Nginx静态资源服务器配置指南

配置Nginx作为静态资源服务器是一个常见且高效的做法。以下是详细的配置步骤和说明：

基本配置

1. 创建配置文件（通常在/etc/nginx/conf.d/static.conf或/etc/nginx/sites-available/目录下）

server {
    listen 80;
    server_name static.example.com;  # 替换为你的域名或IP

    # 静态文件根目录
    root /path/to/your/static/files;

    # 默认文件索引
    index index.html;

    # 启用自动目录列表（可选）
    autoindex off;

    location / {
        try_files $uri $uri/ =404;
    }

    # 静态资源缓存设置
    location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
        expires 30d;
        add_header Cache-Control "public, no-transform";
    }
}

高级配置选项

1. 启用Gzip压缩

gzip on;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
gzip_comp_level 6;
gzip_min_length 1000;
gzip_proxied any;

2. 防盗链配置

location ~* \.(jpg|jpeg|png|gif|ico)$ {
    valid_referers none blocked yourdomain.com *.yourdomain.com;
    if ($invalid_referer) {
        return 403;
    }
}

3. 跨域支持

location ~* \.(eot|ttf|woff|woff2)$ {
    add_header Access-Control-Allow-Origin *;
}

4. 禁止访问隐藏文件

location ~ /\. {
    deny all;
    access_log off;
    log_not_found off;
}

性能优化配置

1. 启用sendfile

sendfile on;
tcp_nopush on;
tcp_nodelay on;

2. 工作进程和连接数

worker_processes auto;  # 自动根据CPU核心数设置
events {
    worker_connections 1024;  # 每个工作进程的最大连接数
}

3. 文件描述符缓存

open_file_cache max=1000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;

安全配置

1. 禁用服务器信息

server_tokens off;

2. 安全头部

add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
add_header X-XSS-Protection "1; mode=block";

完整示例配置

user nginx;
worker_processes auto;

events {
    worker_connections 1024;
}

http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;

    gzip on;
    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

    server {
        listen 80;
        server_name static.example.com;

        root /var/www/static;
        index index.html;

        access_log /var/log/nginx/static.access.log;
        error_log /var/log/nginx/static.error.log;

        location / {
            try_files $uri $uri/ =404;
        }

        location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
            expires 30d;
            add_header Cache-Control "public, no-transform";
        }

        location ~ /\. {
            deny all;
            access_log off;
            log_not_found off;
        }

        server_tokens off;
        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-Content-Type-Options "nosniff";
        add_header X-XSS-Protection "1; mode=block";
    }
}

配置完成后

1. 测试配置是否正确：

sudo nginx -t

2. 重新加载Nginx配置：

sudo systemctl reload nginx
# 或
sudo service nginx reload

3. 确保静态文件目录权限正确：

sudo chown -R nginx:nginx /path/to/your/static/files
sudo chmod -R 755 /path/to/your/static/files

这样配置后，Nginx就能高效地作为静态资源服务器运行了。根据实际需求，你可以调整缓存时间、压缩级别等参数。