静态文件服务配置

Nginx非常适合作为静态文件服务器，提供高效的文件服务。

基本配置

简单配置

server {
    listen 80;
    server_name static.example.com;

    root /var/www/static;
    index index.html index.htm;

    location / {
        try_files $uri $uri/ =404;
    }
}

完整配置

server {
    listen 80;
    server_name static.example.com;

    root /var/www/static;
    index index.html index.htm;

    access_log /var/log/nginx/static.access.log;
    error_log /var/log/nginx/static.error.log;

    # 静态资源
    location ~* \.(jpg|jpeg|png|gif|webp|svg|ico)$ {
        expires 30d;
        add_header Cache-Control "public";
    }

    # CSS和JS
    location ~* \.(css|js)$ {
        expires 30d;
        add_header Cache-Control "public";
    }

    # 字体
    location ~* \.(woff|woff2|ttf|otf|eot)$ {
        expires 1y;
        add_header Cache-Control "public";
    }

    # 禁止访问隐藏文件
    location ~ /\. {
        deny all;
    }
}

文件类型配置

图片文件

location ~* \.(jpg|jpeg|png|gif|webp|svg|ico|bmp)$ {
    expires 30d;
    add_header Cache-Control "public";
    access_log off;
}

CSS和JS文件

location ~* \.(css|js)$ {
    expires 30d;
    add_header Cache-Control "public";
    access_log off;
}

字体文件

location ~* \.(woff|woff2|ttf|otf|eot)$ {
    expires 1y;
    add_header Cache-Control "public, immutable";
    access_log off;
    add_header Access-Control-Allow-Origin "*";
}

视频文件

location ~* \.(mp4|webm|ogg|avi|mov)$ {
    expires 30d;
    add_header Cache-Control "public";
    access_log off;

    # 支持断点续传
    mp4;
    mp4_buffer_size 1m;
    mp4_max_buffer_size 5m;
}

音频文件

location ~* \.(mp3|wav|ogg|flac)$ {
    expires 30d;
    add_header Cache-Control "public";
    access_log off;
}

文档文件

location ~* \.(pdf|doc|docx|xls|xlsx|ppt|pptx)$ {
    expires 7d;
    add_header Cache-Control "public";
}

缓存配置

浏览器缓存

# 短期缓存
location ~* \.(html|htm)$ {
    expires 1h;
    add_header Cache-Control "public";
}

# 中期缓存
location ~* \.(jpg|jpeg|png|gif|css|js)$ {
    expires 30d;
    add_header Cache-Control "public";
}

# 长期缓存
location ~* \.(woff|woff2|ttf|otf|eot)$ {
    expires 1y;
    add_header Cache-Control "public, immutable";
}

禁用缓存

location ~* \.(html|htm)$ {
    expires off;
    add_header Cache-Control "no-cache, no-store, must-revalidate";
}

文件下载

基本下载

location /download/ {
    root /var/www;

    # 下载文件
    autoindex on;
    autoindex_exact_size on;
    autoindex_localtime on;

    # 设置下载文件名
    add_header Content-Disposition "attachment";
}

限速下载

location /download/ {
    root /var/www;

    # 限制下载速度
    limit_rate 1m;

    # 限制连接数
    limit_conn addr 1;
}

大文件下载

location /download/ {
    root /var/www;

    # 支持断点续传
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;

    # 缓冲设置
    sendfile_max_chunk 1m;
    directio 4m;
}

文件列表

启用目录列表

location /files/ {
    root /var/www;

    autoindex on;
    autoindex_exact_size on;
    autoindex_localtime on;
}

自定义目录列表

location /files/ {
    root /var/www;

    autoindex on;
    autoindex_format json;
    autoindex_localtime on;
}

安全配置

禁止访问敏感文件

# 禁止访问隐藏文件
location ~ /\. {
    deny all;
}

# 禁止访问备份文件
location ~ ~$ {
    deny all;
}

# 禁止访问配置文件
location ~* \.(env|git|svn|htaccess|htpasswd)$ {
    deny all;
}

IP访问控制

location /admin/ {
    allow 192.168.1.0/24;
    deny all;
}

基本认证

location /admin/ {
    auth_basic "Restricted Access";
    auth_basic_user_file /etc/nginx/.htpasswd;
}

性能优化

启用sendfile

server {
    listen 80;
    server_name static.example.com;

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;

    root /var/www/static;
}

文件缓存

open_file_cache max=10000 inactive=30s;
open_file_cache_valid 60s;
open_file_cache_min_uses 2;
open_file_cache_errors on;

Gzip压缩

gzip on;
gzip_vary on;
gzip_min_length 1000;
gzip_comp_level 6;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml;

完整示例

生产环境配置

server {
    listen 80;
    server_name static.example.com;

    root /var/www/static;
    index index.html index.htm;

    access_log /var/log/nginx/static.access.log;
    error_log /var/log/nginx/static.error.log;

    # 性能优化
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;

    # 文件缓存
    open_file_cache max=10000 inactive=30s;
    open_file_cache_valid 60s;
    open_file_cache_min_uses 2;
    open_file_cache_errors on;

    # Gzip压缩
    gzip on;
    gzip_vary on;
    gzip_min_length 1000;
    gzip_comp_level 6;
    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml;

    # HTML文件
    location ~* \.html$ {
        expires 1h;
        add_header Cache-Control "public";
    }

    # 图片文件
    location ~* \.(jpg|jpeg|png|gif|webp|svg|ico)$ {
        expires 30d;
        add_header Cache-Control "public";
        access_log off;
    }

    # CSS和JS文件
    location ~* \.(css|js)$ {
        expires 30d;
        add_header Cache-Control "public";
        access_log off;
    }

    # 字体文件
    location ~* \.(woff|woff2|ttf|otf|eot)$ {
        expires 1y;
        add_header Cache-Control "public, immutable";
        access_log off;
        add_header Access-Control-Allow-Origin "*";
    }

    # 视频文件
    location ~* \.(mp4|webm|ogg)$ {
        expires 30d;
        add_header Cache-Control "public";
        access_log off;

        mp4;
        mp4_buffer_size 1m;
        mp4_max_buffer_size 5m;
    }

    # 禁止访问敏感文件
    location ~ /\. {
        deny all;
    }

    location ~ ~$ {
        deny all;
    }

    location ~* \.(env|git|svn|htaccess|htpasswd)$ {
        deny all;
    }
}

总结

静态文件服务配置的关键点：

• 文件类型：根据类型配置不同的缓存策略
• 缓存配置：设置合理的过期时间
• 文件下载：支持断点续传和限速
• 安全配置：禁止访问敏感文件
• 性能优化：sendfile、文件缓存、Gzip压缩

合理配置静态文件服务，提高网站性能和用户体验。