nginx
Use this skill for Nginx 配置、发布与故障排查(ops)。
Defaults / assumptions to confirm
- •Nginx distribution and version (open source vs Plus)
- •Deployment: bare metal/VM, Docker, or Kubernetes ingress-controller
- •TLS termination location and certificate management
- •Upstream architecture (services, ports, health endpoints)
Workflow
- •Understand traffic and requirements
- •Domains, paths, upstream services, expected QPS.
- •Timeouts, max upload size, websocket needs.
- •Caching requirements and security constraints.
- •Safe baseline config
- •Use explicit
server_name,listen, anddefault_serverstrategy. - •Set
client_max_body_sizeintentionally. - •Configure
proxy_*headers correctly (Host, X-Forwarded-For, X-Request-Id). - •Define
error_pagehandling and static error responses if needed.
- •TLS / security
- •Use modern TLS settings; disable legacy protocols/ciphers.
- •Enable HSTS where appropriate.
- •Add basic security headers if not handled elsewhere.
- •Rate limit sensitive endpoints (login, OTP) with
limit_req.
- •Performance
- •Enable gzip/brotli if appropriate.
- •Tune keepalive, buffers, and timeouts.
- •Use upstream keepalive and connection reuse.
- •Avoid expensive regex locations on hot paths.
- •Load balancing & resilience
- •Use upstreams with health checks (where available) and failover settings.
- •Configure retries carefully to avoid retry storms.
- •Support websocket upgrade when needed.
- •Observability
- •Access log format with request_id, upstream_time, status, bytes, user agent.
- •Error log level appropriate for production.
- •Export metrics if using nginx-prometheus-exporter or ingress metrics.
- •Troubleshooting checklist
- •4xx: routing, auth, body size, CORS, client IP headers.
- •5xx: upstream failures, timeouts, DNS issues, connection limits.
- •Timeouts:
proxy_read_timeout, upstream latency, buffer/backpressure. - •Performance: worker processes, file descriptors, CPU, TLS overhead.
Outputs
- •Proposed config snippets with rationale.
- •Rollout plan (test config, reload vs restart, rollback steps).
- •Debug report (symptom → evidence → root cause → fix).