nginx.conf.j2 8.06 KB
user  www www;

# setup worker proccess and worker cpu affinity 
worker_processes {{processor_count}};
{% if processor_count == '2' %}
worker_cpu_affinity 01 10;
{% elif processor_count == '4' %}
worker_cpu_affinity 1000 0100 0010 0001;
{% elif processor_count >= '8' %}
worker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000 01000000 10000000;
{% else %}
worker_cpu_affinity 1000 0100 0010 0001;
{% endif %}

pid  logs/nginx.pid;
# [ debug | info | notice | warn | error | crit ]
#error_log  /Data/logs/nginx/nginx_error.log info;
error_log  /Data/logs/nginx/nginx_error.log info;
#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 51200;
 
events
{
       use epoll;
 
       #maxclient = worker_processes * worker_connections / cpu_number
       worker_connections 51200;
}
 
http
{
       include        mime.types;
       default_type  application/octet-stream;
       #charset  gb2312,utf-8;
       charset utf-8;

       log_format fenxi '$remote_addr|$http_x_forwarded_for|[$time_local]|$http_host|$request|'
                        '$status|$body_bytes_sent|$request_time|$upstream_response_time|$upstream_cache_status|$http_referer|'
                        '$http_user_agent|$upstream_addr|'
                        '$real_ip|$request_api_method|$request_uid|$request_udid';
        
       log_format union '$remote_addr|$http_x_forwarded_for|[$time_local]|$http_host|$request|'
                        '$status|$body_bytes_sent|$request_time|$upstream_response_time|$upstream_cache_status|$http_referer|'
                        '$http_user_agent|$upstream_addr|';


       # resolver: local dns servers
       resolver   {% for i in  groups['nameservers'] %}  {{ i }}   {% endfor %};
          
      
       #General Options
       server_names_hash_bucket_size 128;
       client_header_buffer_size 512k;
       large_client_header_buffers 4 512k;
       client_body_buffer_size    8m; #256k 
       #
       #server_tokens off;
       ignore_invalid_headers   on;
       recursive_error_pages    on;
       server_name_in_redirect off;
      
       sendfile                 on;
 
       #timeouts
       keepalive_timeout 75s;
       keepalive_requests 10000;
       #test
       #client_body_timeout   3m;
       #client_header_timeout 3m;
       #send_timeout          3m;

      
       #TCP Options 
       tcp_nopush  on;
       tcp_nodelay on;

       #fastcgi options 
       fastcgi_connect_timeout 300;
       fastcgi_send_timeout 300;
       fastcgi_read_timeout 300;
       fastcgi_buffer_size 64k;
       fastcgi_buffers 4 64k;
       fastcgi_busy_buffers_size 128k;
       fastcgi_temp_file_write_size 128k;

 

       #hiden php version
       fastcgi_hide_header X-Powered-By;
    
       #size limits
       client_max_body_size       50m;

       gzip on;
       gzip_min_length  1k;
       gzip_buffers     4 16k;
       #gzip_http_version 1.0;
       gzip_comp_level 2;
       gzip_types       text/plain application/x-javascript text/css application/xml application/json;
       gzip_vary on; 
       
       add_header x-yh-nginx-dc  {{ dc }}; 
       
      

        fastcgi_temp_path          /dev/shm/fastcgi_temp;
        client_body_temp_path      /dev/shm/client_body_temp; 
        
        # where the lua package exists
        lua_package_path "/Data/local/openresty-1.9.15.1/nginx/conf/lua/?.lua;;";
        init_by_lua_file "conf/lua/init_lua.lua";
        # lua_shared_dict luacachedb  80m;
        lua_shared_dict upstream  20m;
        lua_shared_dict malips  10m;
        lua_shared_dict ngxconf  20m;
        init_worker_by_lua_file "conf/lua/init_config_worker.lua";
	
         #brower service
        upstream brower {
          {% for i in groups['java-brower']  %}
            server {{ i }}:8092;
          {% endfor %}
         
            keepalive 100;
        }
     
	    # uic service
        upstream uic {
          {% for i in groups['java-uic']  %}
             server {{ i }}:8096;
          {% endfor %}
             keepalive 100;
        }
     
	    # review
       upstream review {
          {% for i in groups['java-review']  %}
             server {{ i }}:8063;
          {% endfor %}
             keepalive 100;
        }
      
        # message controller
       upstream message {
          {% for i in groups['java-message-controller']  %}
             server {{ i }}:8087;
          {% endfor %}
             keepalive 100;
        }

        # search
        upstream search{
             {% for i in groups['search-service']  %}
             server {{ i }}:8080;
          {% endfor %}
             keepalive 100;
     
        }

 
      #apigatewaystart
      upstream apigateway {

        {% if upstream_az == 'aws' %} 
              server java-gateway-431f16063270008f.elb.cn-north-1.amazonaws.com.cn:8080 max_fails=5  fail_timeout=3s;   
        {% elif upstream_az == 'az1'%}
           server 10.66.4.112:8080 max_fails=5  fail_timeout=3s;   
        {% else %}
          {% for i in groups['java-gateway'] %}
            server {{ i }}:8080 max_fails=5  fail_timeout=3s;
          {% endfor %}
        {% endif %}

              keepalive	32;
      }
      #apigatewayend
 
 


    # activity
    upstream activityApi{

      {% for i in groups['java-activity'] %}
        server {{ i }}:8090;
      {% endfor %}

       keepalive 100;
     }


    # wechat
    upstream apiWechat {
      
      {% for i in groups['java-wechat']  %}
        server {{ i }}:8094;
      {% endfor %}

       keepalive 100;
    }
    
    # erp gateway
    upstream erpgateway {
      
      {% for i in groups['java-erpgateway'] %}
        server {{ i }}:8089;
      {% endfor %}

       keepalive 100;
    }
  
 

    # union servers
    upstream union_pools {  
       {% for i in groups['java-union'] %}
         server {{ i }}:8088 max_fails=5 fail_timeout=3s;
       {% endfor %}

        keepalive 100;
    }


    #ufo-gateway
    upstream ufogateway {
        {% if upstream_az == 'aws' %} 
              server 172.31.70.86:8080 max_fails=5  fail_timeout=3s;   
        {% elif upstream_az == 'az1'%}
           server  10.66.70.77:8080 max_fails=5  fail_timeout=3s;   
           server  10.66.70.63:8080 max_fails=5  fail_timeout=3s; 
           server  10.66.70.84:8080 max_fails=5  fail_timeout=3s; 
        {% else %}
          {% for i in groups['java-ufo-fore'] %}
            server {{ i }}:8080 max_fails=5  fail_timeout=3s;
          {% endfor %}
        {% endif %}
          keepalive 32;
      }

 
        
   ################ ufo limit #############

      geo $limited {
         default       1;
         # CIDR in the list below are not limited
         10.66.0.0/16  0;
         10.67.0.0/16  0;
         192.168.0.0/16  0;
         172.31.0.0/16  0;
      }
     map $limited $limit {
          1        $binary_remote_addr;
          0        "";
      }

     limit_req_zone $limit zone=limit_ufo:90m rate=30r/s;

     ################ uic limit for mars app #############
      geo $uic_blacklist {
       default 1;
       # CIDR in the list below are limited
       10.66.251.0/24 0;
       192.168.32.0/19 0;
     }

     map $uic_blacklist $limit_uic {
          0        $binary_remote_addr;
          1        "";
      }

     limit_req_zone $limit_uic zone=limit_uic_zone:30m rate=50r/s;
      ##############################################################



       #upstream
       fastcgi_next_upstream error timeout invalid_header http_500;

       #fastcgi cache
       #fastcgi_cache_path /nginxcache levels=1:2 keys_zone=two:10m inactive=1d max_size=3000m;
       #for example just for study! have fun!
	   
	   
       include          vhosts/api.yoho.cn.conf;
       include          vhosts/api_single.yoho.cn.conf;       
       include          vhosts/erp.yoho.yohoops.org.conf;
       include          vhosts/single.conf;
       include          vhosts/union.yoho.cn.conf;
       include          vhosts/api.ufo.conf;
       include          vhosts/y-d.conf;
       include          vhosts/uic.conf;
       include          vhosts/review.conf;
       include          vhosts/message-controller.conf;
       include          vhosts/search.conf;
 }