nginx添加如下配置然后reload一下就好了:
worker_rlimit_nofile 655350;
worker_connections 60000; # 需要小于或等于 worker_rlimit_nofile
2019/12/14 20:24:12 [alert] 2642#2642: setrlimit(RLIMIT_NOFILE, 65535) failed (1: Operation not permitted)
setsebool -P httpd_setrlimit 1
kernel: TCP: request_sock_TCP: Possible SYN flooding on port 9000. Sending cookies. Check SNMP counters.[alert] 1319#1319: 1024 worker_connections are not enough
X-Frame-Options HTTP 响应头是用来给浏览器指示允许一个页面可否在 <frame>, <iframe>或者 <object> 中展现的标记。网站可以使用此功能,来确保自己网站的内容没有被嵌到别人的网站中去,也从而避免了点击劫持 (clickjacking) 的攻击。
X-Frame-Options 有三个值:
DENYSAMEORIGINALLOW-FROM uri换一句话说,如果设置为 DENY,不光在别人的网站 frame 嵌入时会无法加载,在同域名页面中同样会无法加载。另一方面,如果设置为 SAMEORIGIN,那么页面就可以在同域名页面的 frame 中嵌套。
https://developer.mozilla.org/zh-CN/docs/Web/HTTP/X-Frame-Options
| Syntax: | proxy_cookie_path off;proxy_cookie_path path replacement; |
|---|---|
| Default: |
proxy_cookie_path off; |
| Context: | http, server, location |
This directive appeared in version 1.1.15.
2018/04/26 23:34:39 [error] 10872#0: *268906 upstream timed out (110: Connection timed out) while reading upstream, client: 119.103.223.107, server: ****, request: “GET /**** HTTP/1.1”, upstream: “****”, host: “****”
#fastcgi_connect_timeout 600;
#fastcgi_read_timeout 600;
#fastcgi_send_timeout 600;
proxy_connect_timeout 600;
proxy_read_timeout 600;
proxy_send_timeout 600;
upstream timed out (110: Connection timed out) while reading upstream,
upstream timed out (110: Connection timed out) while reading response header from upstream
2018/04/26 23:32:58 [crit] 1457#0: *259351 open() “/usr/share/nginx/html/50x.html” failed (24: Too many open files), client: 112.17.247.117, server: ***, request: “GET /*** HTTP/1.1”, upstream: “***”, host: “***”
worker_rlimit_nofile 65535;
$remote_addr 可信时才能信任 X-Forwarded-For、$proxy_add_x_forwarded_for
nginx配置代理转发,部分配置如下
location / {
# index index.html index.htm index.php;
# try_files $uri $uri/ /index.php$request_uri;
proxy_set_header Host $host;
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Real-Port $remote_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://10.29.185.61:8063;
}
$proxy_add_x_forwarded_forthe “X-Forwarded-For” client request header field with the $remote_addr variable appended to it, separated by a comma. If the “X-Forwarded-For” field is not present in the client request header, the $proxy_add_x_forwarded_for variable is equal to the $remote_addr variable.
“ X-Forward-For”客户端请求头字段,后面附加 $remote _ addr 变量,中间用逗号分隔。如果客户端请求头中没有“ X-Forward-For”字段,则 $proxy_add_x_forwarded_for 变量等于 $remote_addr 变量。
To set up the yum repository, create the file named /etc/yum.repos.d/nginx.repo with the following contents:
[nginx-stable] name=nginx stable repo baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ gpgcheck=1 enabled=1 gpgkey=https://nginx.org/keys/nginx_signing.key
| Syntax: | location [ = | ~ | ~* | ^~ ] uri { ... }location @name { ... } |
|---|---|
| Default: | — |
| Context: | server, location |
location匹配命令
~ #波浪线表示执行一个正则匹配,区分大小写
~* #表示执行一个正则匹配,不区分大小写
^~ #^~表示普通字符匹配,如果该选项匹配,只匹配该选项,不匹配别的选项,一般用来匹配目录
= #进行普通字符精确匹配
@ #”@” 定义一个命名的 location,使用在内部定向时,例如 error_page, try_files
location 匹配的优先级(与location在配置文件中的顺序无关)