nginx 自定义证书
1 | !/bin/sh |
docker-compose.yml
1 | version: '3.8' |
注意:其中
nginx.conf
、default.conf
、server_*.conf
、upstream_*.conf
等是文件,要提前在宿主机建好
/etc/nginx/nginx.conf
1 | user nginx; |
/etc/nginx/conf.d/server_0_433.conf
1 | server { |
/etc/nginx/conf.d/upstream_0_433.conf
1 | 注意:这里最好不要使用下划线,最好改成 xmt-srv,具体查看RFC1-1034规范 |
/etc/nginx/conf.d/agent_deny.conf
1 | if ($http_user_agent ~* "qihoobot|Baiduspider|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot|Catall Spider|AcoiRobot|Yisou|bingbot|360Spider") { |
系统参数优化
修改/etc/sysctl.conf
1 | #每个网络接口接收数据包速度比内核处理速度快的时候,允许发送队列数目数据包的最大数 |
执行生效
1 | sudo sysctl -p |
net.core.netdev_max_backlog = 102400
net.core.somaxconn = 65535
net.ipv4.tcp_max_orphans = 102400
net.ipv4.tcp_max_syn_backlog = 102400
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
reload
1 | docker exec ts_nginx nginx -s reload |
sub_filter
1 | location /test/ { |
注意事项
- 使用
nginx -s reload
时,不能删除nginx.conf
,conf.d
,可以删除conf.d
下的配置,不然会导致nginx reload异常。由于删除文件后,导致链接失效。