Last active
August 25, 2017 05:51
-
-
Save nicky-zs/1c5dc432eb598db9b44111041541ef9a to your computer and use it in GitHub Desktop.
A general nginx config file with openresty health check support.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pid /run/nginx/nginx.pid; | |
| lock_file /run/nginx/nginx.lock; | |
| error_log /opt/logs/nginx/error.log error; | |
| pcre_jit on | |
| worker_processes 4; | |
| worker_priority -10; | |
| events { | |
| worker_connections 4096; | |
| use epoll; | |
| multi_accept on; | |
| } | |
| http { | |
| log_format main '[$time_local] $remote_addr "$http_x_forwarded_for" ' | |
| '$status $scheme "$http_host" "$request" ' | |
| '"$http_referer" "$http_user_agent" ' | |
| '$request_length $content_length $bytes_sent $body_bytes_sent ' | |
| '$request_time $upstream_response_time'; | |
| access_log /opt/logs/nginx/access.log main; | |
| client_body_temp_path /tmp/nginx/client_body_temp; | |
| proxy_temp_path /tmp/nginx/proxy_temp; | |
| fastcgi_temp_path /tmp/nginx/fastcgi_temp; | |
| uwsgi_temp_path /tmp/nginx/uwsgi_temp; | |
| scgi_temp_path /tmp/nginx/scgi_temp; | |
| include mime.types; | |
| default_type application/octet-stream; | |
| keepalive_timeout 65; | |
| sendfile on; | |
| tcp_nopush on; | |
| tcp_nodelay on; | |
| client_body_buffer_size 64k; | |
| client_max_body_size 64m; | |
| client_header_buffer_size 1k; | |
| large_client_header_buffers 4 8k; | |
| output_buffers 1 32k; | |
| postpone_output 1460; | |
| client_header_timeout 10; | |
| client_body_timeout 10; | |
| send_timeout 10; | |
| gzip on; | |
| gzip_min_length 860; | |
| gzip_proxied expired no-cache no-store private auth; | |
| gzip_types text/plain text/css text/xml application/javascript application/json | |
| application/atom+xml application/rss+xml application/xhtml+xml; | |
| gzip_comp_level 6; | |
| gzip_disable msie6; | |
| ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
| ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5; | |
| ssl_session_cache shared:SSL:20m; | |
| ssl_session_timeout 180m; | |
| ssl_prefer_server_ciphers on; | |
| proxy_connect_timeout 5s; | |
| proxy_read_timeout 30s; | |
| proxy_next_upstream off; | |
| proxy_http_version 1.1; | |
| proxy_set_header Connection ""; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| server_tokens off; | |
| more_set_headers 'Server:'; | |
| geo $from_public { | |
| default 1; | |
| 127.0.0.0/8 0; | |
| 10.0.0.0/8 0; | |
| 100.64.0.0/10 0; | |
| 172.16.0.0/12 0; | |
| 192.168.0.0/16 0; | |
| } | |
| server { | |
| listen 80 default_server; | |
| access_log off; | |
| location / { | |
| return 444; | |
| } | |
| location = /status { | |
| if ($from_public) { | |
| return 444; | |
| } | |
| default_type text/plain; | |
| content_by_lua_block { | |
| local hc = require "resty.upstream.healthcheck" | |
| ngx.say("Nginx Worker PID: ", ngx.worker.pid()) | |
| ngx.print(hc.status_page()) | |
| } | |
| } | |
| } | |
| server { | |
| listen 443 ssl default_server; | |
| access_log off; | |
| ssl_certificate /opt/certificates/_.pem; | |
| ssl_certificate_key /opt/certificates/_.key; | |
| location / { | |
| return 444; | |
| } | |
| } | |
| ########## all site config should be in sites-enabled/ ########## | |
| include sites-enabled/*.conf; | |
| ########## put health check scripts for all upstreams below ########## | |
| lua_shared_dict healthcheck_dict 1m; | |
| lua_socket_log_errors off; | |
| init_worker_by_lua_block { | |
| local hc = require "resty.upstream.healthcheck" | |
| local ok, err = hc.spawn_checker { | |
| shm = "healthcheck_dict", -- defined by "lua_shared_dict" | |
| upstream = "some_upstream", -- defined by "upstream" | |
| type = "http", | |
| http_req = "GET /healthcheck HTTP/1.0\r\nHost: upstream.domain\r\n\r\n", -- raw HTTP request for checking | |
| interval = 1000, -- run the check cycle every 1 sec | |
| timeout = 500, -- 0.5 sec is the timeout for network operations | |
| fall = 3, -- # of successive failures before turning a peer down | |
| rise = 2, -- # of successive successes before turning a peer up | |
| valid_statuses = {200, 302}, -- a list valid HTTP status code | |
| concurrency = 10, -- concurrency level for test requests | |
| } | |
| if not ok then | |
| ngx.log(ngx.ERR, "failed to spawn health checker: ", err) | |
| end | |
| -- Just call hc.spawn_checker() for more times here if you have | |
| -- more upstream groups to monitor. One call for one upstream group. | |
| -- They can all share the same shm zone without conflicts but they | |
| -- need a bigger shm zone for obvious reasons. | |
| } | |
| ########## put health check scripts for all upstreams above ########## | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment