Detailed explanation of Nginx configuration file

#global block#user nobody;
worker_processes 1;

#event block events {
 worker_connections 1024;
}

#http block http {
 #http global block include mime.types;
 default_type application/octet-stream;
 sendfile on;
 keepalive_timeout 65;
 #server block server {
  #server global block listen 8000;
  server_name localhost;
  #location block location / {
   root html;
   index index.html index.htm;
  }
  error_page 500 502 503 504 /50x.html;
  location = /50x.html {
   root html;
  }
 }
 #There can be multiple server blocks here server {
  ...
 }
}

#Specify the user and user group that can run the nginx service. This can only be configured in the global block. #user [user] [group]
# Comment out the user directive, or configure it to nobody so that all users can run it # user nobody nobody;
# The user directive does not work on Windows. If you specify a specific user and user group, a small warning will be reported. # nginx: [warn] "user" is not supported, ignored in D:\software\nginx-1.18.0/conf/nginx.conf:2

#Specify the number of worker threads. You can specify a specific number of processes or use automatic mode. This command can only be configured in the global block # worker_processes number | auto;
# Example: Specify 4 worker threads. In this case, a master process and 4 worker processes will be generated. # worker_processes 4;

#Specify the path where the pid file is stored. This command can only be configured in the global block. #pid logs/nginx.pid;

#Specify the path and log level of the error log. This directive can be configured in the global block, http block, server block, and location block. (What are the differences in different block configurations??)
# The debug level log needs to be compiled with --with-debug to turn on the debug switch# error_log [path] [debug | info | notice | warn | error | crit | alert | emerg] 
# error_log logs/error.log notice;
# error_log logs/error.log info;

# When only one network connection comes at a certain time, multiple sleeping processes will be woken up at the same time, but only one process can obtain the connection. If too many processes are woken up each time, part of the system performance will be affected. This problem may occur in the multi-process Nginx server.
# When enabled, multiple Nginx processes will serialize the connections they receive to prevent multiple processes from competing for the connection. # It is enabled by default and can only be configured in the events block. # accept_mutex on | off;

# If multi_accept is disabled, an nginx worker process can only accept one new connection at a time. Otherwise, a single worker process can accept all new connections simultaneously. 
# This directive will be ignored if nginx uses the kqueue connection method, since this method reports the number of new connections waiting to be accepted.
# The default is off, and can only be configured in the event block # multi_accept on | off;

#Specify which network IO model to use. The available methods are: select, poll, kqueue, epoll, rtsig, /dev/poll, and eventport. Generally, operating systems do not support all of the above models.
# Can only be configured in the events block# use method
# use epoll

# Set the maximum number of connections allowed for each worker process to be opened at the same time. When the number of connections accepted by each worker process exceeds this value, no more connections will be accepted. # When all worker processes are full, the connection enters logback. After logback is full, the connection is rejected. # Can only be configured in the events block. # Note: This value cannot exceed the maximum number of files supported by the system or the maximum number of files supported by a single process. For details, please refer to this article: https://cloud.tencent.com/developer/article/1114773
# worker_connections 1024;

# Common browsers can display a wide variety of text, media and other resources, including HTML, XML, GIF and Flash. In order to distinguish these resources, the browser needs to use MIME Type. In other words, MIME Type is the media type of a network resource. As a web server, the Nginx server must be able to identify the resource type requested by the front-end.

# The include directive is used to include other configuration files. It can be placed anywhere in the configuration file. However, please note that the configuration file you include must comply with the configuration specifications. For example, if the configuration you include is the configuration of the worker_processes directive, and you include this directive in the http block, this will definitely not work. As mentioned above, the worker_processes directive can only be in the global block.
# The following command includes mime.types. mime.types and ngin.cfg are in the same directory. If they are at different levels, the specific path needs to be specified. # include mime.types;

# Configure the default type. If this directive is not added, the default value is text/plain.
# This directive can also be configured in the http block, server block or location block.
# default_type application/octet-stream;

# access_log configuration, this directive can be set in http block, server block or location block # In the global block, we introduced the errer_log directive, which is used to configure the log storage and level when the Nginx process is running. The log referred to here is different from the conventional one. It refers to the log that records the service process of the Nginx server in response to the front-end request # access_log path [format [buffer=size]]
# If you want to turn off access_log, you can use the following command # access_log off;

# The log_format directive is used to define the log format. This directive can only be configured in the http block. # log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
# After defining the above log format, you can use the log in the following form # access_log logs/access.log main;

# Enable or disable sendfile file transfer. This can be configured in http block, server block or location block. # sendfile on | off;

# Set the maximum data size of sendfile. This instruction can be configured in http block, server block or location block. # sendfile_max_chunk size;
# If the size value is greater than 0, the maximum amount of data transmitted by each worker process of the Nginx process each time it calls sendfile() cannot exceed this value (here it is 128k, so it cannot exceed 128k each time); if it is set to 0, there is no limit. The default value is 0.
# sendfile_max_chunk 128k;

# Configure the connection timeout. This directive can be configured in the http block, server block or location block.
# After establishing a session connection with the user, the Nginx server can keep these connections open for a period of time # timeout, the server-side connection retention time. The default value is 75s; header_timeout, optional, sets the timeout in the Keep-Alive field in the response message header: "Keep-Alive: timeout = header_timeout". This instruction in the message can be recognized by Mozilla or Konqueror.
# keepalive_timeout timeout [header_timeout]
# The following configuration means that the server keeps the connection for 120 seconds and the timeout period of the Keep-Alive field in the response message header sent to the client is set to 100 seconds.
# keepalive_timeout 120s 100s

# Configure the upper limit of single connection request number. This directive can be configured in http block, server block or location block.
# After the Nginx server and the client establish a session connection, the client sends a request through this connection. The keepalive_requests directive is used to limit the number of requests a user can send to the Nginx server through a certain connection. The default is 100
# keepalive_requests number;

//First listen address[:port] [default_server] [ssl] [http2 | spdy] [proxy_protocol] [setfib=number] [fastopen=number] [backlog=number] [rcvbuf=size] [sndbuf=size] [accept_filter=filter] [deferred] [bind] [ipv6only=on|off] [reuseport] [so_keepalive=on|off|[keepidle]:[keepintvl]:[keepcnt]];

//The second listen port [default_server] [ssl] [http2 | spdy] [proxy_protocol] [setfib=number] [fastopen=number] [backlog=number] [rcvbuf=size] [sndbuf=size] [accept_filter=filter] [deferred] [bind] [ipv6only=on|off] [reuseport] [so_keepalive=on|off|[keepidle]:[keepintvl]:[keepcnt]];

//The third type (you don’t need to focus on it)
listen unix:path [default_server] [ssl] [http2 | spdy] [proxy_protocol] [backlog=number] [rcvbuf=size] [sndbuf=size] [accept_filter=filter] [deferred] [bind] [so_keepalive=on|off|[keepidle]:[keepintvl]:[keepcnt]];
The configuration of the listen instruction is very flexible. You can specify an IP address, a port, or both an IP address and a port.

listen 127.0.0.1:8000; #Only listen for requests from the IP 127.0.0.1 and port 8000. listen 127.0.0.1; #Only listen for requests from the IP 127.0.0.1 and port 80 (do not specify a port, default is 80)
listen 8000; #Listen for requests from all IPs to port 8000 listen *:8000; #Same as above listen localhost:8000; #Same as the first effect

Syntax: server_name name ...;
Default: 
server_name "";
Context: server

server_name myserver.com www.myserver.com

server_name myserver.* *.myserver.com

http
{
 {
 listen: 80;
 server_name: 192.168.1.31;
  ...
 }
 {
 listen: 80;
 server_name: 192.168.1.32;
  ...
 }
}

location [ = | ~ | ~* | ^~ ] uri { ... }

root path

######Detailed explanation of Nginx configuration file nginx.conf in Chinese######

#Define the user and user group that Nginx runs as user www www;

#Number of nginx processes. It is recommended to set it equal to the total number of CPU cores.
worker_processes 8;
 
#Global error log definition type, [ debug | info | notice | warn | error | crit ]
error_log /usr/local/nginx/logs/error.log info;

#Process pid file pid /usr/local/nginx/logs/nginx.pid;

#Specify the maximum number of descriptors that a process can open: #Working mode and upper limit of connection number #This instruction refers to the maximum number of file descriptors opened by an nginx process. The theoretical value should be the maximum number of open files (ulimit -n) divided by the number of nginx processes, but nginx does not distribute requests evenly, so it is best to keep it consistent with the value of ulimit -n.
#Now under the Linux 2.6 kernel, the number of open files is 65535, and worker_rlimit_nofile should be filled in with 65535 accordingly.
#This is because nginx does not allocate requests to processes evenly during scheduling. So if you fill in 10240, when the total concurrency reaches 30,000-40,000, there may be more than 10240 processes, and a 502 error will be returned.
worker_rlimit_nofile 65535;


events
{
 #Refer to the event model, use [ kqueue | rtsig | epoll | /dev/poll | select | poll ]; epoll model #is a high-performance network I/O model in the Linux kernel above version 2.6. Linux recommends epoll. If running on FreeBSD, use the kqueue model.
 #Supplementary explanation:
 #Similar to Apache, nginx has different event models for different operating systems #A) Standard event model #Select and poll belong to the standard event model. If there is no more effective method in the current system, nginx will choose select or poll
 #B) Efficient event model #Kqueue: used in FreeBSD 4.1+, OpenBSD 2.9+, NetBSD 2.0 and MacOS X. Using kqueue on MacOS X systems with dual processors may cause kernel panic.
 #Epoll: used in Linux kernel version 2.6 and later systems.
 #/dev/poll: used on Solaris 7 11/99+, HP/UX 11.22+ (eventport), IRIX 6.5.15+ and Tru64 UNIX 5.1A+.
 #Eventport: Used in Solaris 10. To prevent kernel crashes, it is necessary to install security patches.
 use epoll;

 #Maximum number of connections for a single process (maximum number of connections = number of connections * number of processes)
 #Adjust according to the hardware and use it in conjunction with the previous work process. Make it as large as possible, but don't run the CPU to 100%. The maximum number of connections allowed for each process. Theoretically, the maximum number of connections for each nginx server is.
 worker_connections 65535;

 #keepalive timeout.
 keepalive_timeout 60;

 #The buffer size for client request headers. This can be set according to your system paging size. Generally, the size of a request header will not exceed 1k. However, since the system paging is generally larger than 1k, it is set to the paging size here.
 #The paging size can be obtained using the command getconf PAGESIZE.
 #[root@web001 ~]# getconf PAGESIZE
 #4096
 #However, there are cases where client_header_buffer_size exceeds 4k, but the value of client_header_buffer_size must be set to an integer multiple of the "system paging size".
 client_header_buffer_size 4k;

 #This will specify the cache for open files. It is not enabled by default. max specifies the number of caches. It is recommended to be consistent with the number of open files. inactive refers to the time after which the cache is deleted if the file is not requested.
 open_file_cache max=65535 inactive=60s;

 #This refers to how often to check the cached valid information.
 #Syntax: open_file_cache_valid time Default value: open_file_cache_valid 60 Used fields: http, server, location This directive specifies when to check the validity information of the cache items in open_file_cache.
 open_file_cache_valid 80s;

 The minimum number of times a file is used within the inactive parameter time in the #open_file_cache directive. If this number is exceeded, the file descriptor is always opened in the cache. As in the above example, if a file is not used once within the inactive time, it will be removed.
 #Syntax: open_file_cache_min_uses number Default value: open_file_cache_min_uses 1 Used in: http, server, location This directive specifies the minimum number of files that can be used within a certain time range in the parameters of the open_file_cache directive. If a larger value is used, the file descriptor is always open in the cache.
 open_file_cache_min_uses 1;
 
 #Syntax: open_file_cache_errors on | off Default value: open_file_cache_errors off Used fields: http, server, location This directive specifies whether to log cache errors when searching for a file.
 open_file_cache_errors on;
}
 
 
 
#Set up the http server and use its reverse proxy function to provide load balancing support for http
{
 #File extension and file type mapping table include mime.types;

 #Default file type default_type application/octet-stream;

 #Default encoding #charset utf-8;

 #Server name hash table size#The hash table that stores server names is controlled by the directives server_names_hash_max_size and server_names_hash_bucket_size. The parameter hash bucket size is always equal to the size of the hash table and is a multiple of the processor cache size. By reducing the number of accesses in memory, it is possible to speed up the search for hash table key values ​​in the processor. If the hash bucket size is equal to the size of the processor cache, then when searching for a key, the worst case number of memory searches is 2. The first time is to determine the address of the storage unit, and the second time is to find the key value in the storage unit. Therefore, if Nginx gives a hint that you need to increase the hash max size or hash bucket size, the first thing to do is to increase the size of the former parameter.
 server_names_hash_bucket_size 128;

 #The buffer size for client request headers. This can be set according to your system paging size. Generally, the header size of a request will not exceed 1k. However, since the system paging is generally larger than 1k, it is set to the paging size here. The paging size can be obtained using the command getconf PAGESIZE.
 client_header_buffer_size 32k;

 #Client request header buffer size. By default, nginx uses the client_header_buffer_size buffer to read the header value. If the header is too large, it will use large_client_header_buffers to read it.
 large_client_header_buffers 4 64k;

 #Set the size of files uploaded through nginx client_max_body_size 8m;

 #Turn on efficient file transfer mode. The sendfile directive specifies whether nginx calls the sendfile function to output files. For common applications, it is set to on. If it is used for downloading and other applications with heavy disk IO load, it can be set to off to balance the disk and network I/O processing speeds and reduce the system load. Note: If the image does not display properly, change this to off.
 The #sendfile directive specifies whether nginx calls the sendfile function (zero copy mode) to output files. For normal applications, it must be set to on. If it is used for disk IO heavy load applications such as downloading, it can be set to off to balance the disk and network IO processing speeds and reduce system uptime.
 sendfile on;

 # Enable directory list access, suitable for downloading servers, closed by default.
 autoindex on;

 #This option allows or prohibits the use of socke's TCP_CORK option. This option is only used when sendfile is used with tcp_nopush on;
  
 tcp_nodelay on;

 #Long connection timeout, in seconds keepalive_timeout 120;

 #FastCGI related parameters are designed to improve website performance: reduce resource usage and increase access speed. The following parameters can be understood literally.
 fastcgi_connect_timeout 300;
 fastcgi_send_timeout 300;
 fastcgi_read_timeout 300;
 fastcgi_buffer_size 64k;
 fastcgi_buffers 4 64k;
 fastcgi_busy_buffers_size 128k;
 fastcgi_temp_file_write_size 128k;

 #gzip module settings gzip on; #enable gzip compression output gzip_min_length 1k; #minimum compressed file size gzip_buffers 4 16k; #compression buffer gzip_http_version 1.0; #compression version (default 1.1, if the front end is squid2.5, please use 1.0)
 gzip_comp_level 2; #Compression level gzip_types text/plain application/x-javascript text/css application/xml; #Compression type. By default, textml is already included, so you don’t need to write it below. There will be no problem if you write it, but there will be a warning.
 gzip_vary on;

 #When you enable limiting the number of IP connections, you need to use #limit_zone crawler $binary_remote_addr 10m;

 

 #Load balancing configuration upstream jh.w3cschool.cn {
  
  #Upstream load balancing, weight is the weight, which can be defined according to the machine configuration. The weight parameter represents the weight. The higher the weight, the greater the probability of being assigned.
  server 192.168.80.121:80 weight=3;
  server 192.168.80.122:80 weight=2;
  server 192.168.80.123:80 weight=3;

  #Nginx upstream currently supports 4 ways of allocation#1, polling (default)
  #Each request is assigned to a different backend server in chronological order. If the backend server is down, it can be automatically removed.
  #2.weight
  #Specify the polling probability. The weight is proportional to the access ratio. It is used when the backend server performance is uneven.
  #For example:
  #upstream bakend
  # server 192.168.0.14 weight=10;
  # server 192.168.0.15 weight=10;
  #}
  #2, ip_hash
  #Each request is assigned according to the hash result of the access IP, so that each visitor accesses a fixed backend server, which can solve the session problem.
  #For example:
  #upstream bakend
  #ip_hash;
  # server 192.168.0.14:88;
  # server 192.168.0.15:80;
  #}
  #3. fair (third party)
  #Allocate requests based on the response time of the backend server, with priority given to requests with shorter response times.
  #upstream backend {
  # server server1;
  # server server2;
  # fair;
  #}
  #4. url_hash (third party)
  #Distribute requests according to the hash result of the accessed URL so that each URL is directed to the same backend server. This is more effective when the backend server is cached.
  #Example: Add a hash statement in upstream. Other parameters such as weight cannot be written in the server statement. hash_method is the hash algorithm used. #upstream backend {
  # server squid1:3128;
  # server squid2:3128;
  # hash $request_uri;
  # hash_method crc32;
  #}

  #tips:
  #upstream bakend{#Define the IP and device status of the load balancing device}{
  #ip_hash;
  # server 127.0.0.1:9090 down;
  # server 127.0.0.1:8080 weight=2;
  # server 127.0.0.1:6060;
  # server 127.0.0.1:7070 backup;
  #}
  #Add proxy_pass http://bakend/ to the server that needs to use load balancing;

  #The status of each device is set to:
  #1.down means that the server in front of the order is temporarily not involved in the load. #2.weight The larger the weight, the greater the weight of the load.
  #3.max_fails: The default number of request failures allowed is 1. When the maximum number is exceeded, the error defined by the proxy_next_upstream module is returned. #4.fail_timeout: The pause time after max_fails failures.
  #5.backup: When all other non-backup machines are down or busy, request the backup machine. So this machine will have the lightest pressure.

  #nginx supports setting up multiple groups of load balancing at the same time for use by different servers.
  #client_body_in_file_only is set to On to record the data posted by the client into a file for debugging
  #client_body_temp_path sets the directory for recording files. You can set up to 3 directories. #location matches the URL. You can redirect or perform new proxy load balancing.}
  
  
  
 #Virtual host configuration server
 {
  #Listen port listen 80;

  #You can have multiple domain names, separated by spaces server_name www.w3cschool.cn w3cschool.cn;
  index index.html index.htm index.php;
  root /data/www/w3cschool;

  #Load balancing for ****** location ~ .*.(php|php5)?$
  {
   fastcgi_pass 127.0.0.1:9000;
   fastcgi_index index.php;
   include fastcgi.conf;
  }
   
  #Image cache time setting location ~ .*.(gif|jpg|jpeg|png|bmp|swf)$
  {
   expires 10d;
  }
   
  #JS and CSS cache time setting location ~ .*.(js|css)?$
  {
   expires 1h;
  }
   
  #Log format settings#$remote_addr and $http_x_forwarded_for are used to record the client's IP address;
  #$remote_user: used to record the client user name;
  #$time_local: used to record access time and time zone;
  #$request: used to record the requested URL and http protocol;
  #$status: Used to record the request status; success is 200,
  #$body_bytes_sent: records the size of the file body sent to the client;
  #$http_referer: used to record the page link from which the visit came;
  #$http_user_agent: records the relevant information of the client browser;
  #Usually the web server is placed behind the reverse proxy, so it cannot obtain the client's IP address. The IP address obtained through $remote_add is the IP address of the reverse proxy server. The reverse proxy server can add x_forwarded_for information in the http header information of the forwarded request to record the IP address of the original client and the server address requested by the original client.
  log_format access '$remote_addr - $remote_user [$time_local] "$request" '
  '$status $body_bytes_sent "$http_referer" '
  '"$http_user_agent" $http_x_forwarded_for';
   
  #Define the access log of this virtual host access_log /usr/local/nginx/logs/host.access.log main;
  access_log /usr/local/nginx/logs/host.access.404.log log404;
   
  # Enable reverse proxy for "/" location / {
   proxy_pass http://127.0.0.1:88;
   proxy_redirect off;
   proxy_set_header X-Real-IP $remote_addr;
    
   #The backend Web server can obtain the user's real IP through X-Forwarded-For
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    
   #The following are some reverse proxy configurations, optional.
   proxy_set_header Host $host;

   #The maximum number of bytes of a single file allowed to be requested by the client client_max_body_size 10m;

   #The maximum number of bytes that the buffer proxy buffers for client requests,
   #If you set it to a relatively large value, such as 256k, then whether you use Firefox or IE browser to submit any image smaller than 256k, it will be normal. If you comment this directive and use the default client_body_buffer_size setting, which is twice the operating system page size, 8k or 16k, the problem will occur.
   #Whether using Firefox 4.0 or IE 8.0, submitting a relatively large image of about 200k will return a 500 Internal Server Error error client_body_buffer_size 128k;

   # means to make nginx block HTTP response codes of 400 or higher.
   proxy_intercept_errors on;

   #Backend server connection timeout_initiate handshake and wait for response timeout #nginx connects to backend server timeout (proxy connection timeout)
   proxy_connect_timeout 90;

   #Backend server data transmission time (proxy sending timeout)
   #The backend server data transmission time is the time within which the backend server must transmit all data proxy_send_timeout 90;

   #After the connection is successful, the backend server response time (proxy receiving timeout)
   #After the connection is successful_waiting for the backend server to respond_In fact, it has entered the backend queue waiting for processing (it can also be said to be the time it takes for the backend server to process the request)
   proxy_read_timeout 90;

   #Set the size of the buffer used by the proxy server (nginx) to store user header information #Set the size of the buffer for the first part of the response read from the proxy server. Usually, this part of the response contains a small response header. By default, this value is the size of the buffer specified in the proxy_buffers directive, but it can be set to a smaller proxy_buffer_size 4k;

   #proxy_buffers buffer, the average web page is set below 32k #Set the number and size of buffers used to read responses (from the proxied server). The default is also the paging size, which may be 4k or 8k depending on the operating system
   proxy_buffers 4 32k;

   #Buffer size under high load (proxy_buffers*2)
   proxy_busy_buffers_size 64k;

   #Set the size of the data when writing to proxy_temp_path to prevent a worker process from being blocked for too long when transferring files #Set the cache folder size. If it is larger than this value, proxy_temp_file_write_size 64k will be transferred from the upstream server;
  }
   
   
  #Set the address to view Nginx status location /NginxStatus {
   stub_status on;
   access_log on;
   auth_basic "NginxStatus";
   auth_basic_user_file confpasswd;
   #The content of the htpasswd file can be generated using the htpasswd tool provided by Apache.
  }
   
  #Local dynamic and static separation reverse proxy configuration #All jsp pages are handled by tomcat or resin location ~ .(jsp|jspx|do)?$ {
   proxy_set_header Host $host;
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   proxy_pass http://127.0.0.1:8080;
  }
   
  #All static files are read directly by nginx without passing through tomcat or resin
  location ~ .*.(htm|html|gif|jpg|jpeg|png|bmp|swf|ioc|rar|zip|txt|flv|mid|doc|ppt|
  pdf|xls|mp3|wma)$
  {
   expires 15d; 
  }
   
  location ~ .*.(js|css)?$
  {
   expires 1h;
  }
 }
}
######Detailed explanation of Nginx configuration file nginx.conf in Chinese######