Nginx 教程

主要文档

Nginx功能概述 为什么选择Nginx Nginx安装 常见问题(FAQ) 配置符号参考 调试 nginx 优化 Nginx 运行和控制Nginx

核心模块

Nginx事件模块 Nginx主模块

基本模块

Browser模块 Charset模块 Geo模块 HttpAccess模块 HttpAuthBasic模块 HttpAutoindex模块 HttpEmptyGif模块 HttpFcgi模块 HttpGzip模块 HttpHeaders模块 HttpIndex模块 HttpIndex模块. HttpLimit zone HttpLimitReqest模块 HttpLog模块 HttpProxy模块 HttpRewrite模块 HttpSSI模块 HttpUserId http核心模块 map Memcached

其他模块

Addition模块 EmbeddedPerl flv GooglePerftools HttpDav模块 HttpGeoIP HttpGzipStatic HttpImageFilter HttpRealIp HttpSecureLink HttpSSL HttpSubstitution HttpXSLT RandomIndex StubStatus模块

mail模块

MailAuth MailCore MailProxy MailSSL

安装

nginx php-fpm安装配置 nginx在fedora上的安装 nginx在freebsd上的安装 nginx在ubuntu上的安装 nginx在windows上的安装

配置示例和方法

HWLoadbalancerCheckErrors nginx防盗链 负载均衡 完整例子 完整例子2 虚拟主机

MailSSL

This module ensures SSL/TLS support for POP3/IMAP/SMTP. Configuration is practically identical to the configuration of the HTTP SSL module, but checking client certificates is not supported.
这个模块使得POP3/IMAP/SMTP可以使用SSL/TLS.配置已经定义了HTTP SSL模块,但是不支持客户端证书检测。

ssl

syntax:*ssl*on | off

default:*ssl off*

context:*mail, server*

Enables SSL/TLS for this virtual server.
在虚拟服务器中启用SSL/TLS

ssl_certificate

syntax:*ssl_certificate*file

default:*cert.pem*

context:*mail, server*

Indicates file with the certificate in PEM format for this virtual server. The same file can contain other certificates, and also secret key in PEM format.
显示虚拟服务器上的PEM格式的证书文件。同一文件可以包含其他的证书和包含PEM格式的安全码。

ssl_certificate_key

syntax:*ssl_certificate_key*file

default:*cert.pem*

context:*mail, server*

Indicates file with the secret key in PEM format for this virtual server.
显示虚拟服务器中PEM格式的安全码文件

ssl_ciphers

syntax:*ssl_ciphers file*ciphers

default:*ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP*

context:*mail, server*

Directive describes the permitted ciphers. Ciphers are assigned in the formats supported by OpenSSL.
指令描述了容许的SSL chiphers.chiphers都被使用了OpenSSL支持的格式.

ssl_prefer_server_ciphers

syntax:*ssl_prefer_server_ciphers*on | off

default:*off*

context:*mail, server*

Requires protocols SSLv3 and TLSv1 server ciphers be preferred over the client's ciphers.
需要SSLv3协议,TLSv1 服务器端米阿么优先于客户端密码

ssl_protocols

syntax:*ssl_protocols*[SSLv2] [SSLv3] [TLSv1]

default:*SSLv2 SSLv3 TLSv1*

context:*mail, server*

Directive enables the protocols indicated.
指令显示协议

ssl_session_cache

syntax:*ssl_session_cache*[builtin[:size [shared:name:size]

default:*builtin:20480*

context:*mail, server*

The directive sets the types and sizes of caches to store the SSL sessions.
指令设置了类型和存储SSL 会话的缓存的大小.
The cache types are:
缓存类型为:

  • builtin -- the OpenSSL builtin cache, is used inside one worker process only. The cache size is assigned in the number of the sessions.
    builtin -- OpenSSL内部缓存,这个只在内部工作进程中被使用.这个缓存大小等同于会话的个数。
  • shared -- the cache is shared between all worker processes. The size of cache is assigned in the bytes, 1 MB cache can contain about 4000 sessions. Each shared cache must have arbitrary name. Cache with the same name can be used in several virtual servers.
    shared -- 这个缓存被所有工作进程共享.这个缓存大小用字节标识,1M缓存可以包含大约4000个会话。每个共享缓存都有专有的名称。相同名称的缓存可以被多个服务器使用。

It is possible to use both types of cache simultaneously, for example:
可能同时使用2中类型的缓存,例如 

ssl_session_cache  builtin:1000  shared:SSL:10m;

However, the only shared cache usage without that builtin should be more effective.
然而,共享缓存只有在内部缓存之外使用才能产生更好的效果。

ssl_session_timeout

syntax:*ssl_session_timeout*time

default:*5m*

context:*mail, server*

Assigns the time during which the client can repeatedly use the parameters of the session, which is stored in the cache.
在使用中客户端重复使用的会话参数被存储在缓存中。

starttls

syntax:*starttls on | off | only*

default:*off*

context:*mail, server*

  • on - permit the use of commands STLS for POP3 and STARTTLS for IMAP/SMTP
    on - 容许在POP3中的STLS命令和IMAP/SMPT中的STARTTLS命令
  • off - do not allow command STLS/STARTTLS
    不容许 STLS/STARTTLS命令
  • only - announce STLS/STARTTLS support and require that clients use TLS encryption
    only - 宣布支持 STLS/STARTTLS但是需要客户端使用TLS加密