Nginx 优化笔记
|
5,554
|
0
|
未分类

164 字
|
2 分钟
本文最后更新于 1627 天前,其中的信息可能已经有所发展或是发生改变。

Brotli支持

项目地址:https://github.com/google/ngx_brotli

brotli要比gzip压缩比高得多,压缩时间也要稍长些。

brotli只有部分浏览器支持

在http块中配置

brotli_static on;
brotli on;  
brotli_comp_level 6;  
brotli_buffers 32 4k;  
brotli_min_length 20;  
brotli_types text/plain
    text/javascript
    text/css
    text/xml
    text/x-component
    text/x-json
    application/javascript
    application/x-javascript
    application/xml
    application/json
    application/xhtml+xml
    application/rss+xml
    application/atom+xml
    application/x-font-ttf
    application/vnd.ms-fontobject
    application/x-web-app-manifest+json
    image/svg+xml
    image/x-icon
    font/opentype
    text/html;

systemd脚本

在没有编译安装的时候没有启动脚本,自己创建一个[参考NginxWiki]

保存在:/lib/systemd/system/nginx.service

[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t
ExecStart=/usr/sbin/nginx
ExecReload=/usr/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true

[Install]
WantedBy=multi-user.target

pagespeed模块

https://github.com/apache/incubator-pagespeed-ngx

Header

server_tokens off;

add_header X-XSS-Protection "1; mode=block";

add_header X-Frame-Options "SAMEORIGIN";

SSL

安全

ssl_prefer_server_ciphers on;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;

ssl_ecdh_curve secp384r1;

缓存

ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;
ssl_session_tickets off;

算法

ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';

OCSP Stapling

resolver 8.8.8.8 8.8.4.4;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/ssl/chain.crt;

dhparam

openssl dhparam -out dhparam.pem 2048

ssl_dhparam /etc/nginx/ssl/dhparam.pem;

HSTS

add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";

防盗链

强制ssl

WEBP

Event块

events {
  use epoll;
  multi_accept on;
}

Http块

http {     sendfile on;     tcp_nopush on;     tcp_nodelay on; }

 

暂无评论

发送评论 编辑评论 


				

			

						

				

					

						

							

								
							

							
						

					

				

				

					

						

							

								
							

							
						

					

				

				

					

						

							

								
							

							
							
													

					

				

			

			
			

				

					
				

			

				

											

							
							
						

																				
					
											
						

	

		
|´・ω・)ノ
ヾ(≧∇≦*)ゝ
(☆ω☆)
(╯‵□′)╯︵┴─┴
 ̄﹃ ̄
(/ω\)
∠( ᐛ 」∠)_
(๑•̀ㅁ•́ฅ)
→_→
୧(๑•̀⌄•́๑)૭
٩(ˊᗜˋ*)و
(ノ°ο°)ノ
(´இ皿இ`)
⌇●﹏●⌇
(ฅ´ω`ฅ)
(╯°A°)╯︵○○○
φ( ̄∇ ̄o)
ヾ(´・ ・`。)ノ"
( ง ᵒ̌皿ᵒ̌)ง⁼³₌₃
(ó﹏ò。)
Σ(っ °Д °;)っ
( ,,´・ω・)ノ"(´っω・`。)
╮(╯▽╰)╭
o(*////▽////*)q
>﹏<
( ๑´•ω•) "(ㆆᴗㆆ)
😂
😀
😅
😊
🙂
🙃
😌
😍
😘
😜
😝
😏
😒
🙄
😳
😡
😔
😫
😱
😭
💩
👻
🙌
🖕
👍
👫
👬
👭
🌚
🌝
🙈
💊
😶
🙏
🍦
🍉
😣
Source: github.com/k4yt3x/flowerhd
	

	

		
颜文字
Emoji
小恐龙
花!
	


									

			

			
			
		

	






上一篇
下一篇 

                    

                    
			        推荐文章
		            

		            

							
关于GoFrame的踩坑 (v2)

							
							

							
golang 快速入门学习笔记

							
							

							
购物车

							
							

							
北京联通中兴F477V2光猫破解

							
							

							
PostgreSQL笔记

							
							

							
修改PotPlayer缓存设置 防止在线视频狂写C盘

							
							

							
不修改BIOS绕路引导NVMe

							
							

							
为网站部署 HSTS 预防中间人重定向攻击

							
							

							
SLIC 软激活导致开机卡 LOGO

							
							

							
几句话理解掩码作用