Nginx series

Nginx is a lightweight, high-performance Web server software that can be used for forward/reverse proxies, load balancing, static services, caching.

1. High concurrent connection: handle 20,000 to 30,000 concurrent connections, official monitoring can support 50,000 concurrent connections.

2. Small memory consumption: it takes only 150M memory to open 10 Nginx. Nginx handles static resources well and consumes less memory.

Nginx series – Installation

The installation

Download the installation package from the official website

Nginx-1.18.0.tar. gz copy codeCopy the code

Unpack the

Tar -zxvf nginx-1.18.0.tar.gz CD nginx-1.18.0 Copy the codeCopy the code

compile

/configure --prefix=/usr/local/nginx --with-http_ssl_module Copies the codeCopy the code

The installation

Make && make install copies the codeCopy the code

Add to environment variables

Vim /etc/profile export PATH=/usr/local/nginx/sbin:$PATH Copies the codeCopy the code

The extension installs other modules, using with-http_stub_status_module as an example

• Example Query the current installation information

  Nginx -v copies the codeCopy the code

The parameters for the current nginx compilation installation can be obtained from

• Recompile, adding a new module after the original parameters

  CD nginx-1.18.0./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module Copies the codeCopy the code

Tip: Because it is an overwrite installation, recompile and use it directly. If not, copy the new nginx command to override the original nginx command

Visit the Nginx home page

The configuration file

/ usr/local/nginx/nginx. Conf duplicate codeCopy the code

File structure

Events {- Number of connections per worker} HTTP {- contains virtual host server{- virtual host location {- directory, agent}}} copy codeCopy the code

Common commands

1. Checking the Configuration File

   Nginx -t -t -c configuration file path difference: the first check the default configuration file path, the second check the specified configuration file copy codeCopy the code

2. Start the

   Nginx nginx -c configuration file path copy codeCopy the code

3. Started, but changed configuration file, graceful start

   Nginx -s reload copy codeCopy the code

4. Shut down

   /nginx -s quit The replication code is not closed until the second request is processedCopy the code

5. The log file is deleted. Reopen the file

   nginx -s reopen
   Copy the code

Nginx Series – Basic configuration

Process design idea

• Once Nginx is started, there is a main process and multiple worker processes, as shown below

The main process ID is 11086 and belongs to the root user. The working process ID is 16600 and belongs to the nobody user.

The number of users and working processes of the preceding processes can be configured in the main section of the nginx.conf file

The default user is nobody. You can specify a user or user group, for example, user tuser tgroup.

Worker_processes Specifies the number of working processes, usually twice the total number of CPU cores

Error_log Indicates the path and level of error logs. Error logs are enabled by default. To disable this function, set it to error_log /dev/null

Pid Indicates the path to the file that records the id of the main process

• Main and worker processes

The main process receives the client request, and then hands it to the worker process to process, thus making good use of the computing power of the multi-core CPU; When the reload command is executed, the main process waits for the worker process to complete its work before terminating it, and then recreates the worker process based on the new configuration to avoid interruptions during the work process. Because the main process does not stop during the entire process, client requests are not missed

Custom error pages

Assume that the HTTP service is configured for Nginx

location /merch { alias html; index index.html; } Duplicate codeCopy the code

Specify error code pages based on local files

error_page 400 403 404 /40x.html; location = /40x.html { root html; } Duplicate codeCopy the code

Access /merch with response code 200

Access /merch/123 and redirect to 40x.html

Specify the error code page based on the online page

error_page 400 403 404 https://juejin.cn/post/6922838161647206407; Copy the codeCopy the code

Change response code

In the preceding two processing modes, the response code obtained by the request is the same as the error code specified by error_page. However, how do I customize the response code

Specifies the exact response code after the conversion

error_page 400 403 404 =200 /40x.html; location = /40x.html { root html; } Duplicate codeCopy the code

Accessing /merch/123 redirects you to 40x.html, but the response code is 200 instead of 404

The exact code value is determined by the actual processing result after redirection. The value can be set as follows

error_page 400 403 404 = /40x.html; location = /40x.html { root html; } Duplicate codeCopy the code

Accessing /merch/123 redirects you to 40x.html, but the response code is 200 instead of 404

Delete the 40x.html page from the server, revisit /merch/123, return 404 because the file no longer exists

Tips1: error_page directive can be configured in HTTP, server, location

Tips2: Nginx-1.18.0 requires the preceding configuration. Earlier versions, such as 1.xx, require additional configuration

Nginx series – Access control

The task of access control is to ensure that network resources are not accessed illegally

Permission control commands -deny and allow

Instruction format

Deny IP/IP segment /all Allow IP/IP segment /all Replication codeCopy the code

The rules

When multiple permission control instructions appear in the same block, the instruction setting that appears first will cover the instruction range that appears later, and the uncovered scope still takes effect. The covered scope is subject to the instruction that appears first

Multiple permission commands appear in multiple blocks (HTTP /server/location). The permission level in the inner block is higher than that in the outer block. Note that the permission level is not overwritten

That is, if the intersection of multiple instruction ranges in the same block is taken, the inner block instructions in different blocks will take effect

A simple example

location / { root html; index index.html index.htm; } Duplicate codeCopy the code

Access /, normal display

Add a deny all; — Disable all access

location / { root html; index index.html index.htm; deny all; } Duplicate codeCopy the code

Access/display prohibited

Permission control directive -location

Instruction format

location [=|^~|~|~*] URI {... } Duplicate codeCopy the code

The rules

= Matches the URI exactly

^~ Matches that begin with the specified URI, non-regular expressions (maximum prefix matches, a special case of maximum prefix matches)

~ re matches urIs and is case sensitive

~* Re matches urIs, case insensitive

Maximum prefix match: Matches the location of the longest URI

The priorities of the preceding rules decrease. Once matched, they will not be matched downward

The sample

1. Root is different from alias

location /merch { root html; index index.html; } Duplicate codeCopy the code

Access/merch,

Change root to alias

location /merch { alias html; index index.html index.htm; } Duplicate codeCopy the code

Visit /merch, normal display

Here are the rules:

If root is set to access /merch, the actual address of the file accessed after the match is HTML /merch/index.html

If the alias is set to /merch, the actual address of the file accessed after the /merch match is HTML /index.html

The difference is whether the URI after the location directive is used to find the actual resource file

2. To be added

Nginx series – Logs

Effective usage logs facilitate statistics and troubleshooting for project development and maintenance. Nginx records access logs and error logs

Access log

Each request made by a client to access Nginx is recorded. The log format is specified by log_format. The log path and cache size are specified by access_log

The default log

Access logging is enabled by default. The default configuration is as follows

1. The log_format directive can only be used in HTTP blocks;

Log Format description

$remote_addr Records the address of the client accessing the site; $http_x_forwarded_for Specifies the web node to record the configuration of the x_forwarded_for address. This parameter takes effect only when the x_forwarded_for is set on the proxy server. $remote_user User name of the remote client; $time_local Records the access time and time zone. $request Indicates the start line of the user's HTTP request. $status INDICATES the HTTP status code, such as 200, 404, and 301. $body_bytes_sent Number of bytes of the response body sent by the server to the client; $http_referer = $http_referer = $http_referer; $http_user_agent Records client access information, such as web browsers and mobile phone clients. Copy the codeCopy the code

2. Access_log can be in the HTTP /server/location block

Instruction format

access_log off; Access_log path [format [buffer=size [flush=time]] [if=condition]]; access_log path format gzip[=level] [buffer=size] [flush=time] [if=condition]; access_log syslog:server=address[,parameter=value] [format [if=condition]]; -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- - description: Gzip [=level # Indicates the compression level [if = condition] # Indicates other conditions This parameter does not need to be configured. For optimization in extreme cases. See follow-up instructions for how to use -------------------------Copy the code

3. View access logs

Tailf logs/access.log copies the codeCopy the code

Access /merch, nginx access log as shown below

Custom Logs

1. Set the log format myLog

log_format myLog '[ip:] $remote_addr - [user_agent:]$remote_user [time:][$time_local] "[request:] $request" ' '[status:]  $status [referer:] "$http_referer" ' '[user_agent:] "$http_user_agent" [forward:] "$http_x_forwarded_for"'; access_log logs/myAccess.log myLog buffer=2k flush=5s; Copy the codeCopy the code

Buffer and flush are used. What are the rules

Buffer can be configured separately to use flush. Using only Flush causes an error

When the cache reaches the buffer limit, it is written to disk

If the buffer size is not reached after the flush time, it will be written to disk

2. View access logs in the specified format

How to Disable Logging

access_log off; Copy the codeCopy the code

The error log

The default configuration

Error logging is enabled by default. The default Settings are as follows

Visit /merch/fdsa to view the error log

Custom Logs

1. Custom log formats are not supported

2. Customize storage paths and levels

Error_log log path [notice | info] can be configured with HTTP/server/location piece of duplicate codeCopy the code

How to Disable Logging

Error_log /dev/null Replication codeCopy the code

Log file cutting

Core commands

The nginx -s reload configuration file is reopen but the reopen file does not exist. The reload configuration file is regenerated by running the nginx -s reload command. After a test, it is found that the function of the nginx -s reload file is reopen. Log cutting files usually do not use this command to copy codeCopy the code

How to do it

1. Create the log cutting script autolog.sh

! /bin/bash logPath = /usr/local/nginx/logs; Mv $logPath/access.log $logPath/ 'date +%Y%m%d%H% m'Copy the code

2. Add the system to the scheduled task list

Crontab -e - edit crontab 0 0 * * * / usr/local/nginx/logs/autoLog sh > / dev/null 2 > &1 crontab -l - view the timing task listCopy the code

3. Time format of cron

* * * * * -- -- -- -- - | | | | | | | | | + -- -- -- -- -- in the week a few (0 to 6) to 0 (Sunday) | | | + -- -- -- -- -- -- -- -- -- -- month (1-12) | | + -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- How many days in a month (1-31) | + -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- hours (0-23) + -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- minutes (0-59) formats: F1 F2 F3 F4 F5 program If f1 is *, the program will be executed every minute, if f2 is *, the program will be executed every hour, and so on. If f1 is a-b, the program will be executed from minute A to minute B, and if F2 is a-b, the program will be executed from hour A to hour B. If f1 is */n, the command is executed once every n minutes. If f2 is */n, the command is executed once every n hours. If f1 is a, B, C... A, B, C... Minutes to execute, f2 is a, b, c... A, B, C... /bin/ls: * * * * * /bin/ls: /usr/bin/backup: /usr/bin/backup: 0 6-12/3 * 12 * /usr/bin/backup Send a letter Monday to Friday at 5:00pm daily to [email protected]: 0 17 * * 1-5 mail -s "hi" [email protected] < / TMP/mailData midnight 0:20, 2:20, 4:20.... every day of each month Run echo "haha" : 20 0-23/2 * * * echo "haha"Copy the code

Nginx series – Virtual host

What is a Virtual host

Virtual host technology refers to a physical server divided into multiple disk space, each disk space is a virtual host, each virtual host can provide independent external Web services, and complementary interference. Outsiders, virtual host is a stand-alone server host, this means that users can use the domain name of the virtual machine to site deployed on the same server, and don’t have to set up a website to buy a server alone, solve the problem of the maintenance of server technology, both at the same time, greatly saving the server hardware costs and associated maintenance costs

How to configure a virtual host

Port-based Configuration

A single Nginx listens on multiple ports and distinguishes different websites based on different port numbers

server { listen 80; server_name localhost; } server { listen 81; server_name localhost; } Duplicate codeCopy the code

Access to the system

http://172.16.116.250:80/ http://172.16.116.250:81/ to copy codeCopy the code

Ip-based Configuration

You can bind one physical NIC with multiple IP addresses by setting an IP alias.

In the case of multiple network adapters, the IP address can be configured based on IP addresses

server { listen 80; Server_name 172.16.116.251; } server { listen 80; Server_name 172.16.116.252; } Duplicate codeCopy the code

Access to the system

http://172.16.116.251:80/ http://172.16.116.252:80/ to copy codeCopy the code

Domain-based Configuration

In a real online environment, a website can be accessed only if it requires a domain name and a public IP address

IP is cumbersome and requires a fixed fee. To facilitate learning and testing, you can use hosts provided by the system

To set up several virtual domain names and resolve them to specified IP addresses

Nginx. Conf configuration

server { listen 80; server_name test1.com.cn; } server { listen 80; server_name test2.com.cn test3.com.cn; } Duplicate codeCopy the code

Configuration of/etc/hosts

197.208.11.198 test1.com.cn 197.208.11.198 test2.com.cn test3.com.cn; Copy the codeCopy the code

Access to the system

http://test1.com.cn:80/ http://test2.com.cn:80/ http://test3.com.cn:80/ Copy the codeCopy the code

Tips1: server_name Supports regular expressions, such as *.com. Cn, which can match test1.com.cn test2.com.cn test3.com.cn

Setting a directory List

A simple example

Nginx does not allow entire directories to be listed by default, so a 403 error is reported when a user accesses a site or directory that does not have the default index file set by the index directive. The following configuration

location / { root html; index index.html index.htm; } Duplicate codeCopy the code

Delete index files index.html and index.htm under the HTML directory files

Visit /, as shown below

Enable the directory list function. If the preceding situation occurs, the files in the site or directory can be displayed in a list

location / { root html; index index.html index.htm; autoindex on; } Duplicate codeCopy the code

Visit /, as follows

The core instruction

autoindex on; autoindex_exact_size off/on; -- The default value is on and the file size is displayed in byte. If the value is off, the file size is displayed in kB, MB, or GB. Autoindex_localtime OFF /on -- Off indicates Greenwich Mean Time (GMT). On indicates the time of the file server, usually Beijing Time (8 hours ahead of GMT).Copy the code

Nginx series – Load balancing

The reverse proxy

Take a look at reverse proxy before load balancing

What is a Reverse proxy?

The so-called reverse proxy refers to that the client accesses the target server. In fact, the target server is a proxy server, forwards the client’s request to the back-end server on the internal network for processing, and returns the response result from the back-end server to the client

There is a reverse proxy, and it is easy to imagine if there is a forward proxy. Ness, it is true. What is forward proxy?

The so-called forward proxy refers to that the client accesses the target server, actually through the intermediate proxy server to access, the proxy server will send the request to the specified target server, and will get the response result from the target server back to the client

Reverse proxy features

Security: The client user of the reverse proxy can access the proxy server only through the Internet, and the user does not know that he accesses a proxy server. The reverse proxy server stores real processing on the Intranet server, effectively improving network security

Function: Provides the server behind the firewall for Internet users to access, and provides load balancing and caching functions for multiple back-end servers

What are the characteristics of forward proxies

Security: Clients can hide their information to access any website, so security measures must be taken to ensure that services are provided only for authorized clients

Functionality: It is used to provide Intranet users within the firewall with access to Internet services

Reverse proxy for Nginx

This is implemented using the proxy_pass command from the ngx_http_proxy_module module in the following format

Proxy_pass URL proxy_set_header Change the request information from the client before sending it to the backend server proxy_CONNECt_TIMEOUT Set the timeout period for Nginx to try to establish a connection with the backend proxy server... Copy the codeCopy the code

Configure nginx.conf to reverse proxy to baidu home page

location / { proxy_pass https://www.baidu.com/; } Duplicate codeCopy the code

Visit /(not directly visit baidu home page), as shown below

Tips1: client requests are reversely forwarded to the public network Baidu service for processing, which is generally not used in this way. Generally, Nginx acts as the reverse proxy server of a group of Intranet application server clusters, and Nginx communicates with the application server cluster through the Intranet to ensure security

Load balancing

What is load balancing

The so-called load balancing is to spread the load among multiple operation units to improve service availability and response speed, and bring better user experience. Nginx implements load balancing using the upstream command in the following format

Upstream {server 195.9.116.18; Server 195.9.116.19; } Duplicate codeCopy the code

Load Balancing Policy

Tips1 indicates that the proxy server forwards client requests to a cluster of application servers, so which application server processes the requests? This requires a load balancing policy. Nginx supports the following policies:

Polling – By default, each request is allocated to the unavailable back-end server one by one in chronological order for processing. If a server is down, the request is automatically rejected

Upstream example_test {server 127.0.0.1:8080; Server 127.0.0.1:8081; Server 127.0.0.1:8082; Server 127.0.0.1:8083; } Duplicate codeCopy the code

Weight – Use weight to specify the weight ratio of polling, proportional to the hit rate, used in the case of uneven back-end server performance; The total weight is a cycle, and the proportion of requests allocated by each server in a cycle is the ratio of the weight of the server, but the requests allocated are distributed according to the algorithm, rather than continuous allocation

Upstream example_test {server 127.0.0.1:8080 weight=1 max_fails=1 fail_timeout=2; Server 127.0.0.1:8081 weight=3 max_fails=1 fail_timeout=2; 8082 backup server 127.0.0.1:; Server 127.0.0.1:8083 down; } Duplicate codeCopy the code

Ip_hash – Each request is allocated according to the hash result of the access IP address, which resolves the session sharing problem. If a server has a problem, the request will be sent to the server and cannot be automatically rejected. When a machine is known to be down, manually set the down IP to down (add the keyword down), which can be removed and hashed to other machines.

upstream example_test { ip_hash; Server 127.0.0.1:8080; Server 127.0.0.1:8081; Server 127.0.0.1:8082; Server 127.0.0.1:8083 down; } Weight and backup copy codes are not supportedCopy the code

Fair – The response time of each server to allocate requests, the response time of the server to allocate requests first; A third-party module needs to be installed

upstream example_test { fair; Server 127.0.0.1:8080; Server 127.0.0.1:8081; } Duplicate codeCopy the code

Url_hash – Allocates requests based on the hash value of the url accessed; A third-party module needs to be installed

upstream example_test {
     hash  $request_uri;
     server 127.0.0.1:8080;
     server 127.0.0.1:8081;
}
Copy the code