中文字幕av专区_日韩电影在线播放_精品国产精品久久一区免费式_av在线免费观看网站

溫馨提示×

溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊×
其他方式登錄
點擊 登錄注冊 即表示同意《億速云用戶服務條款》

Nginx常用配置詳解(二)——http協議配置塊

發布時間:2020-06-17 10:51:17 來源:網絡 閱讀:1231 作者:司徒剩堂 欄目:建站服務器

Nginx常用配置詳解(二)

http協議塊配置

http協議配置塊位于總體配置塊中,總體格式如下:

    http {
        ... ...
        server {
            ...
            server_name
            root
            location [OPERATOR] /uri/ {
                ...
            }
        }
        server {
            ...
        }
    }

http配置塊按功能分類,大致可以分為以下五類:

  1. 與套接字相關的配置

  2. 定義路徑相關的配置

  3. 定義客戶端請求的相關配置

  4. 對客戶端進行限制的相關配置

一、與套接字相關的配置

server

Syntax: server { ... }
Default: —
Context: http

Sets configuration for a virtual server. There is no clear separation between IP-based (based on the IP address) and name-based (based on the “Host” request header field) virtual servers. Instead, the listen directives describe all addresses and ports that should accept connections for the server, and the server_name directive lists all server names.
設定一個虛擬主機。不需要明確區分基于ip和基于host的虛擬主機。相應的,listen指令描述了此虛擬主機接收連接監聽的地址和端口,server_name字段描述了所有虛擬主機的名稱。

listen
Syntax: listen address[:port] [default_server] [ssl] [http2 | spdy] [proxy_protocol] [setfib=number] [fastopen=number] [backlog=number] [rcvbuf=size] [sndbuf=size] [accept_filter=filter] [deferred] [bind] [ipv6only=on|off] [reuseport] [so_keepalive=on|off|[keepidle]:[keepintvl]:[keepcnt]];
        listen port [default_server] [ssl] [http2 | spdy] [proxy_protocol] [setfib=number] [fastopen=number] [backlog=number] [rcvbuf=size] [sndbuf=size] [accept_filter=filter] [deferred] [bind] [ipv6only=on|off] [reuseport] [so_keepalive=on|off|[keepidle]:[keepintvl]:[keepcnt]];
        listen unix:path [default_server] [ssl] [http2 | spdy] [proxy_protocol] [backlog=number] [rcvbuf=size] [sndbuf=size] [accept_filter=filter] [deferred] [bind] [so_keepalive=on|off|[keepidle]:[keepintvl]:[keepcnt]];
Default: listen *:80 | *:8000;
Context: server

Sets the address and port for IP, or the path for a UNIX-domain socket on which the server will accept requests. Both address and port, or only address or only port can be specified. An address may also be a hostname。
設定IP的addressport,或是設定服務器接收響應的UNIX域套接字的path。可以同時設定addressport,或者僅僅設定address,僅僅設定portaddress也可以是hostname。
例如

 listen 127.0.0.1:8000;
 listen 127.0.0.1;
 listen 8000;
 listen *:8000;
 listen localhost:8000;

UNIX-domain sockets (0.8.21) are specified with the “unix:” prefix:
UNIX域套接字需要在行首用unix:指明

  listen unix:/var/run/nginx.sock;

由于選項過多,且絕大多數目前階段應用不上,簡要解釋部分常用的

default_server

The default_server parameter, if present, will cause the server to become the default server for the specified address:port pair. If none of the directives have the default_server parameter then the first server with the address:port pair will be the default server for this pair.
設定當前監聽的ip地址和端口為虛擬主機,如果未明確指明默認虛擬主機,第一個虛擬主機成為該部分的默認主機。

ssl

The ssl parameter (0.7.14) allows specifying that all connections accepted on this port should work in SSL mode. This allows for a more compact configuration for the server that handles both HTTP and HTTPS requests.
ssl字段允許指明從該端口接收的所有連接必須以SSL協議模式工作,無論接收的請求是HTTP協議的還是HTTPS協議。

http2

The http2 parameter (1.9.5) configures the port to accept HTTP/2 connections. Normally, for this to work the ssl parameter should be specified as well, but nginx can also be configured to accept HTTP/2 connections without SSL.
http2字段配置該端口可以接受http2協議的連接,通常http2協議需要指明ssl,但是nginx可以被配置成為接收不需要SSL協議的http2協議。

spdy

The spdy parameter (1.3.15-1.9.4) allows accepting SPDY connections on this port. Normally, for this to work the ssl parameter should be specified as well, but nginx can also be configured to accept SPDY connections without SSL.
spdy字段允許該端口接收SPDY連接,通常spdy協議需要指明ssl,但是nginx可以被配置成為接收不需要SSL協議的spdy協議。

proxy_protocol

The proxy_protocol parameter (1.5.12) allows specifying that all connections accepted on this port should use the PROXY protocol.
proxy_protocol字段允許指明該端口所有接收的連接使用PROXY協議。

backlog

sets the backlog parameter in the listen() call that limits the maximum length for the queue of pending connections. By default, backlog is set to -1 on FreeBSD, DragonFly BSD, and macOS, and to 511 on other platforms.
在listen()中設定backlog字段可以限制后援隊列長度。默認在FreeBSD, DragonFly BSD, 和 macOS平臺該值為-1,其他平臺該值為511

rcvbuf

sets the receive buffer size (the SO_RCVBUF option) for the listening socket.
設定監聽套接字的接收緩沖大小。

sndbuf

sets the send buffer size (the SO_SNDBUF option) for the listening socket.
設定監聽套接字的發送緩沖大小。

server_name

Syntax: server_name name ...;
Default: server_name "";
Context: server

Sets names of a virtual server, for example:
設定虛擬主機的名稱例如

 server {
     server_name example.com www.example.com;
 }

The first name becomes the primary server name.
第一個名稱成為虛擬主機的主名稱。
Server names can include an asterisk (“*”) replacing the first or last part of a name:
虛擬主機名稱可以在起始和末尾用通配符

*
替代

 server {
     server_name example.com *.example.com www.example.*;
 }

The first two of the names mentioned above can be combined in one:
前兩個地址可以縮寫成為一個

 server {
     server_name .example.com;
 }

It is also possible to use regular expressions in server names, preceding the name with a tilde (“~”):
還可以使用正則表達式匹配虛擬主機名稱,正則表達式前要用~

 server {
     server_name www.example.com ~^www\d+\.example\.com$;
 }

Regular expressions can contain captures (0.7.40) that can later be used in other directives:
正則表達式的分組可以用于其它字段。

 server {
     server_name ~^(www\.)?(.+)$;

     location / {
         root /sites/$2;
     }
 }

 server {
     server_name _;

     location / {
         root /sites/default;
     }
 }

Named captures in regular expressions create variables (0.8.25) that can later be used in other directives:
正則表達式匹配的優先級要低于其他字段。

server {
    server_name ~^(www\.)?(?<domain>.+)$;

    location / {
        root /sites/$domain;
    }
}

server {
    server_name _;

    location / {
        root /sites/default;
    }
}

If the directive’s parameter is set to “$hostname” (0.9.4), the machine’s hostname is inserted.
如果設定為變量$hostname會插入機器的hostname。(0.9.4之后的版本可用)
It is also possible to specify an empty server name (0.7.11):
也可以插入空的虛擬機主機名稱(0.7.11之后的版本可用)

server {
    server_name www.example.com "";
}

It allows this server to process requests without the “Host” header field — instead of the default server — for the given address:port pair. This is the default setting.
允許虛擬主機響應沒有Host頭部的,該頭部將會替換成默認虛擬主機,給予一個ip地址和端口段。該項為默認設置。

Before 0.8.48, the machine’s hostname was used by default. 
0.8.48版本前,機器的hostname為默認的。

During searching for a virtual server by name, if the name matches more than one of the specified variants, (e.g. both a wildcard name and regular expression match), the first matching variant will be chosen, in the following order of priority:
當搜尋一個虛擬的主機的名稱時。如果該名稱可以匹配多個字段(包括通配符和正則表達式的字段),優先匹配原則如下:

the exact name
the longest wildcard name starting with an asterisk, e.g. “*.example.com”
the longest wildcard name ending with an asterisk, e.g. “mail.*”
the first matching regular expression (in order of appearance in the configuration file)

1.字符串精確匹配
2.左側*通配符
3.右側*通配符
4.正則表達式

tcp_nodelay

Syntax: tcp_nodelay on | off;
Default: tcp_nodelay on;
Context: http, server, location

Enables or disables the use of the TCP_NODELAY option. The option is enabled only when a connection is transitioned into the keep-alive state.
啟用或禁用TCP_NODELAY設置,當連接轉換為長連接狀態,這個選項必須啟用。

sendfile

Syntax: sendfile on | off;
Default: sendfile off;
Context: http, server, location, if in location

Enables or disables the use of sendfile().
In this configuration, sendfile() is called with the SF_NODISKIO flag which causes it not to block on disk I/O, but, instead, report back that the data are not in memory. nginx then initiates an asynchronous data load by reading one byte. On the first read, the FreeBSD kernel loads the first 128K bytes of a file into memory, although next reads will only load data in 16K chunks. This can be changed using the read_ahead directive.
啟用或禁用sendfile()功能。
在此項配置中,sentfile()被稱為SF_NODISKIO標記,該標記引起不阻塞在磁盤I/O,相應的報告數據不在內存中。nginx然后會啟用一個異步加載數據讀取一個字節。第一次閱讀,FreeBSD內容加載文件的第一個128K字節至內存,盡管接下來的讀取只會在16K塊中加載數據。可以在read_ahead指令中修改此條目。

tcp_nopush

Syntax: tcp_nopush on | off;
Default: tcp_nopush off;
Context: http, server, location

Enables or disables the use of the TCP_NOPUSH socket option on FreeBSD or the TCP_CORK socket option on Linux. The options are enabled only when sendfile is used. Enabling the option allows
禁用或啟用TCP_NOPUSH套接字的使用,其工作于FreeBSD系統或Linux系統的TCP_CORK套接字選項。這個宣講只有在sendfile使用時啟用,啟用這個選項允許

  • sending the response header and the beginning of a file in one packet, on Linux and FreeBSD 4.;
    在包起始位置發送響應報文頭部(工作于Linux和FreeBSD 4.

  • sending a file in full packets.
    在完整的數據包中發送文件

二、定義路徑相關的配置

root

Syntax: root path;
Default: root html;
Context: http, server, location, if in location

Sets the root directory for requests. For example, with the following configuration
設置響應的根目錄,例如使用如下配置
location /i/ {
root /data/w3;
}

The /data/w3/i/top.gif file will be sent in response to the “/i/top.gif” request.
/data/w3/i/top.gif文件會發送到/i/top.gif響應報文中
The path value can contain variables, except $document_root and $realpath_root.
這個值可以是變量,$document_root$realpath_root不可以使用。

root指令取代的根目錄在location目錄中替代最左端的/

alias

設定網站別名,用法基本與root相同。
alias指令取代的根目錄在location目錄中替代至最右端的/

location

Syntax: location [ = | ~ | ~* | ^~ ] uri { ... }
        location @name { ... }
Default: —
Context: server, location

Sets configuration depending on a request URI.
根據請求的URI設置配置。
The matching is performed against a normalized URI, after decoding the text encoded in the “%XX” form, resolving references to relative path components “.” and “..”, and possible compression of two or more adjacent slashes into a single slash.
匹配時針對規范化的URI執行的,解碼了% XX格式的文本,解析相對路徑的引用...,壓縮兩個或更多相鄰的/至一個/
A location can either be defined by a prefix string, or by a regular expression. Regular expressions are specified with the preceding “~*” modifier (for case-insensitive matching), or the “~” modifier (for case-sensitive matching). To find location matching a given request, nginx first checks locations defined using the prefix strings (prefix locations). Among them, the location with the longest matching prefix is selected and remembered. Then regular expressions are checked, in the order of their appearance in the configuration file. The search of regular expressions terminates on the first match, and the corresponding configuration is used. If no match with a regular expression is found then the configuration of the prefix location remembered earlier is used.
location可以由前綴字符串定義,也可以由正則表達式定義。正在表達式用~×表示不區分大小寫匹配,用~表示區分大小寫匹配。根據被給予的請求報文尋找location時,nginx優先查詢使用前置字符串定義的location。匹配字符串時最長匹配的字符串將會被選擇,并且被記住。然后會按照配置文件中出現的次序檢查正則表達式。匹配第一次正則表達式后會終止,并使用相應的配置。如果沒有發現合適的正則表達式匹配,則會使用之前記住的字符串匹配的信息。
location blocks can be nested, with some exceptions mentioned below.
location配置塊可以嵌套。

Regular expressions can contain captures (0.7.40) that can later be used in other directives.
正則表達式可以捕獲分組信息(0.7.40),之后用在其他指令
If the longest matching prefix location has the “^~” modifier then regular expressions are not checked.
如果最長匹配字段有^~修飾符,不檢查正則匹配。
Also, using the “=” modifier it is possible to define an exact match of URI and location. If an exact match is found, the search terminates. For example, if a “/” request happens frequently, defining “location = /” will speed up the processing of these requests, as search terminates right after the first comparison. Such a location cannot obviously contain nested locations.
同樣的,使用=修飾符可以定義一個精確的URI和location匹配,如果發現精確匹配,查詢終止。例如:如果“/”請求頻繁出現,定義“location = /”可以在第一次比較后終止查詢,從而加速這些請求的進程。這種location不能嵌套location。

Let’s illustrate the above by an example:
用下面的例子舉例說明

location = / {
    [ configuration A ]
}

location / {
    [ configuration B ]
}

location /documents/ {
    [ configuration C ]
}

location ^~ /p_w_picpaths/ {
    [ configuration D ]
}

location ~* \.(gif|jpg|jpeg)$ {
    [ configuration E ]
}

The “/” request will match configuration A, the “/index.html” request will match configuration B, the “/documents/document.html” request will match configuration C, the “/p_w_picpaths/1.gif” request will match configuration D, and the “/documents/1.jpg” request will match configuration E.
“/”請求會匹配到A,
“/index.html”會匹配到B,
“/documents/document.html”請求會匹配到C,
“/p_w_picpaths/1.gif”會匹配到D,
“/documents/1.jpg”會匹配到E。
The “@” prefix defines a named location. Such a location is not used for a regular request processing, but instead used for request redirection. They cannot be nested, and cannot contain nested locations.
“@”定義名稱location。這樣的location不用于一個普通請求,而用于請求重定向。他們不能被嵌套,也不能嵌套其他location。
If a location is defined by a prefix string that ends with the slash character, and requests are processed by one of proxy_pass, fastcgi_pass, uwsgi_pass, scgi_pass, or memcached_pass, then the special processing is performed. In response to a request with URI equal to this string, but without the trailing slash, a permanent redirect with the code 301 will be returned to the requested URI with the slash appended. If this is not desired, an exact match of the URI and location could be defined like this:
如果一個location定義字符串匹配時以/結尾,而且請求被proxy_pass, fastcgi_pass, uwsgi_pass, scgi_pass, memcached_pass中的一個處理,將會執行特殊的處理方式。響應請求URI等于這個字符串時,不需要尾部有/,將會返回一個301狀態碼的永久重定向,并攜帶一個/。如果不需要的話可以像如下方法額外添加URI和location的定義。

location /user/ {
    proxy_pass http://user.example.com;
}

location = /user {
    proxy_pass http://login.example.com;
}

index

Syntax: index file ...;
Default: index index.html;
Context: http, server, location

Defines files that will be used as an index. The file name can contain variables. Files are checked in the specified order. The last element of the list can be a file with an absolute path. Example:
定義被用作索引的文件。該文件名可以包含變量。多文件按順序檢查。列表最后元素可以是一個包含絕對路徑文件。例如

index index.$geo.html index.0.html /index.html;

It should be noted that using an index file causes an internal redirect, and the request can be processed in a different location. For example, with the following configuration:
值得注意的是,使用索引文件會造成內部重定向,請求會被指向不同的location。如下面例子所示

location = / {
    index index.html;
}

location / {
    ...
}

a “/” request will actually be processed in the second location as “/index.html”.
一個“/”請求事實首先被解析成為index.html,而后被解析到第二location中。

error_page

Syntax: error_page code ... [=[response]] uri;
Default: —
Context: http, server, location, if in location

Defines the URI that will be shown for the specified errors. A uri value can contain variables.
定義顯示指定錯誤的URI。uri值可以使用變量。

Example:
例如

error_page 404             /404.html;
error_page 500 502 503 504 /50x.html;

This causes an internal redirect to the specified uri with the client request method changed to “GET” (for all methods other than “GET” and “HEAD”).
這將導致將內部重定向到指定的uri,而客戶端請求方法改為“GET”(除“GET”和“HEAD”之外的所有方法)。
Furthermore, it is possible to change the response code to another using the “=response” syntax, for example:
此外,還可以使用“=response”語法將狀態響應代碼更改為另一個,例如:

error_page 404 =200 /empty.gif;

If an error response is processed by a proxied server or a FastCGI/uwsgi/SCGI server, and the server may return different response codes (e.g., 200, 302, 401 or 404), it is possible to respond with the code it returns:
如果代理服務器或FastCGI / uwsgi / SCGI服務器處理錯誤響應,服務器可能會返回不同的響應代碼,(例如200, 302, 401 或 404),可以響應返回碼。

error_page 404 = /404.php;

If there is no need to change URI and method during internal redirection it is possible to pass error processing into a named location:
如果在內部重定向中不需要更改URI和方法,則可以將錯誤處理傳入指定的位置:

location / {
    error_page 404 = @fallback;
}

location @fallback {
    proxy_pass http://backend;
}

If uri processing leads to an error, the status code of the last occurred error is returned to the client.
如果uri處理導致錯誤,那么最后一個發生錯誤的狀態代碼將返回給客戶端。
It is also possible to use URL redirects for error processing:
也可以使用URL重定向錯誤處理。

error_page 403      http://example.com/forbidden.html;
error_page 404 =301 http://example.com/notfound.html;

In this case, by default, the response code 302 is returned to the client. It can only be changed to one of the redirect status codes (301, 302, 303, 307, and 308).
在這種情況下,默認情況下,響應代碼302被返回給客戶端。它只能更改為一個重定向狀態碼(301、302、303、307和308)。
These directives are inherited from the previous level if and only if there are no error_page directives defined on the current level.
只有在當前級別沒有定義error_page指令的情況下,將從上一級繼承error_page信息。

try_files

Syntax: try_files file ... uri;
        try_files file ... =code;
Default: —
Context: server, location

Checks the existence of files in the specified order and uses the first found file for request processing; the processing is performed in the current context. The path to a file is constructed from the file parameter according to the root and alias directives. It is possible to check directory’s existence by specifying a slash at the end of a name, e.g. “$uri/”. If none of the files were found, an internal redirect to the uri specified in the last parameter is made. For example:
檢查指定順序文件是否存在,使用第一個找到的文件進行處理,該處理在當前上下文執行。根據root和alias指令從文件參數構建文件路徑。可以檢查目錄是否存在,需要后置/例如“$uri/”。如果未找到文件,內部重定向到最后一個參數中指定的uri。例如:

location /p_w_picpaths/ {
    try_files $uri /p_w_picpaths/default.gif;
}

location = /p_w_picpaths/default.gif {
    expires 30s;
}

三、定義客戶端請求的相關配置

keepalive_timeout

Syntax: keepalive_timeout timeout [header_timeout];
Default: keepalive_timeout 75s;
Context: http, server, location

The first parameter sets a timeout during which a keep-alive client connection will stay open on the server side. The zero value disables keep-alive client connections. The optional second parameter sets a value in the “Keep-Alive: timeout=time” response header field. Two parameters may differ.
第一個字段設定了長連接客戶端打開服務端的延遲,0值禁用長連接。第二字段設定HEAD字段中“Keep-Alive: timeout=time”time值。兩個字段可以不同。
The “Keep-Alive: timeout=time” header field is recognized by Mozilla and Konqueror. MSIE closes keep-alive connections by itself in about 60 seconds.
Mozilla和Konqueror瀏覽器認可HEADER頭字段中 “Keep-Alive: timeout=time”值。MSIE長連接60秒后自動關閉。

keepalive_requests

Syntax: keepalive_requests number;
Default: keepalive_requests 100;
Context: http, server, location
This directive appeared in version 0.8.0.

Sets the maximum number of requests that can be served through one keep-alive connection. After the maximum number of requests are made, the connection is closed.
設定請求的長連接的最大值,一旦超過最大值,連接關閉。

keepalive_disable

Syntax: keepalive_disable none | browser ...;
Default: keepalive_disable msie6;
Context: http, server, location

Disables keep-alive connections with misbehaving browsers. The browser parameters specify which browsers will be affected. The value msie6 disables keep-alive connections with old versions of MSIE, once a POST request is received. The value safari disables keep-alive connections with Safari and Safari-like browsers on macOS and macOS-like operating systems. The value none enables keep-alive connections with all browsers.
在不適合的瀏覽器訪問時禁用長連接功能。browser指明那個瀏覽器收到影響。msie6值表示一旦收到老版本的MSIE瀏覽器POST請求,禁用長連接功能。safari值表示macOS和macOS類的操作系統上的Safari和類Safari的瀏覽器禁用長連接功能。none值表示所有瀏覽器啟用長連接功能。

send_timeout

Syntax: send_timeout time;
Default: send_timeout 60s;
Context: http, server, location

Sets a timeout for transmitting a response to the client. The timeout is set only between two successive write operations, not for the transmission of the whole response. If the client does not receive anything within this time, the connection is closed.
設定一個傳送響應報文到客戶端的超時時間。該超時時間只是兩個寫操作之間的,不應用于全部響應。如果客戶端在這個時間不接受,連接關閉。

client_body_buffer_size

Syntax: client_body_buffer_size size;
Default: client_body_buffer_size 8k|16k;
Context: http, server, location

Sets buffer size for reading client request body. In case the request body is larger than the buffer, the whole body or only its part is written to a temporary file. By default, buffer size is equal to two memory pages. This is 8K on x86, other 32-bit platforms, and x86-64. It is usually 16K on other 64-bit platforms.
設定讀取客戶機請求主體設置緩沖區大小,萬一請求主體大于緩沖區,整個主體或主體的某一部分被寫到一個臨時文件。默認情況下,緩沖區大小等于兩個內存頁,32位系統為8K,64位系統為16K。

client_body_temp_path

Syntax: client_body_temp_path path [level1 [level2 [level3]]];
Default: client_body_temp_path client_body_temp;
Context: http, server, location

Defines a directory for storing temporary files holding client request bodies. Up to three-level subdirectory hierarchy can be used under the specified directory. For example, in the following configuration
定義用于存儲客戶端請求主體的臨時文件的目錄。在指定的目錄下可以使用至多3級的子目錄層次結構。例如,在以下配置中

client_body_temp_path /spool/nginx/client_temp 1 2;

a path to a temporary file might look like this:
一個臨時文件文件可能根如下文件類似:

/spool/nginx/client_temp/7/45/00000123457

client_body_temp_path /var/tmp/client_body 2 1 1
1:表示用一位16進制數字表示一級子目錄;0-f
2:表示用2位16進程數字表示二級子目錄:00-ff
3:表示用2位16進程數字表示三級子目錄:00-ff

四、對客戶端進行限制的相關配置

limit_rate

Syntax: limit_rate rate;
Default: limit_rate 0;
Context: http, server, location, if in location

Limits the rate of response transmission to a client. The rate is specified in bytes per second. The zero value disables rate limiting. The limit is set per a request, and so if a client simultaneously opens two connections, the overall rate will be twice as much as the specified limit.
限制傳輸到客戶端的響應速率。速率以每秒bytes指定。0值表示不限制。限制是根據每個請求設置的,如果一個客戶端同時打開兩個連接,總限制為指明限制的兩倍。
Rate limit can also be set in the $limit_rate variable. It may be useful in cases where rate should be limited depending on a certain condition:
速度限制同樣可以在$limit_rate變量中設定。當限制需要基于確定的情況時也許有用:

server {

    if ($slow) {
        set $limit_rate 4k;
    }

    ...
}

Rate limit can also be set in the “X-Accel-Limit-Rate” header field of a proxied server response. This capability can be disabled using the proxy_ignore_headers, fastcgi_ignore_headers, uwsgi_ignore_headers, and scgi_ignore_headers directives.
限速也可以在代理服務器響應中“X-Accel-Limit-Rate” HEARER字段中設定。可以使用proxy_ignore_header、fastcgi_ignore_header、uwsgi_ignore_header和scgi_ignore_header指令禁用此功能。

limit_except

Syntax: limit_except method ... { ... }
Default: —
Context: location

Limits allowed HTTP methods inside a location. The method parameter can be one of the following: GET, HEAD, POST, PUT, DELETE, MKCOL, COPY, MOVE, OPTIONS, PROPFIND, PROPPATCH, LOCK, UNLOCK, or PATCH. Allowing the GET method makes the HEAD method also allowed. Access to other methods can be limited using the ngx_http_access_module and ngx_http_auth_basic_module modules directives:
限制允許的HTTP方法訪問一個location。這個方法字段可以是GET, HEAD, POST, PUT, DELETE, MKCOL, COPY, MOVE, OPTIONS, PROPFIND, PROPPATCH, LOCK, UNLOCK, PATCH中的一個.允許GET方法也會使HEAD方法可用。允許其他方法需要用到ngx_http_access_modulengx_http_auth_basic_module模塊中的指令。

limit_except GET {
    allow 192.168.1.0/32;
    deny  all;
}

Please note that this will limit access to all methods except GET and HEAD.
注:這將限制除了GETHEAD之外的所有方法。

五、 文件操作優化的配置

aio

Syntax: aio on | off | threads[=pool];
Default: aio off;
Context: http, server, location
This directive appeared in version 0.8.11.

Enables or disables the use of asynchronous file I/O (AIO) on FreeBSD and Linux:
在FreeBSD、Linux系統中啟用或禁用異步文件I/O

location /video/ {
    aio            on;
    output_buffers 1 64k;
}

On FreeBSD, AIO can be used starting from FreeBSD 4.3. Prior to FreeBSD 11.0, AIO can either be linked statically into a kernel:
在FreeBSD上,FreeBSD 4.3以后開始支持AIO。FreeBSD 11.0之前,AIO可以靜態鏈接到內核。

options VFS_AIO

或動態加載成為一個內核模塊

kldload aio

On Linux, AIO can be used starting from kernel version 2.6.22. Also, it is necessary to enable directio, or otherwise reading will be blocking:
Linux系統上,Linux2.6.22之后支持AIO,同樣的必須啟用directio,否則讀取會被阻塞。

location /video/ {
    aio            on;
    directio       512;
    output_buffers 1 128k;
}

On Linux, directio can only be used for reading blocks that are aligned on 512-byte boundaries (or 4K for XFS). File’s unaligned end is read in blocking mode. The same holds true for byte range requests and for FLV requests not from the beginning of a file: reading of unaligned data at the beginning and end of a file will be blocking.
Linux系統上,directio只能用于讀取512K對齊的塊(XFS文件系統為4K)。文件未對齊的結尾在讀取時處于阻塞模式。對于字節范圍請求和FLV請求,同樣適用于文件的開頭:在文件開始和結束時讀取未對齊的數據將被阻塞。
When both AIO and sendfile are enabled on Linux, AIO is used for files that are larger than or equal to the size specified in the directio directive, while sendfile is used for files of smaller sizes or when directio is disabled.
Linux系統上同時啟用AIO和sendfile時,AIO作用域大于或等于directio指令指明的文件大小。sendfile用于小于directio指令指明的文件大小,或者directio禁用的情況。

location /video/ {
    sendfile       on;
    aio            on;
    directio       8m;
}

Finally, files can be read and sent using multi-threading (1.7.11), without blocking a worker process:
最后,文件的讀取和發送可以不被一個worker進程阻塞,使用多線程模式

location /video/ {
    sendfile       on;
    aio            threads;
}

Read and send file operations are offloaded to threads of the specified pool. If the pool name is omitted, the pool with the name “default” is used. The pool name can also be set with variables:
讀取和發送文件操作將卸載到指定池的線程。如果這個池的名稱是省略的,這個池將使用“default” 作為名稱。池名稱可以同樣用變量設置

aio threads=pool$disk;

By default, multi-threading is disabled, it should be enabled with the —with-threads configuration parameter. Currently, multi-threading is compatible only with the epoll, kqueue, and eventport methods. Multi-threaded sending of files is only supported on Linux.
默認情況下,多線程被禁用,可以使用--with-threads控制字段啟用。一般來說,多線程僅兼容epoll, kqueue, eventport方法。僅Linux系統支持多線程發送文件。

directio

Syntax: directio size | off;
Default: directio off;
Context: http, server, location

This directive appeared in version 0.7.7.

Enables the use of the O_DIRECT flag (FreeBSD, Linux), the F_NOCACHE flag (macOS), or the directio() function (Solaris), when reading files that are larger than or equal to the specified size. The directive automatically disables (0.7.15) the use of sendfile for a given request. It can be useful for serving large files:
當讀取的文件大于指定塊時,啟用O_DIRECT標記(FreeBSD, Linux),F_NOCACHE標記(macOS)或是directio()函數(Solaris)。該指令自動禁用(0.7.15)sendfile對給定請求的使用。發送大文件時使用:

directio 4m;

or when using aio on Linux.
或在Linux系統使用aio。

open_file_cache

Syntax: open_file_cache off;
        open_file_cache max=N [inactive=time];
Default: open_file_cache off;
Context: http, server, location

Configures a cache that can store:
配置一個可以存儲如下信息的緩存:

  • open file descriptors, their sizes and modification times;

  • information on existence of directories;

  • file lookup errors, such as “file not found”, “no read permission”, and so on. (Caching of errors should be enabled separately by the open_file_cache_errors directive. )
    -

  • open file 描述符,他們的大小和修改時間

  • 存在的目錄信息

  • 文件查詢錯誤,如“file not found”,“no read permission”等等(錯誤緩存需要從open_file_cache_errors單獨啟用。)

The directive has the following parameters:
該指令有如下字段
max
sets the maximum number of elements in the cache; on cache overflow the least recently used (LRU) elements are removed;
設定緩存中元素數量的最大值,當溢出時使用LRU算法。
inactive
defines a time after which an element is removed from the cache if it has not been accessed during this time; by default, it is 60 seconds;
定義一段時間,如果這段時間某元素未被訪問,則從緩存中移除該元素。默認情況下,時長60秒。
off
disables the cache
禁用緩存
Example:
例如

open_file_cache          max=1000 inactive=20s;
open_file_cache_valid    30s;
open_file_cache_min_uses 2;
open_file_cache_errors   on;
open_file_cache_errors
Syntax: open_file_cache_errors on | off;
Default: open_file_cache_errors off;
Context: http, server, location

Enables or disables caching of file lookup errors by open_file_cache.
啟用或禁用open_file_cache中的文件查看錯誤。

open_file_cache_min_uses
Syntax: open_file_cache_min_uses number;
Default: open_file_cache_min_uses 1;
Context: http, server, location

Sets the minimum number of file accesses during the period configured by the inactive parameter of the open_file_cache directive, required for a file descriptor to remain open in the cache.
設定在open_file_cache中inactive配置的期間文件的最小訪問數值,要求在緩存中保持文件描述符保持打開狀態。

open_file_cache_valid
Syntax: open_file_cache_valid time;
Default: open_file_cache_valid 60s;
Context: http, server, location

Sets a time after which open_file_cache elements should be validated.
設定緩存項有效性的檢查時間間隔。


向AI問一下細節

免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。

AI

崇明县| 秭归县| 仙游县| 青铜峡市| 沂源县| 阜康市| 南陵县| 锡林浩特市| 藁城市| 同德县| 涪陵区| 昌邑市| 达州市| 闵行区| 郴州市| 新巴尔虎左旗| 尖扎县| 沽源县| 信丰县| 宕昌县| 磴口县| 安远县| 平果县| 和政县| 大关县| 航空| 景东| 策勒县| 天柱县| 石门县| 进贤县| 凤台县| 泉州市| 青海省| 图片| 株洲市| 松阳县| 和政县| 虞城县| 融水| 望谟县|