一种比较激进的nginx下载配置:
server {
listen 80;
listen 443 ssl;
server_name woosync.net;
# SSL配置保持不变
ssl_certificate /ssl/woosync.net.pem;
ssl_certificate_key /ssl/woosync.net.key;
ssl_session_cache shared:SSL:5m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
# 启用sendfile优化
sendfile on;
sendfile_max_chunk 512k; # 限制单次sendfile调用的数据量
tcp_nopush on; # 优化网络传输
tcp_nodelay on; # 禁用Nagle算法,减少延迟
# 增加读取超时时间
proxy_connect_timeout 60;
proxy_send_timeout 600;
proxy_read_timeout 600;
keepalive_timeout 65;
# 增加buffer大小
proxy_buffer_size 128k;
proxy_buffers 8 256k;
proxy_busy_buffers_size 512k;
proxy_temp_file_write_size 512k;
# 启用异步IO和直接IO
aio threads;
directio 8m; # 大文件使用直接IO
directio_alignment 512;
location / {
proxy_pass http://127.0.0.1:9092;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 启用proxy缓冲
proxy_buffering on;
# 启用压缩
gzip on;
gzip_min_length 1000;
gzip_comp_level 6;
gzip_types application/octet-stream
application/vnd.android.package-archive
application/zip;
gzip_vary on;
# 启用断点续传
if_range on;
add_header Accept-Ranges bytes;
}
location /static {
alias /var/www/enen/static;
# 静态文件缓存
expires 30d;
add_header Cache-Control "public, no-transform";
# 针对大文件的优化
aio threads;
directio 8m;
# 启用压缩
gzip on;
gzip_static on; # 如果有预压缩文件则直接使用
}
}
一种比较保守的nginx配置:
server {
listen 80;
listen 443 ssl;
server_name woosync.net;
# SSL配置保持不变
ssl_certificate /ssl/woosync.net.pem;
ssl_certificate_key /ssl/woosync.net.key;
ssl_session_cache shared:SSL:5m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
# 基础文件传输优化 - 这些是非常安全的配置
sendfile on;
tcp_nopush on;
tcp_nodelay on;
# 适当的超时设置 - 这些值比较保守
proxy_connect_timeout 60;
proxy_send_timeout 300;
proxy_read_timeout 300;
keepalive_timeout 65;
# 适度的buffer配置 - 不会占用过多内存
proxy_buffer_size 64k;
proxy_buffers 4 128k;
proxy_busy_buffers_size 256k;
location / {
proxy_pass http://127.0.0.1:9092;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 启用proxy缓冲
proxy_buffering on;
# 启用基础gzip压缩 - 使用保守的压缩级别
gzip on;
gzip_min_length 1000;
gzip_comp_level 4; # 降低到4,减少CPU使用
gzip_types application/octet-stream
application/vnd.android.package-archive;
# 启用断点续传
add_header Accept-Ranges bytes;
}
location /static {
alias /var/www/enen/static;
# 基础缓存配置
expires 7d;
add_header Cache-Control "public";
}
}
