zh
Nginx VPS配置:反向代理和负载均衡指南
Nginx是世界上最高效的Web服务器和反向代理,以其事件驱动架构、低内存占用和出色的高并发处理能力著称。在Anubiz Host离岸VPS上正确配置Nginx可以将服务器性能发挥到极致,同时实现多应用托管、SSL卸载和流量负载均衡。本指南涵盖从基础安装到高级负载均衡的完整配置方案。
Need this done for your project?
We implement, you ship. Async, documented, done in days.
Nginx安装与基础配置
在Ubuntu/Debian VPS上安装最新版Nginx:
apt update
apt install -y nginx
systemctl enable nginx
systemctl start nginx
nginx -v
# 开放防火墙端口
ufw allow 'Nginx Full'
ufw enableuser www-data;
worker_processes auto; # 自动匹配CPU核心数
worker_rlimit_nofile 65535;
events {
worker_connections 4096; # 每worker最大连接数
use epoll; # Linux高效I/O模型
multi_accept on;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
keepalive_requests 1000;
types_hash_max_size 2048;
# 安全头
server_tokens off; # 隐藏Nginx版本号
include /etc/nginx/mime.types;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}反向代理配置详解
Nginx反向代理将外部请求转发到后端应用服务器,是生产环境中隔离应用层和网络层的标准方案:
server {
listen 443 ssl http2;
server_name api.yourdomain.com;
ssl_certificate /etc/letsencrypt/live/api.yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/api.yourdomain.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
# 安全响应头
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
add_header X-XSS-Protection "1; mode=block";
add_header Strict-Transport-Security "max-age=31536000" always;
location / {
proxy_pass http://127.0.0.1:4000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 90;
proxy_buffering off;
}
}负载均衡配置
Nginx的负载均衡功能可以将流量分发到多个后端服务器或进程,提升整体吞吐量和高可用性:
# 在http块中定义upstream组
upstream backend_pool {
# 轮询(默认,平均分配请求)
server 127.0.0.1:3001;
server 127.0.0.1:3002;
server 127.0.0.1:3003;
# IP哈希(同一客户端IP始终访问同一后端)
# ip_hash;
# 最少连接(优先分配给空闲后端)
# least_conn;
keepalive 32; # 保持与后端的长连接
}
server {
listen 80;
server_name yourdomain.com;
location / {
proxy_pass http://backend_pool;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_http_version 1.1;
proxy_set_header Connection ""; # 启用HTTP/1.1长连接
}
}Nginx缓存与性能优化
配置Nginx代理缓存可以大幅减少后端应用的负载,显著提升响应速度:
# 在http块中定义缓存区域
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=app_cache:10m max_size=1g inactive=60m;
server {
listen 80;
server_name yourdomain.com;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_cache app_cache;
proxy_cache_valid 200 10m; # 200响应缓存10分钟
proxy_cache_valid 404 1m; # 404缓存1分钟
proxy_cache_use_stale error timeout updating;
add_header X-Cache-Status $upstream_cache_status;
}
# 静态文件直接服务(绕过后端)
location /static/ {
root /var/www/myapp;
expires 1y;
add_header Cache-Control "public, immutable";
gzip_static on;
}
}gzip on;
gzip_comp_level 5;
gzip_min_length 256;
gzip_types text/plain text/css application/json application/javascript
text/xml application/xml image/svg+xml;
gzip_vary on;Related Services
Why Anubiz Host
100% async — no calls, no meetings
Delivered in days, not weeks
Full documentation included
Production-grade from day one
Security-first approach
Post-delivery support included
Ready to get started?
Skip the research. Tell us what you need, and we'll scope it, implement it, and hand it back — fully documented and production-ready.