Nginx配置静态文件服务器

##Nginx配置静态文件服务器(转)

该配置可以轻松支撑每分钟上千的请求,并用一些安全方面的设置

配置文件 nginx.conf


#worker进程的数量
worker_processes  3;

#worker进程可以打开的最大文件句柄数
#worker_rlimit_nofile 1024;

events {
    worker_connections  64;
}

http {

 ## Size Limits
 #
 #client_body_buffer_size   8k;
 #client_header_buffer_size 1k;
 #client_max_body_size      1m;
 #large_client_header_buffers 4 4k/8k;

 ## Timeouts
 #client_body_timeout     60;
 #client_header_timeout   60;
  keepalive_timeout       300 300;
 #send_timeout            60;

 ## General Options
  charset                 utf-8;
  default_type            application/octet-stream;
  ignore_invalid_headers  on;
  include                 /etc/mime.types;
  keepalive_requests      20;
 #keepalive_disable       msie6;
  max_ranges              0;
 #open_file_cache         max=1000 inactive=1h;
 #open_file_cache_errors  on;
 #open_file_cache_min_uses 3;
 #open_file_cache_valid   1m;
  recursive_error_pages   on;
  sendfile                on;
  server_tokens           off;
 #server_name_in_redirect on;
  source_charset          utf-8;
 #tcp_nodelay             on;
 #tcp_nopush              off;

 ## Request limits
  limit_req_zone  $binary_remote_addr  zone=gulag:1m   rate=60r/m;

 ## Compression
  gzip              on;
  gzip_static       on;
 #gzip_buffers      16 8k;
 #gzip_comp_level   1;
 #gzip_http_version 1.0;
 #gzip_min_length   0;
 #gzip_types        text/plain text/html text/css image/x-icon image/bmp;
  gzip_vary         on;

 ## Log Format
  log_format  main  '$remote_addr $host $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $ssl_cipher $request_time';

 ## Deny access to any host other than (www.)mydomain.com. Only use this
 ## option is you want to lock down the name in the Host header the client sends.
  # server {
  #      server_name  _;  #default
  #      return 444;
  #  }

 ## Server (www.)mydomain.com
  server {
      add_header  Cache-Control public;
      access_log  /var/log/nginx/access.log main buffer=32k;
      error_log   /var/log/nginx/error.log error;
      expires     max;
      limit_req   zone=gulag burst=200 nodelay;
      listen      127.0.0.1:80;
      root        /htdocs;
      server_name mydomain.com www.mydomain.com;

     ## Note: if{} sections are expensive to process. Please only use them if you need them
     ## and take a look lower down on the page for our discussion of if{} statements.

     ## Only allow GET and HEAD request methods. By default Nginx blocks
     ## all requests type other then GET and HEAD for static content.
     # if ($request_method !~ ^(GET|HEAD)$ ) {
     #   return 405;
     # }

     ## Deny illegal Host headers.
     # if ($host !~* ^(mydomain.com|www.mydomain.com)$ ) {
     #  return 405;
     # }

     ## Deny certain User-Agents (case insensitive)
     ## The ~* makes it case insensitive as opposed to just a ~
     # if ($http_user_agent ~* (Baiduspider|Jullo) ) {
     #  return 405;
     # }

     ## Deny certain Referers (case insensitive)
     ## The ~* makes it case insensitive as opposed to just a ~
     # if ($http_referer ~* (babes|click|diamond|forsale|girl|jewelry|love|nudit|organic|poker|porn|poweroversoftware|sex|teen|video|webcam|zippo) ) {
     #  return 405;
     # }

     ## Redirect from www to non-www
     # if ($host = 'www.mydomain.com' ) {
     #  rewrite  ^/(.*)$  http://mydomain.com/$1  permanent;
     # }

     ## Stop Image and Document Hijacking
     #location ~* (\.jpg|\.png|\.css)$ {
     #   if ($http_referer !~ ^(http://mydomain.com) ) {
     #     return 405;
     #   }
     # }

     ## Restricted Access directory by password in the access_list file.
      location ^~ /secure/ {
            allow 127.0.0.1/32;

            deny all;
            auth_basic "RESTRICTED ACCESS";
            auth_basic_user_file /var/www/htdocs/secure/access_list;
        }

     ## Only allow these full URI paths relative to document root. If you only want
     ## to reference the file name use $request_filename instead of $request_uri. By default
     ## nginx will only serve out files in "root /htdocs;" defined above so this block is not needed, just an example.
     #  if ($request_uri ~* (^\/|\.html|\.jpg|\.org|\.png|\.css|favicon\.ico|robots\.txt)$ ) {
     #    break;
     #  }
     #  return 405;

     ## Serve an empty 1x1 gif _OR_ an error 204 (No Content) for favicon.ico
      location = /favicon.ico {
       #empty_gif;
        return 204;
      }

      ## System Maintenance (Service Unavailable)
      if (-f $document_root/system_maintenance.html ) {
        error_page 503 /system_maintenance.html;
        return 503;
      }

     ## All other errors get the generic error page
      error_page 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 495 496 497
                 500 501 502 503 504 505 506 507 /error_page.html;
      location  /error_page.html {
          internal;
      }
  }
}