcached
u->>n: http请求/memcached
n->>m: get命令key值为$uri(/memcached)
m->>n: 存在则返回值,否则返回空
n->>u: 成功获取,则直接返回,否则转跳notexit
-
ngx_http_redis第三方模块,类似http_memcached
./configure --prefix=/Users/Shared/nginx \ --add-module=../nginx-party-module/ngx_http_redis-module \ ... --with-debug make && make install... location /redis { set $redis_key "$uri"; redis_pass 127.0.0.1:6379; #指示返回为html,方便浏览器直接显示 default_type text/html; error_page 404 502 504 = @notexit; } location @notexit { #echo为第三方模块引入指令,方便调试 echo "noexit$uri"; } ...
sequenceDiagram
actor u as user
actor n as nginx
actor m as redis
u->>n: http请求/redis
n->>m: get命令key值为$uri(/redis)
m->>n: 存在则返回值,否则返回空
n->>u: 成功获取,则直接返回,否则转跳notexit
-
redis2-nginx-module第三方模块,更强大更多操作
./configure --prefix=/Users/Shared/nginx \ --add-module=../nginx-party-module/redis2-nginx-module \ --with-debug make make install... location = /foo { set $value '<html><H1>From Nginx Redis</H1></html>'; redis2_query set one $value; redis2_pass 127.0.0.1:6379; } location = /get { redis2_query get one; redis2_pass 127.0.0.1:6379; } ...
sequenceDiagram
actor u as user
actor n as nginx
actor r as redis
u->>n: http请求/get
n->>r: get命令key值为one
r->>n: 标准命令处理
n->>u: 返回原始键值
常见问题
-
server_names_hash问题
[emerg] could not build server_names_hash, you should increase server_names_hash_bucket_size: 32 -
解决办法
# 如果不够,继续增加,大小必须是32*n server_names_hash_bucket_size 64; -
invalid request问题
# asscess.log 有这种提示 "PRI * HTTP/2.0" 400 157 "-" "-" # error.log 有这种提示 client sent invalid request while reading client request line -
解决办法-客户端没有采用ssl,tls,但访问nginx配置需要ssl
-
php-fpm出现Primary script unknown问题
-
尝试修改nginx配置
# FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; -
如果仍然不行,则打开php-fpm.conf日志配置
access.log = /var/log/php-fpm.$pool.access.log -
再打开nginx日志配置
# http log_format scripts '$document_root$fastcgi_script_name > $request'; # server access_log /usr/local/nginx/scripts.log scripts; -
重启nginx,和php-fpm 查看日志,一般是路径不对和权限不对
-
-
php-fpm出现无法连接数库,可能是编译参数不对
./configure --enable-fpm --prefix=/usr/local/php --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd -
不知道当前nginx所用配置文件
# 获取nginx进程号 ps -ef | grep nginx # 获取nginx路径 cd /proc/pid ls -a # 执行相应路径的语法测试,输出就能看到路径 nginx -t -
不知道当前nginx的编译参数
# 获取nginx进程号 ps -ef | grep nginx # 获取nginx路径 cd /proc/pid ls -a # 执行相应路径的语法测试,输出就能看到路径 nginx -V