Конфиг вот такой вот
Код: Выделить всё
user www;
worker_processes 2;
timer_resolution 100ms;
worker_rlimit_nofile 8192;
worker_priority -5;
events {
worker_connections 1024;
}
http {
include /usr/local/etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] $status '
'"$request" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_names_hash_bucket_size 512;
upstream backend {
server 91.209.210.24:81 weight=4 max_fails=10 fail_timeout=15s;
server 91.209.210.25:81 weight=4 max_fails=10 fail_timeout=15s;
}
upstream backend_local {
server 172.16.8.207:81;
}
server {
listen *:80;
server_name 91.209.210.24;
client_max_body_size 101M;
location ~ /.svn/ { deny all; }
location = /stat {
stub_status on;
access_log off;
allow 172.16.8.121;
deny all;
}
}
#REDIRECT HTTP -> HTTPS JUR-PERSON
server {
listen *:80;
server_name jur-person.industrialbank.ua;
#redirect
location / {
rewrite ^/(.*) https://jur-person.industrialbank.ua permanent;
}
}
#JUR-PERSON
server {
listen *:443;
#listen *:80;
server_name .jur-person.industrialbank.ua;
#rewrite ^(.*) https://$server_name$1 permanent;
client_max_body_size 101M;
access_log /var/log/nginx/jurperson.log main;
error_log /var/log/nginx/jurperson_error.log info;
ssl on;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_session_timeout 5m;
ssl_prefer_server_ciphers on;
ssl_certificate /usr/local/www/industrial/s2/wildcard.industrialbank.ua.2011.intermediate.crt;
ssl_certificate_key /usr/local/www/industrial/s2/wildcard.nopass-industrialbank.ua.key;
#Main location
location / {
fastcgi_pass backend;
fastcgi_index index.php;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param REDIRECT_STATUS 200;
include fastcgi_params;
proxy_pass http://backend;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
location ~ /.svn/ { deny all; }
location = /stat {
stub_status on;
access_log off;
allow 172.16.8.121;
deny all;
}
#Otdacha statiki
location ~* ^.+\.(jpg|jpeg|gif|png|tif|tiff|ico|css|cms|bmp|js|swf|rar|zip|7zip|exe|com|doc|docx|xls|xlsx|pdf)$ {
root /usr/local/www/industrial/jur-person/public-html/;
}
}
server {
listen *:80;
server_name .ipp.industrialbank.zp.ua;
client_max_body_size 101M;
access_log /var/log/nginx/oldsites.log main;
error_log /var/log/nginx/oldsites_error.log debug;
#Main location
location / {
fastcgi_pass backend_local;
fastcgi_index index.php;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param REDIRECT_STATUS 200;
include fastcgi_params;
proxy_pass http://backend_local;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header SSL YES;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
location = /stat {
stub_status on;
access_log off;
allow 172.16.8.121;
deny all;
}
#Otdacha statiki
location ~* ^.+\.(jpg|jpeg|gif|png|ico|tif|tiff|css|cms|bmp|js|swf|pdf|doc|docx|xls|xlsx|rar|zip|7zip|mp3|avi|exe|bat|com)$ {
root /usr/local/www/industrial/old-sites/;
limit_rate_after 2k;
limit_rate 1k;
}
}
server {
listen *:80;
server_name http://www.industrialbank.zp.ua;
client_max_body_size 101M;
access_log /var/log/nginx/oldsites.log main;
error_log /var/log/nginx/oldsites_error.log info;
#Main location
location / {
fastcgi_pass backend;
fastcgi_index index.php;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param REDIRECT_STATUS 200;
include fastcgi_params;
proxy_pass http://backend;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header SSL YES;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
location ~ /.svn/ { deny all; }
location = /stat {
stub_status on;
access_log off;
allow 172.16.8.121;
deny all;
}
#Otdacha statiki
location ~* ^.+\.(jpg|jpeg|gif|png|ico|tif|tiff|css|cms|bmp|js|swf|pdf|doc|docx|xls|xlsx|rar|zip|7zip|mp3|avi|exe|bat|com)$ {
root /usr/local/www/industrial/old-sites/;
limit_rate_after 2k;
limit_rate 1k;
}
}
server {
listen *:443;
listen *:80;
server_name industrialbank.zp.ua;
client_max_body_size 101M;
access_log /var/log/nginx/oldsites.log main;
error_log /var/log/nginx/oldsites_error.log info;
ssl on;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_session_timeout 5m;
ssl_prefer_server_ciphers on;
ssl_certificate /usr/local/www/industrial/s2/wildcard.industrialbank.ua.2011.intermediate.crt;
ssl_certificate_key /usr/local/www/industrial/s2/wildcard.nopass-industrialbank.ua.key;
#Main location
location / {
fastcgi_pass backend;
fastcgi_index index.php;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param REDIRECT_STATUS 200;
include fastcgi_params;
proxy_pass http://backend;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
location ~ /.svn/ { deny all; }
location = /stat {
stub_status on;
access_log off;
allow 172.16.8.121;
deny all;
}
#Otdacha statiki
location ~* ^.+\.(jpg|jpeg|gif|png|ico|tif|tiff|css|cms|bmp|js|swf|pdf|doc|docx|xls|xlsx|rar|zip|7zip|mp3|avi|exe|bat|com)$ {
root /usr/local/www/industrial/old-sites/;
limit_rate_after 2k;
limit_rate 1k;
}
}
server {
listen *:80;
server_name .industrialbank.com.ua;
client_max_body_size 101M;
access_log /var/log/nginx/oldsites.log main;
error_log /var/log/nginx/oldsites_error.log info;
#Main location
location / {
fastcgi_pass backend;
fastcgi_index index.php;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param REDIRECT_STATUS 200;
include fastcgi_params;
proxy_pass http://backend;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header SSL YES;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
location ~ /.svn/ { deny all; }
location = /stat {
stub_status on;
access_log off;
allow 172.16.8.121;
deny all;
}
#Otdacha statiki
location ~* ^.+\.(jpg|jpeg|gif|png|ico|tif|tiff|css|cms|bmp|js|swf|pdf|doc|docx|xls|xlsx|rar|zip|7zip|mp3|avi|exe|bat|com)$ {
root /usr/local/www/industrial/old-sites/;
limit_rate_after 2k;
limit_rate 1k;
}
}
}
Код: Выделить всё
upstream backend {
server 91.209.210.24:81 weight=4 max_fails=10 fail_timeout=15s;
server 91.209.210.25:81 weight=4 max_fails=10 fail_timeout=15s;
}
Код: Выделить всё
Jun 20 17:22:57 unix1 nginx: 91.209.210.23 - - [20/Jun/2011:17:22:57 +0300] 403 "GET / HTTP/1.1" 202 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.100 Safari/534.30" "http_x_forwarded_for"
Jun 20 17:22:58 unix1 nginx: 91.209.210.23 - - [20/Jun/2011:17:22:58 +0300] 403 "GET / HTTP/1.1" 202 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.100 Safari/534.30" "http_x_forwarded_for"
Jun 20 17:22:59 unix1 nginx: 91.209.210.23 - - [20/Jun/2011:17:22:59 +0300] 403 "GET / HTTP/1.1" 202 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.100 Safari/534.30" "http_x_forwarded_for"
Jun 20 17:23:00 unix1 nginx: 91.209.210.23 - - [20/Jun/2011:17:23:00 +0300] 403 "GET / HTTP/1.1" 202 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.100 Safari/534.30" "http_x_forwarded_for"
Jun 20 17:23:01 unix1 nginx: 91.209.210.23 - - [20/Jun/2011:17:23:01 +0300] 403 "GET / HTTP/1.1" 202 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.100 Safari/534.30" "http_x_forwarded_for"
Jun 20 17:23:57 unix1 nginx: 2011/06/20 17:23:57 [info] 4340#0: *46 client timed out (60: Operation timed out) while SSL handshaking, client: 91.209.210.23, server: jur-person.industrialbank.ua
Jun 20 17:23:57 unix1 nginx: 91.209.210.23 - - [20/Jun/2011:17:23:57 +0300] 408 "-" 0 "-" "-" "http_x_forwarded_for"
Jun 20 17:24:41 unix1 nginx: 91.209.210.23 - - [20/Jun/2011:17:24:41 +0300] 403 "GET / HTTP/1.0" 202 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; InfoPath.1)" "http_x_forwarded_for"
Jun 20 17:25:40 unix1 nginx: 2011/06/20 17:25:40 [info] 4340#0: *52 kevent() reported that client 91.209.210.23 closed keepalive connection
Jun 20 17:26:27 unix1 nginx: 91.209.210.23 - - [20/Jun/2011:17:26:27 +0300] 403 "GET / HTTP/1.1" 202 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.100 Safari/534.30" "http_x_forwarded_for"
Jun 20 17:26:28 unix1 nginx: 2011/06/20 17:26:28 [info] 4340#0: *55 client closed prematurely connection while SSL handshaking, client: 91.209.210.23, server: jur-person.industrialbank.ua
Jun 20 17:26:28 unix1 nginx: 91.209.210.23 - - [20/Jun/2011:17:26:28 +0300] 400 "-" 0 "-" "-" "http_x_forwarded_for"
Jun 20 17:26:28 unix1 nginx: 91.209.210.23 - - [20/Jun/2011:17:26:28 +0300] 403 "GET / HTTP/1.1" 202 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.100 Safari/534.30" "http_x_forwarded_for"
Jun 20 17:26:29 unix1 nginx: 91.209.210.23 - - [20/Jun/2011:17:26:29 +0300] 403 "GET / HTTP/1.1" 202 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.100 Safari/534.30" "http_x_forwarded_for"
Jun 20 17:26:30 unix1 nginx: 91.209.210.23 - - [20/Jun/2011:17:26:30 +0300] 403 "GET / HTTP/1.1" 202 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.100 Safari/534.30" "http_x_forwarded_for"
Jun 20 17:26:30 unix1 nginx: 91.209.210.23 - - [20/Jun/2011:17:26:30 +0300] 403 "GET / HTTP/1.1" 202 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.100 Safari/534.30" "http_x_forwarded_for"
Jun 20 17:26:31 unix1 nginx: 91.209.210.23 - - [20/Jun/2011:17:26:31 +0300] 403 "GET / HTTP/1.1" 202 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.100 Safari/534.30" "http_x_forwarded_for"
Jun 20 17:28:53 unix1 nginx: 178.95.59.227 - - [20/Jun/2011:17:28:53 +0300] 403 "GET /?task=selected HTTP/1.1" 202 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; EasyBits GO v1.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" "http_x_forwarded_for"
Jun 20 17:29:10 unix1 nginx: 91.209.210.23 - - [20/Jun/2011:17:29:10 +0300] 403 "GET / HTTP/1.1" 202 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.100 Safari/534.30" "http_x_forwarded_for"
Jun 20 17:29:11 unix1 nginx: 91.209.210.23 - - [20/Jun/2011:17:29:11 +0300] 403 "GET / HTTP/1.1" 202 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.100 Safari/534.30" "http_x_forwarded_for"
Jun 20 17:29:11 unix1 nginx: 91.209.210.23 - - [20/Jun/2011:17:29:11 +0300] 403 "GET / HTTP/1.1" 202 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.100 Safari/534.30" "http_x_forwarded_for"
Jun 20 17:29:14 unix1 nginx: 2011/06/20 17:29:13 [info] 4341#0: *66 kevent() reported that client 91.209.210.23 closed keepalive connection
Jun 20 17:29:14 unix1 nginx: 91.209.210.23 - - [20/Jun/2011:17:29:13 +0300] 403 "GET / HTTP/1.1" 202 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.100 Safari/534.30" "http_x_forwarded_for"
Jun 20 17:29:19 unix1 nginx: 46.202.229.252 - - [20/Jun/2011:17:29:19 +0300] 403 "GET / HTTP/1.1" 202 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.71 Safari/534.24" "http_x_forwarded_for"
Jun 20 17:29:20 unix1 nginx: 2011/06/20 17:29:20 [error] 4340#0: *63 open() "/usr/local/www/industrial/jur-person/public-html/favicon.ico" failed (2: No such file or directory), client: 46.202.229.252, server: jur-person.industrialbank.ua, request: "GET /favicon.ico HTTP/1.1", host: "jur-person.industrialbank.ua"
Jun 20 17:29:20 unix1 nginx: 46.202.229.252 - - [20/Jun/2011:17:29:20 +0300] 404 "GET /favicon.ico HTTP/1.1" 571 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.71 Safari/534.24" "http_x_forwarded_for"
Jun 20 17:29:46 unix1 nginx: 91.209.210.23 - - [20/Jun/2011:17:29:46 +0300] 403 "GET / HTTP/1.1" 202 "http://site.bank.net/" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.1; .NET4.0C; .NET4.0E)" "http_x_forwarded_for"
Jun 20 17:29:53 unix1 nginx: 2011/06/20 17:29:53 [info] 4341#0: *64 kevent() reported that client 178.95.59.227 closed keepalive connection (54: Connection reset by peer)
Jun 20 17:30:19 unix1 nginx: 91.209.210.23 - - [20/Jun/2011:17:30:19 +0300] 403 "GET / HTTP/1.0" 202 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; InfoPath.1)" "http_x_forwarded_for"
Jun 20 17:30:51 unix1 nginx: 2011/06/20 17:30:51 [info] 4340#0: *73 kevent() reported that client 91.209.210.23 closed keepalive connection
Jun 20 17:31:19 unix1 nginx: 2011/06/20 17:31:19 [info] 4340#0: *75 kevent() reported that client 91.209.210.23 closed keepalive connection
Если где-то затупил подскажите пожалуйста.
Заранее спасибо