# User and group that workers will use. user nginx nginx; # Number of NGINX workers. Usually it's set, at maximum, 1 worker per CPU core. # If the server has 2+ CPU cores but it still does not receive many requests, # it's a good idea to keep the value to 1 so it will avoid creating idle processes. worker_processes auto; worker_rlimit_nofile 65535; # NGINX's master process id. pid /run/nginx.pid; events { # How many client connections each worker can maintain at a time. worker_connections 20480; # Using epoll is less CPU intensive when you have to serve thousands of connections, because # instead of scanning all connections to see which file descriptor is ready to read/write, # it will only scan those which are active. # p.s.: It's only available in Linux kernels later than 2.6. use epoll; # multi_accept tries to accept() as many connections as possible after nginx gets notification about a new connection. multi_accept on; } # HTTP config module http { # default charset settings charset utf-8,gbk; # Note that when SSI is enabled the Last-Modified and Content-Length headers are not sent. # default off # ssi off; ## # MIME-TYPE ## # You can include other config files using the "include" directive. # Here we are including the mime-types, for example. include mime.types; # The "application/octet-stream" means that the response is a binary file. # If this directive is not defined then response will be set to "text/plain" by default. default_type application/octet-stream; ## # LOG ## log_escape_non_ascii off; log_format main '$remote_addr - $remote_user [$time_iso8601] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" "$request_time" "$upstream_addr" "$upstream_response_time" "$request_body" "$host"'; log_format real_ip '$remote_addr - $remote_user [$time_local] $request_time "$request" ' '$status $body_bytes_sent "$http_referer" ' '$http_user_agent $http_x_forwarded_for'; log_format post_log '$remote_addr - $remote_user [$time_local] $request_time "$request" ' '$status $body_bytes_sent "$request_body" "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" '; # Access log: path and type. access_log /usr/local/openresty/nginx/logs/access.log; # Error log: path and type. error_log /usr/local/openresty/nginx/logs/error.log; ## # TCP ## # Optimizes data transfer copying data between one file descriptor and another # instead of reading and copying data to/from user space. sendfile on; # Causes NGINX to attempt to send its HTTP response head in one packet, # instead of using partial frames. This is useful for prepending headers before calling sendfile, # or for throughput optimization. tcp_nopush on; # Disables the Nagle algorithm. # It's useful for sending frequent small bursts of data in real time. # tcp_nodelay off; tcp_nodelay on; # Timeout during which a keep-alive client connection will stay open to serve # all the requested files from the server side. keepalive_timeout 30s; ## # GZIP ## # In production you MUST set gzip to "on" in order to save bandwidth. Web browsers # which handle compressed files (all recent ones do) will get a very smaller version # of the server response. gzip on; # Enables compression for a given HTTP request version. # This module makes it possible to transfer requests to another server. # Nginx talks HTTP/1.1 to the browser and HTTP/1.0 to the backend server. gzip_http_version 1.0; # Compression level 1 (fastest) to 9 (slowest). # online suggest # gzip_comp_level 6; gzip_comp_level 2; # Enables compression for all proxied requests. gzip_proxied any; # Minimum length of the response (bytes). Responses shorter than this length will not be compressed. # online suggest # gzip_min_length 10000; gzip_min_length 1k; # Enables compression for additional MIME-types. # online suggest # gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript; gzip_types text/plain application/x-javascript text/css application/xml; # Disables gzip compression for User-Agents matching the given regular expression. # Is this case we've disabled gzip for old versions of the IE that don't support compressed responses. # gzip_disable "MSIE [1-6] \."; # Enables or disables inserting the “Vary: Accept-Encoding” response header field # if the directives gzip, gzip_static, or gunzip are active. gzip_vary on; # Sets the number and size of buffers used to compress a response. # By default, the buffer size is equal to one memory page. # This is either 4K or 8K, depending on a platform. gzip_buffers 4 16k; ## # Client ## # Directive assigns the maximum number and size of buffers for large headers to read from client request. # The request line can not be bigger than the size of one buffer, if the client send a bigger header nginx returns error "Request URI too large" (414). # The longest header line of request also must be not more than the size of one buffer, otherwise the client get the error "Bad request" (400). large_client_header_buffers 4 4k; # Sets the max size for file uploads to 32Mb. client_max_body_size 20m; # Directive sets the headerbuffer size for the request header from client. client_header_buffer_size 4k; ## # open_file_cache ## # specifies the maximum number of entries in the cache. # When the cache overflows, the least recently used(LRU) items will be removed; # open_file_cache max=65536 inactive=20s; open_file_cache off; # specifies the time when need to check the validity of the information about the item in open_file_cache. # open_file_cache_valid 30s; # defines the minimum use number of a file within the time specified in the directive parameter inactive in open_file_cache. # If use more than the number, the file descriptor will remain open in the cache. # open_file_cache_min_uses 2; # specifies whether or not to cache errors when searching for a file. # open_file_cache_errors on; ## # fastcgi settings ## fastcgi_connect_timeout 300; fastcgi_send_timeout 300; fastcgi_read_timeout 300; fastcgi_buffer_size 64k; fastcgi_buffers 16 64k; ## # fastcgi cache settings ## add_header rt-Fastcgi-Cache $upstream_cache_status; fastcgi_cache_path /usr/local/openresty/nginx/cache/fastcgi_cache/ levels=2:2 keys_zone=cgi_cache:10m inactive=2h max_size=2g; fastcgi_cache_key "$scheme$request_method$host$request_uri"; fastcgi_cache_use_stale error timeout invalid_header http_500; fastcgi_ignore_headers Cache-Control Expires Set-Cookie; ## # proxy cache settings ## # Sets the path and other parameters of a cache. Cache data are stored in files. # The file name in a cache is a result of applying the MD5 function to the cache key. proxy_cache_path /usr/local/openresty/nginx/cache/proxy_cache/ levels=2:2 keys_zone=cgi_proxy:10m inactive=2h max_size=2g; # Defines a directory for storing temporary files with data received from proxied servers. # Up to three-level subdirectory hierarchy can be used underneath the specified directory # proxy_temp_path path [level1 [level2 [level3]]]; proxy_temp_path /usr/local/openresty/nginx/cache/temp_path/ 1 2; proxy_temp_file_write_size 128k; proxy_max_temp_file_size 0; # Defines a timeout for establishing a connection with a proxied server. # It should be noted that this timeout cannot usually exceed 75 seconds. proxy_connect_timeout 30s; # Sets a timeout for transmitting/reading a request to the proxied server. # The timeout is set only between two successive write/read operations, not for the transmission of the whole request. # If the proxied server does not receive anything within this time, the connection is closed. proxy_send_timeout 30s; proxy_read_timeout 30s; # Sets the size of the buffer size used for reading the first part of the response received from the proxied server. proxy_buffer_size 128k; # When buffering is disabled, the response is passed to a client synchronously, immediately as it is received. # nginx will not try to read the whole response from the proxied server. # The maximum size of the data that nginx can receive from the server at a time is set by the proxy_buffer_size directive. proxy_buffering on; # Sets the number and size of the buffers used for reading a response from the proxied server, for a single connection. # By default, the buffer size is equal to one memory page. This is either 4K or 8K, depending on a platform. proxy_buffers 100 128k; # When buffering of responses from the proxied server is enabled, # limits the total size of buffers that can be busy sending a response to the client while the response is not yet fully read. # In the meantime, the rest of the buffers can be used for reading the response and, if needed, buffering part of the response to a temporary file. proxy_busy_buffers_size 128k; # Load modular configuration files from the conf/vhost directory. include vhost/*.conf; include vhost/pay/development/*.conf; include vhost/pay/test/*.conf; include vhost/pay/production/*.conf; ## # CLUSTERS ## # Below the "upstream" is defining some php_backend clusters that are serving a PHP-FPM app. # They will handle the requets proxied by NGINX. # java commsunny group # upstream java_443_backend { # server 10.30.149.41:50443 weight=30; # server 10.30.148.149:50443 weight=30; # server 10.31.74.200:50443 weight=30; # } # # upstream java_8080_backend { # server 10.31.74.200:58080 weight=30; # } # java commsunny group {% if java_backend_upstream is defined %} {{ java_backend_upstream }} {% else %} upstream java_443_backend { # server 10.30.149.41:50443 weight=30; # 165 server 10.30.148.149:50443 weight=30; # 243 server 10.31.74.200:50443 weight=30; # 106 } upstream java_8080_backend { # server 10.30.149.41:58080 weight=30; # 165 server 10.30.148.149:58080 weight=30; # 243 server 10.31.74.200:58080 weight=30; # 106 } {% endif %} upstream opscenter_backend { server 10.31.74.200:8888; } upstream jenkins_backend { server 10.31.88.120:8080; } upstream php_online_backend_http { server 10.28.225.116:80; # server 10.25.76.207:80; ip_hash; } upstream php_online_backend_https { server 10.28.225.116:443; # server 10.25.76.207:443; ip_hash; } upstream php_test_online_backend_http{ server 10.28.81.15:80; # } include deny.ip; # server { # listen 80 default; # listen <%= @ipaddress_em1 %>:80 default; # listen <%= @ipaddress_eth0 %>:80 default; # listen 182.18.47.10:80 default; # return 500; # } }