Nginx虚拟主机优化配置指南

一、基础优化配置

1. 工作进程优化

worker_processes auto;  # 自动匹配CPU核心数
worker_cpu_affinity auto;  # CPU亲和性绑定(新版本支持auto)
events {
    worker_connections 10240;  # 单个worker最大连接数
    use epoll;  # Linux下高性能事件模型
    multi_accept on;  # 一个worker同时接受多个连接
}

2. HTTP核心优化

http {
    sendfile on;  # 启用高效文件传输模式
    tcp_nopush on;  # 仅在sendfile开启时有效，优化数据包发送
    tcp_nodelay on;  # 禁用Nagle算法，提高实时性

    keepalive_timeout 65;  # 长连接超时时间
    keepalive_requests 1000;  # 单个长连接最大请求数

    server_tokens off;  # 隐藏Nginx版本信息
    client_max_body_size 100M;  # 最大上传文件大小
}

二、虚拟主机性能优化

1. 静态资源优化

server {
    location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
        expires 365d;  # 长期缓存静态资源
        access_log off;  # 关闭日志记录减少IO
        add_header Cache-Control "public, immutable";  # 现代浏览器缓存控制

        # 开启gzip压缩
        gzip on;
        gzip_types text/plain text/css application/json application/javascript text/xml;
        gzip_comp_level 6;
        gzip_min_length 1024;
        gzip_proxied any;
    }
}

2. 动态内容优化

server {
    location / {
        proxy_cache my_cache;  # 启用代理缓存
        proxy_cache_valid 200 302 10m;  # 缓存有效时间
        proxy_cache_use_stale error timeout updating;
        proxy_cache_lock on;  # 缓存锁防止惊群

        # 后端连接优化
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        # 超时设置
        proxy_connect_timeout 5s;
        proxy_send_timeout 10s;
        proxy_read_timeout 30s;
    }
}

三、高级优化技术

1. 启用HTTP/2

server {
    listen 443 ssl http2;  # 启用HTTP/2

    ssl_certificate /path/to/cert.pem;
    ssl_certificate_key /path/to/key.pem;

    # SSL优化配置
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
}

2. Brotli压缩(需Nginx支持)

http {
    brotli on;
    brotli_comp_level 6;
    brotli_types text/plain text/css application/json application/javascript text/xml;
}

3. 连接限制与防护

http {
    limit_req_zone $binary_remote_addr zone=one:10m rate=10r/s;

    server {
        location /api/ {
            limit_req zone=one burst=20 nodelay;
        }
    }
}

四、监控与调优建议

1. 性能监控：

   • 使用ngx_http_stub_status_module模块监控Nginx状态
   • 定期分析access.log和error.log

2. 压力测试：

   • 使用ab、wrk或JMeter进行压力测试
   • 根据测试结果调整worker_processes和worker_connections

3. 持续优化：

   • 定期更新Nginx版本
   • 根据业务特点调整缓存策略
   • 监控慢请求并针对性优化

五、完整配置示例

user www-data;
worker_processes auto;
worker_cpu_affinity auto;
error_log /var/log/nginx/error.log warn;
pid /run/nginx.pid;

events {
    worker_connections 10240;
    use epoll;
    multi_accept on;
}

http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';

    access_log /var/log/nginx/access.log main buffer=32k flush=5m;

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;

    keepalive_timeout 65;
    keepalive_requests 1000;

    server_tokens off;
    client_max_body_size 100M;

    gzip on;
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_min_length 1024;
    gzip_types text/plain text/css application/json application/javascript text/xml;

    # 代理缓存配置
    proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=my_cache:10m inactive=60m use_temp_path=off;

    # 虚拟主机配置
    server {
        listen 80;
        server_name example.com;

        # 静态资源
        location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
            expires 365d;
            access_log off;
            add_header Cache-Control "public, immutable";
        }

        # 动态内容
        location / {
            proxy_pass http://backend;
            proxy_cache my_cache;
            proxy_cache_valid 200 302 10m;
            proxy_cache_use_stale error timeout updating;
            proxy_cache_lock on;

            proxy_http_version 1.1;
            proxy_set_header Connection "";
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            proxy_connect_timeout 5s;
            proxy_send_timeout 10s;
            proxy_read_timeout 30s;
        }
    }

    upstream backend {
        server 127.0.0.1:8080;
        keepalive 32;  # 保持到后端的连接池
    }
}

以上配置可根据实际业务需求进行调整，建议在修改前备份原配置文件，并在测试环境验证后再应用到生产环境。