Linux 基本运维优化
- SSH 端口修改,关闭密码登陆,改私钥登陆
- Iptables 防火墙配置优化
- 最大监控文件个数
- 最大文件打开数量
- 安装其他软件
Nginx 优化配置
- SSL 证书导入
- 配置优化
- 日志存放天数 logrotate.d
user nginx; worker_processes 2; worker_rlimit_nofile 60000; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid;
events { worker_connections 102400; }
http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main ‘$remote_addr – $remote_user [$time_local] “$request” $status $body_bytes_sent “$http_referer” “$http_user_agent” “$http_x_forwarded_for”‘; access_log /var/log/nginx/access.log main; sendfile on; keepalive_timeout 300s; include /etc/nginx/conf.d/*.conf; server_tokens off; server_names_hash_max_size 512; server_names_hash_bucket_size 128; client_header_buffer_size 32k; large_client_header_buffers 4 32k; gzip on; gzip_disable msie6; gzip_min_length 1k; gzip_comp_level 5; gzip_buffers 4 16k; gzip_http_version 1.1; gzip_proxied any; gzip_vary on; gzip_types text/plain text/css text/xml text/javascript text/x-component application/json application/javascript application/xml application/xhtml+xml application/xml+rss application/rss+xml application/atom+xml application/x-font-ttf application/x-web-app-manifest+json font/opentype image/svg+xml image/x-icon; fastcgi_buffer_size 64k; fastcgi_buffers 4 64k; fastcgi_busy_buffers_size 128k; fastcgi_temp_file_write_size 256k; client_max_body_size 10m; proxy_connect_timeout 10; proxy_read_timeout 180; proxy_send_timeout 30; proxy_buffer_size 32k; proxy_buffers 8 64k; proxy_busy_buffers_size 256k; proxy_temp_file_write_size 256k; proxy_temp_path /data/cache/temp; proxy_cache_path /data/cache/cache_files levels=1:2 keys_zone=cache_one:100m inactive=1d max_size=10g; }
Nginx 配置
location ~* \.(js|css|jpg|png|gif|txt)$ { proxy_pass https://www.baidu.com; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_redirect off; proxy_cache cache_one; proxy_cache_key $host$uri$is_args$args; proxy_cache_valid 200 302 301 1d; proxy_cache_valid any 1m; expires 6h; add_header X-Cache $upstream_cache_status; }
location ~* \.(shtml|html)$ { if ($http_user_agent ~* ‘(Android|webOS|iPhone|iPod|Mobile)’) { rewrite ^.+ https://m.baidu.com$uri permanent; }
proxy_pass https://www.baidu.com; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; }
location / { proxy_pass https://m.baidu.com; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_cache cache_one; proxy_cache_valid 200 302 301 1d; proxy_cache_valid any 1m; expires 6h; add_header X-Cache-Status $upstream_cache_status; }
location ~ \.php$ { proxy_pass https://m.baidu.com; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; }
