SSL NGINX + SSL IIS Update
Fixid
nginx-forum на nginx.us
Пн Ноя 14 11:14:03 UTC 2011
Здравствуйте, в логах сново появились
такие строчки:
- - [14/Nov/2011:12:04:53 +0300] "GET / HTTP/1.1" 302 154 "-"
"Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20100101 Firefox/8.0" "-"
- - [14/Nov/2011:12:04:58 +0300] "-" 400 0 "-" "-" "-"
- - [14/Nov/2011:12:05:20 +0300] "GET / HTTP/1.1" 200 4142 "-"
"Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20100101 Firefox/8.0" "-"
- - [14/Nov/2011:13:12:14 +0300] "-" 400 0 "-" "-" "-"
- - [14/Nov/2011:13:12:37 +0300] "GET / HTTP/1.1" 200 4144 "-"
"Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20100101 Firefox/8.0" "-"
- - [14/Nov/2011:12:04:53 +0300] "GET / HTTP/1.1" 302 154 "-"
"Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20100101 Firefox/8.0" "-"
- - [14/Nov/2011:12:04:58 +0300] "-" 400 0 "-" "-" "-"
- - [14/Nov/2011:12:05:20 +0300] "GET / HTTP/1.1" 200 4142 "-"
"Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20100101 Firefox/8.0" "-"
2011/11/14 14:02:24 [crit] 11819#0: *26 rename() "/var/www/0000000013"
to "/var/www/" failed (20: Not a directory) while reading upstream,
client: 111.222.333.444, server: www.test.com, request: "GET /
HTTP/1.1", upstream: "https://IIS:500/", host: "www.test.com"
Установка соединения с сайтом идет
очень долго, потом контент отдается за
пару секунд.
Можете подсказать какие есть ошибки в
конф файлах? И что можно еще подправить
для ускорения отклика.
IIS на Win2008
nginx.conf:
user nginx;
worker_processes 4;
worker_rlimit_nofile 100000;
timer_resolution 100ms;
error_log /var/log/nginx/error.log;
#error_log /var/log/nginx/error.log notice;
#error_log /var/log/nginx/error.log info;
pid /var/run/nginx.pid;
events {
worker_connections 5024;
use epoll;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local]
"$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
gzip on;
gzip_static on;
gzip_comp_level 5;
gzip_min_length 1024;
keepalive_timeout 25;
limit_zone myzone $binary_remote_addr 10m;
# Load config files from the /etc/nginx/conf.d directory
include /etc/nginx/conf.d/*.conf;
server {
listen 80 default;
rewrite ^ https://www.test.com/;
}
}
#
# HTTPS server configuration
#
upstream backend-secure {
server www.test.com:443;
}
server {
listen 443 default;
server_name www.test.com ;
server_tokens off;
##########################
# GZIP
##########################
gzip on;
gzip_min_length 15;
gzip_buffers 16 8k;
gzip_proxied any;
gzip_disable "msie6";
gzip_comp_level 5;
#########################
# SSL
#########################
keepalive_timeout 60s;
sendfile on;
tcp_nodelay on;
expires 10s; #сколько хранить кэш
ssl on;
ssl_certificate /etc/nginx/conf.d/certificate.cer;
ssl_certificate_key /etc/nginx/conf.d/rsa.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 20m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
if ($host = "test.com" ) {
rewrite ^ https://www.test.com/;
}
location / {
proxy_pass https://IIS:500/;
proxy_redirect off;
proxy_ignore_client_abort off;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
proxy_ignore_headers Expires Cache-Control;
proxy_hide_header Vary;
proxy_ssl_session_reuse on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# кэш ответа бэкэнда
proxy_store on;
proxy_store_access user:rw group:rw all:r;
proxy_temp_path /var/www/;
root /var/www/;
########################
# proxy
#######################
#proxy_cache on;
}
#######################
# Statistic
#######################
location = /stat {
stub_status on;
access_log off;
allow 111.222.333.444;
deny all;
}
}
Posted at Nginx Forum: http://forum.nginx.org/read.php?21,218301,218301#msg-218301
Подробная информация о списке рассылки nginx-ru