我们的目标是配置一个服务最快且cpu/io利用最有效的服务器,更重要的是一个安全的web服务器,下面的配置文件适用于最新版nginx。 写道 ####################################################### ### Calomel.org /etc/nginx.conf BEGIN ####################################################### # pid /var/run/nginx.pid; user nginx nginx; worker_processes 2; events { worker_connections 1024; } http { ## MIME types include mime.types; # types { # image/gif gif; # image/jpeg jpg; # image/png png; # image/bmp bmp; # image/x-icon ico; # text/css css; # text/html html; # text/plain bob; # text/plain txt; } default_type application/octet-stream; ## Size Limits client_body_buffer_size 8k; client_header_buffer_size 1k; client_max_body_size 1k; large_client_header_buffers 1 1k; ## Timeouts client_body_timeout 5; client_header_timeout 5; keepalive_timeout 5 5; send_timeout 5; ## General Options ignore_invalid_headers on; limit_zone gulag $binary_remote_addr 1m; recursive_error_pages on; sendfile on; server_name_in_redirect off; server_tokens off; ## TCP options tcp_nodelay on; tcp_nopush on; ## Compression gzip on; gzip_static on; gzip_buffers 16 8k; gzip_comp_level 9; gzip_http_version 1.0; gzip_min_length 0; gzip_types text/plain text/html text/css image/x-icon image/bmp; gzip_vary on; ## Log Format log_format main '$remote_addr $host $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" "$http_user_agent" "$gzip_ratio"'; ## Deny access to any host other than () ) { return 444; } } ## Restricted Access directory location ^~ /secure/ { allow 127.0.0.1/32; allow 10.10.10.0/24; deny all; auth_basic "RESTRICTED ACCESS"; auth_basic_user_file /var/www/htdocs/secure/access_list; } ## Only allow these file types to document root location / { if ($request_uri ~* (^/|.html|.jpg|.org|.png|.css|favicon.ico|robots.txt)$ ) { break; } return 444; } ## Serve an empty 1x1 gif _OR_ an error 204 (No Content) for favicon.ico
(以上内容不代表本站观点。) --------------------------------- |