分类目录归档：Nginx

Nginx+PHP服务器上传限制调节

nginx:

client_max_body_size 1G;

php.ini:

upload_max_filesize = 1G
post_max_size = 1G

nginx restart failed:nginx: [alert] OPENSSL_init_ssl() failed (SSL: error:12800067:DSO support routines::could not load the shared library:filename(/snap/certbot/4325/usr/lib/x86_64-linux-gnu/ossl-modules/fips.so): /snap/certbot/4325/usr/lib/x86_64-linux-gnu/ossl-modules/fips.so: cannot open shared object file: No such file or directory error:12800067:DSO support routines::could not load the shared library error:07880025:common libcrypto routines::reason(37):name=fips error:0700006D:configuration file routines::module initialization error:module=providers, value=provider_sect retcode=-1 ) 解决办法

nginx restart failed:
nginx: [alert] OPENSSL_init_ssl() failed (SSL: error:12800067:DSO support routines::could not load the shared library:filename(/snap/certbot/4325/usr/lib/x86_64-linux-gnu/ossl-modules/fips.so): /snap/certbot/4325/usr/lib/x86_64-linux-gnu/ossl-modules/fips.so: cannot open shared object file: No such file or directory error:12800067:DSO support routines::could not load the shared library error:07880025:common libcrypto routines::reason(37):name=fips error:0700006D:configuration file routines::module initialization error:module=providers, value=provider_sect retcode=-1 )

解决办法：

nginx restart failed:
nginx: [alert] OPENSSL_init_ssl() failed (SSL: error:12800067:DSO support routines::could not load the shared library:filename(/snap/certbot/4325/usr/lib/x86_64-linux-gnu/ossl-modules/fips.so): /snap/certbot/4325/usr/lib/x86_64-linux-gnu/ossl-modules/fips.so: cannot open shared object file: No such file or directory error:12800067:DSO support routines::could not load the shared library error:07880025:common libcrypto routines::reason(37):name=fips error:0700006D:configuration file routines::module initialization error:module=providers, value=provider_sect retcode=-1      )

Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
[root@ooops ~]# find / -name fips.so
/usr/lib64/ossl-modules/fips.so
[root@ooops ~]# mount --bind /usr/lib64/ossl-modules/ /snap/certbot/4325/usr/lib/x86_64-linux-gnu/ossl-modules/

4325注意替换为你的id

nginx proxy_pass使用gzip传输节约内部流量

location / {
    ...
    proxy_set_header Accept-Encoding "gzip";
    ...
    proxy_pass ...;
}

$realpath_root 和 $document_root 区别

$realpath_root：

an absolute pathname corresponding to the root or alias directive’s value for the current request, with all symbolic links resolved to real paths

如果是符号链接，$realpath_root指向符号链接的真实路径

$document_root：

root or alias directive’s value for the current request

$document_root 是root或alias指定的值

nginx: worker process is shutting down

nginx: worker process is shutting down，这个是nginx reload后可能会出现的，应该是继续处理未结束线程用的。

如果你的超时相关配置设置了很长时间，那么这个线程也会存在很长时间。

关于`a client request body is buffered to a temporary file /var/cache/nginx/client_temp/…`的问题

很多教程是改`client_body_buffer_size`我觉得这样不太好，因为:

非常吃内存
不符合流式传输，无法立即刷送

另外一种解决方案是：（关闭缓冲即可）

fastcgi_buffering off;
fastcgi_request_buffering off;

弄清楚thinkphp的nginx配置问题

继续阅读 →

Nginx限流

https://blog.csdn.net/m0_45406092/article/details/124713027

要点：

Example Configuration

http {
    limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;

    ...

    server {

        ...

        location /search/ {
            limit_req zone=one burst=5;
        }

rate=1r/s; 表示 1请求每秒，也可以是 rate=30r/m;(30请求每分)

$binary_remote_addr 表示根据 ip v4或者 ip v6地址来限制流量

burst=5;表示突发请求不超过5个

nginx 指定下载文件的文件名

server {
    .....

    location ~* .*\.(doc|txt|jar|zip|apk)(\?.*)?$ {
        if ($request_uri ~* ^.*\/(.*)\.(doc|txt|jar|zip|apk)(\?name=([^&]+))$) {
            add_header Content-Disposition "attachment;filename=$arg_name.$2";
        }
    }

Nginx proxy_pass https 间歇性502，浏览器一段时间静置后502

继续阅读 →