nginx 配置
user gaea admin;
worker_processes auto; worker_cpu_affinity auto; worker_rlimit_core 500M; worker_rlimit_nofile 100000;
events { use epoll; worker_connections 20480; }
dso { path /opt/taobao/tengine/modules/;
load ngx_http_subs_filter_module.so;
}
if you want to use tmd, you must uncomment tmd main & http & loc conf
http { include mime.types; default_type application/octet-stream;
root /home/gaea/cai/htdocs;
sendfile on;
tcp_nopush on;
server_tokens off;
keepalive_timeout 0;
keepalive_requests 100;
#client_header_timeout 1m;
#send_timeout 1m;
client_max_body_size 3m;
client_body_temp_path data/client_body;
#client_header_timeout 15;
#client_body_timeout 15;
allow all;
#40X error page
error_page 400 http://echo.alibaba-inc.com/common/error_page.htm;
error_page 402 http://echo.alibaba-inc.com/common/error_page.htm;
error_page 403 http://echo.alibaba-inc.com/common/error_page.htm;
error_page 404 http://echo.alibaba-inc.com/common/error_page.htm;
error_page 405 http://echo.alibaba-inc.com/common/error_page.htm;
error_page 406 http://echo.alibaba-inc.com/common/error_page.htm;
error_page 407 http://echo.alibaba-inc.com/common/error_page.htm;
error_page 408 http://echo.alibaba-inc.com/common/error_page.htm;
error_page 409 http://echo.alibaba-inc.com/common/error_page.htm;
error_page 410 http://echo.alibaba-inc.com/common/error_page.htm;
error_page 411 http://echo.alibaba-inc.com/common/error_page.htm;
error_page 412 http://echo.alibaba-inc.com/common/error_page.htm;
error_page 413 http://echo.alibaba-inc.com/common/error_page.htm;
error_page 414 http://echo.alibaba-inc.com/common/error_page.htm;
error_page 415 http://echo.alibaba-inc.com/common/error_page.htm;
error_page 416 http://echo.alibaba-inc.com/common/error_page.htm;
error_page 417 http://echo.alibaba-inc.com/common/error_page.htm;
#50X error page
error_page 500 http://echo.alibaba-inc.com/common/error_page.htm;
error_page 501 http://echo.alibaba-inc.com/common/error_page.htm;
error_page 502 http://echo.alibaba-inc.com/common/error_page.htm;
error_page 503 http://echo.alibaba-inc.com/common/error_page.htm;
error_page 504 http://echo.alibaba-inc.com/common/error_page.htm;
error_page 505 http://echo.alibaba-inc.com/common/error_page.htm;
index index.html index.htm;
log_format main "$remote_addr $http_HEADER - $remote_user [$time_local] \"$request_method /$host$request_uri $server_protocol\" $status $bytes_sent $request_time_usec \"$http_referer\" \"$http_user_agent\" $cookie_COOKIE $cookie_COOKIE \"a=$cookie_COOKIE; b=$cookie_COOKIE; c=$cookie_COOKIE\" - $remote_port $hostname";
access_log "pipe:/usr/alibaba/cronolog/sbin/cronolog /home/gaea/cai/logs/cookie_logs/%w/cookie_log" main;
error_log "pipe:/usr/alibaba/cronolog/sbin/cronolog /home/gaea/cai/logs/nginx/nginx_error.log.%w" warn;
log_not_found off;
gzip on;
gzip_http_version 1.0;
gzip_comp_level 6;
gzip_min_length 1024;
gzip_proxied any;
gzip_vary on;
gzip_disable msie6;
gzip_buffers 96 8k;
gzip_types text/xml text/plain text/css application/javascript application/x-javascript application/rss+xml application/json;
eagleeye_traceid_var $eagleeye_traceid;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Web-Server-Type nginx;
proxy_set_header WL-Proxy-Client-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header EagleEye-TraceId $eagleeye_traceid;
proxy_redirect off;
proxy_buffers 128 8k;
proxy_temp_path data/proxy;
proxy_intercept_errors on;
#substitution image.china.alibaba.com for i0[0-5].c.aliimg.com in order to resolve browser concurrent for the same DN
subs_filter_types text/htm text/css text/javascript;
subs_filter 'http://img.china.alibaba.com/' 'http://i0${randv}.c.aliimg.com/' gr;
# if you want to use tmd, you must uncomment tmd main & http & loc conf
server {
listen 80 default_server;
set $use_filter 1; if ($http_x_client_scheme = 'https'){ set $use_filter 0; } subs_bypass $use_filter; subs_filter_types text/css application/x-javascript ; subs_filter http://img.china.alibaba.com https://cbu01.alicdn.com; subs_filter http://i(\d).c.aliimg.com https://cbu01.alicdn.com ir; subs_filter http://([\w-]+).alicdn.com https://$1.alicdn.com ir; subs_filter http://style.c.aliimg.com https://astyle.alicdn.com; subs_filter http://([\w-]+).1688.com https://$1.1688.com ir; server_name echo-test.alibaba-inc.com; proxy_set_header Host $host:80;
location ~ ^/(index|error).htm {
proxy_pass http://localhost:6200;
}
location ~ ^/(home|sgt|stc|ifb|common|ajax)/(.*)$ {
proxy_pass http://localhost:6200;
}
location /sendBucSSOToken.do {
proxy_pass http://localhost:6200/sendBucSSOToken.do;
}
location /sendBucSSOToken {
proxy_pass http://localhost:6200/sendBucSSOToken;
}
location /bucSSOLogout.do {
proxy_pass http://localhost:6200/bucSSOLogout.do;
}
location /bucSSOLogout {
proxy_pass http://localhost:6200/bucSSOLogout;
}
rewrite ^/$ http://echo.alibaba-inc.com/index.htm permanent;
location =/status.taobao {
allow 127.0.0.1/32;
deny all;
stub_status on;
expires off;
access_log off;
}
location =/nginx_status {
allow 127.0.0.0/24;
deny all;
stub_status on;
expires off;
}
location = /monitor/ok.htm {
proxy_pass http://localhost:6200;
}
location = /monitor/status.1688 {
proxy_pass http://localhost:6200;
}
}
server { listen 443; server_name echo-test.alibaba-inc.com; proxy_set_header Host $host; proxy_set_header Accept-Encoding ""; proxy_set_header X-Client-Scheme "https"; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Real-IP $remote_addr; proxy_set_header NS-Client-IP $remote_addr; client_body_timeout 15; ssl on; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_certificate /home/gaea/ssl/alilang/alilang-1688.com.crt; ssl_certificate_key /home/gaea/ssl/alilang/alilang-1688.com.key; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-RC4-SHA:AES128-GCM-SHA256:AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:AES256-GCM-SHA384:AES256-SHA256:ECDHE-RSA-AES128-SHA256:RC4-SHA:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!DSS:!PKS; ssl_session_cache shared:SSL:512000; ssl_session_timeout 600; proxy_set_header Proxy-Client-IP $remote_addr; location / { proxy_pass http://localhost:80/; } } }