CONTENT

CHANGES

Szukaj

#top Konfiguracja¶

[<<]|[<]|[^]|[v]|[>]|[>>]|[Zwiń]|[#top]|[X]

#top Listen¶

Zobacz także Listen dla: Apache | Nginx | Lighttpd | thttpd | HAProxy | Varnish | SQUID

Dokumentacja Nginx: listen
Składnia: listen address[:port] [...];, listen port [...];, listen unix:path [...];
Default: listen *:80 | *:8000;
Context: server
Opis: Sets the address and port for IP, or the path for a UNIX-domain socket on which the server will accept requests. Both address and port, or only address or only port can be specified. An address may also be a hostname.

EXAMPLES

server {
    listen       80;
[...]
}

server {
    listen       443;
[...]
}

#top Timeout¶

Zobacz także Timeout dla: Apache | Nginx | Lighttpd | thttpd | HAProxy | Varnish | SQUID

Dokumentacja Nginx: client_header_timeout
Składnia: client_header_timeout time;
Default: client_header_timeout 60s;
Context: http, server
Opis: Defines a timeout for reading client request header. If a client does not transmit the entire header within this time, the 408 (Request Time-out) error is returned to the client.

Dokumentacja Nginx: client_body_timeout
Składnia: client_body_timeout time;
Default: client_body_timeout 60s;
Context: http, server, location
Opis: Defines a timeout for reading client request body. The timeout is set only for a period between two successive read operations, not for the transmission of the whole request body. If a client does not transmit anything within this time, the 408 (Request Time-out) error is returned to the client.

Dokumentacja Nginx: keepalive_timeout
Składnia: keepalive_timeout timeout [header_timeout];
Default: keepalive_timeout 75s;
Context: http, server, location
Opis: The first parameter sets a timeout during which a keep-alive client connection will stay open on the server side. The zero value disables keep-alive client connections. The optional second parameter sets a value in the "Keep-Alive: timeout=time" response header field. Two parameters may differ.
The "Keep-Alive: timeout=time" header field is recognized by Mozilla and Konqueror. MSIE closes keep-alive connections by itself in about 60 seconds.

Dokumentacja Nginx: lingering_timeout
Składnia: lingering_timeout time;
Default: lingering_timeout 5s;
Context: http, server, location
Opis: When lingering_close is in effect, this directive specifies the maximum waiting time for more client data to arrive. If data are not received during this time, the connection is closed. Otherwise, the data are read and ignored, and nginx starts waiting for more data again. The "wait-read-ignore" cycle is repeated, but no longer than specified by the lingering_time directive.

Dokumentacja Nginx: resolver_timeout
Składnia: resolver_timeout time;
Default: resolver_timeout 30s;
Context: http, server, location
Opis: Sets a timeout for name resolution, for example: resolver_timeout 5s;

Dokumentacja Nginx: send_timeout
Składnia: send_timeout time;
Default: send_timeout 60s;
Context: http, server, location
Opis: Sets a timeout for transmitting a response to the client. The timeout is set only between two successive write operations, not for the transmission of the whole response. If the client does not receive anything within this time, the connection is closed.

EXAMPLES

# default values
client_header_timeout 60s;
client_body_timeout 60s;
keepalive_timeout 75s;
send_timeout 60s;

#top Signature¶

Zobacz także Signature dla: Apache | Nginx | Lighttpd | thttpd | HAProxy | Varnish | SQUID

Dokumentacja Nginx: server_tokens
Składnia: server_tokens on | off;
Default: server_tokens on;
Context: http, server, location
Opis: Enables or disables emitting nginx version in error messages and in the "Server" response header field.

EXAMPLES

server_tokens off;
server_tokens on;

Zalecana konfiguracja

# zalecana konfiguracja: wyłączenie informacji o wersji serwera w nagłówku HTTP "Server"
server_tokens off;

#top vhosts default¶

#
# The default server
#
server {
    limit_conn   myzone  10;
    listen       80 default_server;
    server_name  _;
    server_name  localhost;
    server_name  127.0.0.1;

    #charset koi8-r;

    access_log  /var/log/nginx/default.access.log  main;
    error_log  /var/log/nginx/default.error.log  error;

    location / {
        root   /srv/nginx/vhosts/default;
        index  index.html index.htm;
    }

    error_page  404              /404.html;

    location = /404.html {
        root   /srv/nginx/error;
    }

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /srv/nginx/error;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #location ~ \.php$ {
    #    root           html;
    #    fastcgi_pass   127.0.0.1:9000;
    #    fastcgi_index  index.php;
    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    #    include        fastcgi_params;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    location ~ /\.ht {
        deny  all;
    }
}

#top vhosts SSL¶

#
# $HOSTNAME:443
#
server {
    listen       443;
    server_name  $HOSTNAME;

    access_log  /var/log/nginx/$HOSTNAME.ssl.access.log  main;
    error_log  /var/log/nginx/$HOSTNAME.ssl.error.log  error;

    ssl                  on;
    ssl_certificate      /etc/pki/tls/certs/$HOSTNAME.crt;
    ssl_certificate_key  /etc/pki/tls/certs/$HOSTNAME.key;

#    ssl_session_timeout  5m;

    ssl_protocols  SSLv2 SSLv3 TLSv1;
    ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    ssl_prefer_server_ciphers   on;

    location / {
        root   /srv/nginx/vhosts/$HOSTNAME;
        index  index.html index.htm;
    }

    error_page  404              /404.html;

    location = /404.html {
        root   /srv/nginx/error;
    }

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /srv/nginx/error;
    }

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    location ~ /\.ht {
        deny  all;
    }
}

#top ErrorLog¶

error_log file | stderr | syslog:server=address[,parameter=value] [debug | info | notice | warn | error | crit | alert | emerg];

Context: main, http, server, location
Opis: Configures logging. The first parameter defines a file that will store the log. The special value stderr selects the standard error file. Logging to syslog can be configured by specifying the "syslog:" prefix.

EXAMPLES

# server config
error_log /var/log/nginx/error.log

# default virtual host
error_log /var/log/nginx/default-error.log

# hostname virtual host
error_log /var/log/nginx/hostname-error.log

#top AccessLog¶

Zobacz także AccessLog dla: Apache | Nginx | Lighttpd | thttpd | HAProxy | Varnish | SQUID

Dokumentacja Nginx: access_log,
Składnia: access_log path [format [buffer=size [flush=time]] [if=condition]];, access_log path format gzip[=level] [buffer=size] [flush=time] [if=condition];, access_log syslog:server=address[,parameter=value] [format [if=condition]];, access_log off;
Context: http, server, location, if in location, limit_except
Opis: Sets the path, format, and configuration for a buffered log write. Several logs can be specified on the same level. Logging to syslog can be configured by specifying the "syslog:" prefix in the first parameter. The special value off cancels all access_log directives on the current level. If the format is not specified then the predefined "combined" format is used.

EXAMPLES

# default virtual host
access_log /var/log/httpd/default-access.log main;
# vcombined

# hostname virtual host
access_log /var/log/httpd/hostname-access.log main;
# combined

#top LogFormat¶

Zobacz także LogFormat dla: Apache | Nginx | Lighttpd | thttpd | HAProxy | Varnish | SQUID

Dokumentacja Nginx: log_format
Składnia: log_format name string ...;
Context: http
Opis: Specifies log format. The log format can contain common variables, and variables that exist only at the time of a log write.

EXAMPLES

log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"';

log_format  vcombined  '$host $remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"'

The log format can contain common variables, and variables that exist only at the time of a log write:

$bytes_sent the number of bytes sent to a client
$connection connection serial number
$connection_requests the current number of requests made through a connection (1.1.18)
$msec time in seconds with a milliseconds resolution at the time of the log write
$pipe "p" if request was pipelined, "." otherwise
$request_length request length (including request line, header, and request body)
$request_time request processing time in seconds with a milliseconds resolution; time elapsed between the first bytes were read from the client and the log write after the last bytes were sent to the client
$status response status
$time_iso8601 local time in the ISO 8601 standard format
$time_local local time in the Common Log Format

#top server status¶

location /server-status {
    stub_status;
}

Nginx style /nginx_status url

location /nginx_status {
    stub_status;
}

#top Modules¶

#top mod-logging¶

#top mod-misc¶

#top mod-auth¶

#top mod-headers¶

#top mod-proxy¶

Zobacz także mod-proxy dla: Apache | Nginx | Lighttpd | thttpd | HAProxy | Varnish | SQUID

Dokumentacja Nginx: Module ngx_http_proxy_module
Dokumentacja Nginx: Using nginx as HTTP load balancer

EXAMPLES
Kopia lustrzana strony przy użyciu proxy: po otwarciu adresu https://example.org/
pojawi się treść znajdująca się pod adresem https://example.com/

Głowny plik konfiguracyjny: /etc/nginx/nginx.conf

http {
[...]
    # Virtual hosts
    include /etc/nginx/vhosts/*.conf;
}

Plik konfiguracyjny vhosts /etc/nginx/vhosts/example.org.conf

upstream examplecom {
    server example.com;
}

server {
    listen       80;
    server_name  example.org;
[...]
    location / {
        proxy_pass http://examplecom;
    }
[...]
}

Równoważenie obciązenia poprzez kierowanie ruchu do kilku serwerów backend
(sticky session cookie: klient będzie zawsze kierowany do tego samego serwera).

If there is the need to tie a client to a particular application server - in other words,
make the client's session "sticky" or "persistent" in terms of always trying to select
a particular server - the ip-hash load balancing mechanism can be used.

Głowny plik konfiguracyjny: /etc/nginx/nginx.conf

http {
[...]
    # Virtual hosts
    include /etc/nginx/vhosts/*.conf;
}

Plik konfiguracyjny vhosts /etc/nginx/vhosts/example.org.conf

upstream cen0Xdev {
    ip_hash;
    server cen05dev.xen.wbcd.pl;
    server cen06dev.xen.wbcd.pl;
}

server {
    listen       80;
    server_name  cen0Xdev;
    server_name  cen05dev.xen.wbcd.pl;
    server_name  cen06dev.xen.wbcd.pl;
[...]
    location / {
        proxy_pass http://cen0Xdev;
    }
[...]
}

#top Access Restrictions¶

#top AccessAllow¶

allow 192.168.1.0/24;
allow 10.1.1.0/16;
allow 2001:0db8::/32;

#top AccessDeny¶

deny  192.168.1.1;
[...]
deny  all;

#top headers¶

#top HTTP Header Add¶

add_header MyHeader "Hello From Nginx";

#top HTTP Header Set¶

proxy_set_header Host $proxy_host;
proxy_set_header Connection close;

#top HTTP Header Remove¶

Zobacz także HTTP Header Remove dla: Apache | Nginx | Lighttpd | thttpd | HAProxy | Varnish | SQUID

Dokumentacja Nginx: proxy_hide_header
Dokumentacja Nginx: proxy_ignore_headers
Składnia: proxy_hide_header field;
Składnia: proxy_ignore_headers field ...;
Context: http, server, location
Opis:

EXAMPLES

proxy_ignore_headers MyHeader;
proxy_ignore_headers Vary;

#top Header Access¶

#top Header MIME¶

#top TLS Engine¶

Dokumentacja Nginx: Module ngx_http_ssl_module
Dokumentacja Nginx: A single HTTP/HTTPS server
Dokumentacja Nginx: Name-based HTTPS servers

#top TLS Enable¶

ssl                  on;
listen              443 ssl;

#top TLS Cert/Key File¶

Zobacz także TLS Cert/Key File dla: Apache | Nginx | Lighttpd | thttpd | HAProxy | Varnish | SQUID

Dokumentacja Nginx: ssl_certificate
Dokumentacja Nginx: ssl_certificate_key
Dokumentacja Nginx: ssl_trusted_certificate
Dokumentacja Nginx: ssl_crl
Składnia: ssl_certificate file;
Składnia: ssl_certificate_key file;
Składnia: ssl_trusted_certificate file;
Składnia: ssl_crl file;
Context: http, server
Opis:

EXAMPLES

ssl_certificate         /etc/pki/tls/certs/wildcard.wbcd.pl.crt
ssl_certificate_key     /etc/pki/tls/certs/wildcard.wbcd.pl.key
ssl_trusted_certificate /etc/pki/tls/certs/ca-bundle.crt
ssl_crl                 /etc/pki/tls/certs/crl-file.crl

#top TLS Protocols¶

ssl_protocols ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

#top TLS CipherSuite¶

Zobacz także TLS CipherSuite dla: Apache | Nginx | Lighttpd | thttpd | HAProxy | Varnish | SQUID

Dokumentacja Nginx: ssl_ciphers
Składnia: ssl_ciphers ciphers;
Context: http, server
Opis:

Dokumentacja Nginx: ssl_prefer_server_ciphers
Składnia: ssl_prefer_server_ciphers on | off;
Context: http, server
Opis:

EXAMPLES

# Domyślne wartości
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers off;

# Wyłączenie RC4 ze względów bezpieczeństwa (Obsługa RC4 nie jest zalecana ze względów bezpieczeństwa)
ssl_ciphers HIGH:!aNULL:!MD5:!RC4;
# Włączenie preferowania CipherSuite wysyłanego przez serwer (domyślnie używana jest preferencja wysyłana przez klienta)
ssl_prefer_server_ciphers   on;

#top TLS Compression¶

#top TLS Options¶

# Domyślna wartość
ssl_buffer_size 16k;

# Wartość dla optymalizacja czasu wysłania pierwszych danych odpowiedzi
ssl_buffer_size 4k;

Zmodyfikowany ostatnio: 2018/01/04 19:49:27 (7 lat temu), textsize: 32,5 kB, htmlsize: 50,9 kB

Zapraszam do komentowania, zgłaszania sugestii, propozycji, własnych przykładów, ...

Dodaj komentarzKomentarze użytkowników