Nginx 实战入门
1. 安装
1.1 Docker 安装
bash
docker run -d --name nginx \
-p 80:80 \
-v /data/nginx/conf.d:/etc/nginx/conf.d \
nginx:alpine1.2 目录结构
/etc/nginx/
├── nginx.conf # 主配置
└── conf.d/ # 业务配置
└── default.conf2. 反向代理
nginx
server {
listen 80;
server_name api.example.com;
location / {
# 代理到后端服务
proxy_pass http://127.0.0.1:8080;
# 转发请求头
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# 超时配置
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
}3. 负载均衡
nginx
upstream backend {
# 轮询
server 127.0.0.1:8080;
server 127.0.0.1:8081;
server 127.0.0.1:8082;
# 权重
# server 127.0.0.1:8080 weight=3;
# server 127.0.0.1:8081 weight=1;
}
server {
listen 80;
server_name api.example.com;
location / {
proxy_pass http://backend;
proxy_set_header Host $host;
}
}3.1 负载均衡策略
| 策略 | 说明 |
|---|---|
| round-robin | 轮询(默认) |
| least_conn | 最少连接数 |
| ip_hash | 同一 IP 走同一节点 |
| weight | 权重 |
nginx
upstream backend {
least_conn;
server 127.0.0.1:8080;
server 127.0.0.1:8081;
}4. 静态资源
nginx
server {
listen 80;
server_name static.example.com;
root /data/www;
# 静态文件缓存
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
expires 7d;
add_header Cache-Control "public, no-transform";
}
# HTML 不缓存
location ~* \.html$ {
expires -1;
}
# 访问日志
access_log /var/log/nginx/static.log;
}5. HTTPS 配置
nginx
server {
listen 443 ssl http2;
server_name example.com;
ssl_certificate /etc/nginx/ssl/example.com.crt;
ssl_certificate_key /etc/nginx/ssl/example.com.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
ssl_prefer_server_ciphers off;
location / {
proxy_pass http://127.0.0.1:8080;
}
}
# HTTP 重定向到 HTTPS
server {
listen 80;
server_name example.com;
return 301 https://$server_name$request_uri;
}6. 限流
nginx
# 限流配置
limit_req_zone $binary_remote_addr zone=req_limit:10m rate=10r/s;
server {
location / {
# 每秒最多 10 个请求
limit_req zone=req_limit burst=20 nodelay;
proxy_pass http://127.0.0.1:8080;
}
}6.1 连接数限流
nginx
limit_conn_zone $binary_remote_addr zone=conn_limit:10m;
server {
location / {
# 每个 IP 最多 10 个连接
limit_conn conn_limit 10;
proxy_pass http://127.0.0.1:8080;
}
}7. 常用命令
bash
# 测试配置
nginx -t
# 重载配置
nginx -s reload
# 停止
nginx -s stop
# 查看进程
ps aux | grep nginx8. 总结
- 反向代理 将请求转发到后端服务
- 负载均衡 轮询、权重、最少连接
- 静态资源 缓存配置
- HTTPS SSL 证书配置
- 限流 请求数和连接数限制