• 1 What is Nginx
  • 2 为什么是Nginx
    • Because it’s hanging
    • Why are you hanging like that?
  • Nginx: How to use Nginx
    • Preparation work, can not watch
    • Source code compilation installation, do not care about the source code installation can be skipped
    • Get in the car and get some orders
    • Nginx. conf file configuration, can not see the package 😄
    • Nginx reverse proxy & load balancing configuration
  • 4 Nginx advanced, stay tuned

What is the nginx

  • In 2012, it became the second largest Web server in the world
  • Synonymous with high performance Web servers in the industry
  • competitors
1 Apache
2 LighttpedFavored by the European and American circlesnginxSome go all the way)
3 Tomcat("javalanguagewebThe server    Innate is the heavyweight performance withnginxCan't than")
4 Jetty("javalanguagewebThe server     Innate is the heavyweight performance withnginxCan't than")
5 IIS(windowsystem)
Copy the code
  • Based on the REST architecture style, unified resource Locator (URI) and unified resource descriptor (URL) are used as the basis for communication
  • Event-based
  • Highly modular design —–> Numerous third-party modules
  • It runs on many platforms
You can use the efficiency of the current operating systemAPITo improve their performance
supportlinuxOn theepoll.epollIt is a powerful tool for large and network connection
Copy the code

Why Nginx

1. Because it is very hanging, reflected in the following aspects

It must be summed up in one sentence: the ability to support high concurrency while maintaining efficient service

  • fasterFaster response per request
  • High scalabilityThe nginx design is extremely extensible, consisting entirely of multiple modules of different levels/functions/types with very little coupling and nginx modules are executed embedded in binary files
-- --Such asHTTPModule, also designedHTTPFilter module, a normal oneHTTPAfter the module has processed the request, a series ofHTTPThe filter module then filters it.
-- --Let's develop a new oneHTTPModule can be usedHTTPThe core module  eventsThe module  logModule etc. You can also reuse various filter modules freely
Copy the code
  • High reliability
  • Low memory consumption
In general,10000One inactiveHTTP Keep-AliveConnected to theNginxOnly in the consumption2.5Mmemory
Copy the code
  • A single machine supports more than 100,000 concurrent connections
    In theory,NginxThe number of concurrent connections depends only on memory,10Wan Yuan is not capped, of course, and business characteristics are closely linked
Copy the code

  • Hot deployment
Due to themasterManagement process andworkerSeparate design of work processes
makenginxYou can upgrade executables, update configuration items, change log files, and so on without stopping the service
Copy the code
  • Nginx’s architecture is clever
Innate event driven design
A fully asynchronous networkI/OProcessing mechanism
Minimal interprocess switching
Copy the code

  • Strong open source communityTens of thousands of cryptographers have contributed to nGINx
2. Why did you hang like that

Here we focus on the event-driven architecture used by Nginx, which is briefly described below

Generate events
Distribute events
Event source
Event collector collection
The event handler registers the events that interest it and consumes them

Event source: Event generated by a NIC or disk

Event collector: NGINX event module, such as ngx_epoll_module

Consumer: All other modules

Consumers first register the event type they are interested in with the event module, and when that type of event occurs, the event module distributes the event to the corresponding consumer moduleCopy the code

Nginx uses a full event-driven architecture to handle business. How does it differ from a traditional Web server?

  • Traditional Web servers (such as Apache)
    • The so-called event-driven approach adopted by Apache is only embodied in TCP connection setup and closure events
      • From the time a connection is established to the time it is closed, all operations are no longer event operations and degenerate into sequential execution of each operation
      • The entire request occupies CPU memory resources for the duration of the connection without doing anything meaningful
      • Treat a process or thread as an event consumerWhen a request generates an event that is processed by the process, process resources are occupied by the request until the end of the request processing
  • Nginx server
    • Processes or threads are not used as event consumersThe event consumer can only be a module (there is no process here)
    • Only event collectors and distributors are eligible to occupy process resources
  • Important differences
    • In the former, each event consumer monopolizes a process resource, whereas in the latter, event consumers are invoked only briefly by the event distributor process
  • One drawback of nginx’s design
    • That is, each event consumer must not block, otherwise it will tie up the event distributor process for a long time, resulting in other events not being responded to in a timely manner.In particular, each consumer must not put the process to sleep or wait, this has increased the difficulty of the development of the code livestock

Hand to hand teaches you to use Nginx

The preparatory work

The following are the basic packages required for web server functionality

  1. Run the uname -a command to check whether the Linuxe kernel version is 2.6 or later

    Because only linux2.6 and above supports epoll, nginx’s power can be maximized

  2. GCC compiler: yum install -y GCC

    GNU Compile Collection (GCC) can be used to Compile C programs, because sometimes Nginx does not directly provide binary executable programs and needs to Compile them themselves

  3. PCRE library

    Perl regular compatible expression package, a development library for pcRE secondary development in pcre-devel, is also required for nginx development

  4. Yum install -y gzip gzip-devel

    Nginx. conf configures gzip on to compress the content of Http package in gzip format. Zlip-devel is the library needed for secondary development

  5. Yum install -y OpenSSL openssl-devel

    This package is required if you want to use the more secure SSL protocol for HTTP transmission, and if you want to use MD5 or SHA1 packages, you also need the Openssl package

A few directories to know

  1. Nginx source directory, casually put, no one tube you, look at personal preferences
  2. An intermediate directory generated during compilation of Nginx
This directory is used for storageconfigureandmakeAfter command execution, the generated intermediate directory, by default, is producedobjsDirectories are stored in the source directory
Copy the code
  1. Deployment directory Default/usr/local/nginx
storenginxBinaries, configuration files, etc. required during run time.
Copy the code
  1. Directory for storing log files
If you want to studynginxThe underlying architecture, then opendebugAfter logging level, a large number of logs will be generated, so it is better to have a larger disk
Copy the code
Source code compilation and installation
  • /configure && make && make install
    • Here’s a look at some of the shady things these orders do
1 Most jobs areconfigureCommand done, useconfig  --helpTo see what commands are available We are generally concerned with the following
2 --prefix=PATH Installation directory, default is/usr/local/nginx
  --sbin-path=PATHExecutable file prevention path.The default is?<prefix>/sbin/nginx
  --conf-path=PATHConfiguration file path, default is<prefix>/conf/nginx.conf
  --error-log-path=PATHError log file, default<prefix>/logs/error.log
    Later in thenginx.confType error logs for different requests to differentlogIn the file
  --pid-path=PATH pidDirectory for storing files.The default<prefix>/logs/nginx.pid    This file starts withasciiCode to depositnginx masterThe process ofid

For more information, please visit ~~~~

Copy the code

An order you must know

/ usr/local/nginx/sbin/nginx default load command/usr/local/nginx/conf/nginx. Conf

/usr/local/nginx/sbin/nginx -c < Configuration File Directory >To start the non-default configuration/usr/local/nginx/sbin/nginx -p The < directory >To specify the nginx installation directory/usr/local/nginx/Sbin /nginx -g to temporarily specify some global configuration items/usr/local/nginx/sbin/nginx -g "pid /var/nginx/test.pid;"-g does not conflict with the default. Ngix started with -g also needs to add -g to the stop function/usr/local/nginx/sbin/nginx -g "pid /var/nginx/test.pid;"-s stop. If you don't add -g, you can't find pid fileCopy the code

/ usr/local/nginx/sbin/nginx – without t start nginx, will test the configuration file is wrong

/ usr/local/nginx/sbin/nginx – V shows version information

/ usr/local/nginx/sbin/nginx -s stop quickly stop service after processing is currently processing requests, close the service

/ usr/local/nginx/sbin/nginx -s reload running nginx reload nginix. Conf equivalent to kill s SIGHUP < nginx master pid >

/ usr/local/nginx/sbin/nginx -s reopen equivalent to kill s SIGUSR1 < nginx master pid > be able to open the configuration file, so we can put the current log file name or mobile, so that it is not too big

Smooth updates to Nginx

1. Kill -s SIGUSR2 <nginx master pid> will rename nginx.pid to nginx.pid.oldbin

2. Run the following command to start nginx

3. Run the kill -s SIGQUIT < master PID of the old version > command to stop the service of the old version

Nginx configuration
1 The production environment is generally onemasterManage multiple processesworkerThe process,workerProcess andcpuThe number of cores is equal, eachworkerCan be busy to provide service processing.
2 masterProcesses are only responsible forworkerManagement.workerInterprocess communication mechanisms such as shared memory and atomic operation are used to achieve load balancing
3 nginxYes Supports single process (Only onemaster) to provide services. usemaster+workerThe advantages are as follows
    1masterProvides only pure administration work and only command line services.
    2moreworkerProcesses can improve the robustness of services that can take advantage of multiple corescpu
Copy the code

Why does nginx need to set the number of worker processes to the same number of root CPU cores

  1. Each process on Apache can only handle one request at a time, so many processes need to be set up to handle more concurrent requests, and a lot of switching between processes consumes memory resources
  2. However, the number of requests handled by a Worker process of Nginx is only limited by the size of memory, and there is almost no synchronization lock between worker processes to handle concurrent requests, and worker processes will not fall into sleep state. Therefore, when nginx processes have the same number of CPU cores (it is better to bind a kernel to each worker), The cost of process switching is minimal
  3. By binding the process to the CPU, you don’t have multiple processes preempting a CPU, you don’t have synchronization problems, and you achieve full concurrency on the kernel scheduling

Conf file description The nginx configuration file is organized by block configuration items, as shown in the following figure

Global configuration
Name of the block configuration item1 {
    Configuration item name  Configuration items value1  Configuration items value1;
}
Name of the block configuration item2  parameter {
    Configuration item name  Configuration items value1  Configuration items value1;
}
The basic block configuration items are:events  http  server  location  upstreams  Quick configuration items can be nested
The configuration item name must benginxA configuration module that you want to process, otherwise an error will occur
If the configuration item value contains syntax symbols, such as Spaces, you need to quote the configuration item value= = = = = = = =
The unit of the configuration item, if the space size is korm
Some modules allow variables to be used in configuration item values preceded by the prefix$= = = = = =
Copy the code

A specific nginx.conf configuration description may include the following parts, here I write as many as possible ~ convenient for myself to refer to later

  • Global configuration

    • user username [groupname];
      • When the master process starts,fork the worker process to run under the user and user group
      • –user=username –group=groupname
    • daemo on|off; Whether to run the service as a daemon. Default is on
    • master_process on|off; Whether to work in master/worker mode The default value is on
    • error_log /path/file level; Error logs/error.log error by default
      • /dev/null is the only way to turn off error logs
      • If the log level is written as DEBUG, the –with-debug configuration item needs to be added to configure initially
    • woker_rlimit_nofile limit; The maximum number of handle descriptors a worker process can open
    • worker_rlimit_core size;
    • worker_directory path;
      • When a process terminates unexpectedly, nginx dumps the memory contents of the process to a core file so that we can look at the register stack to locate the problem. The above two configurations set the size and directory of this file
    • Env VAR | VAR = VALUE this configuration item allows users to directly manipulate system variables
    • Include/path/file
      • Embed other configuration files in nginx.conf, which can be absolute or relative to the directory where nginx.conf resides
    • Worker_process 4;
    • worder_cpu_affinity 1000 0100 0010 0001
      • The above two configurations bind the WORder process to the CPU implementation
    • Worker_priority Nice Nginx process priority s
  • Event Configuration

    events {

    debug_connection IP;  Only for theip"Is outputdebugLevel logs can be located using this methodbug
    accept_mutex [on|off]; Load balancing lock, enabled by default, is created if disabledTCPLinks take less time, but eachworkerThe load will be very uneven
    lock_file path/file;  acceptThe lock requires this file if it is due to the compilation of the program and the architecture of the operating systemnginxAtomic locking is not supported.I'll do it with a file lockacceptThe lock. If atomic locking is supported, this file is meaningless
    accept_mutex_delay Nms; With file locks, there is only one file at a timeworkerI can get this lock.This lock is not a blocking block,workerIf no, the system returns immediately.And then interval that time to get it.
    multi_accept on|off;Off by default, when the event model notifies the client of a new connection, as much as possible on the scheduleTCPRequests are made to establish connections
    use [poll| select | epoll| kqueue]; Nginx The most appropriate event model is selected by default
    woker_connections  number; eachworkerThe maximum number of connections that a process can process simultaneously
    Copy the code

    }

  • The HTTP module

    Static Web servers are implemented primarily by ngx_HTTP_CORE_module in Nginx. The HTTP module is the basic configuration of a minimal static Web server

    http {

    gzip on;
    server {
         listen address:port;  addressCan beiporhostname
                    inportYou can add some parameters to it As shown below.
                    listen 443 default_server ssl deferred; 
                    deault_serverWhen a request cannot match all domain names, use this as the default processing domain name
                    ssl The current port connection must be based onSSLagreement
                    deferredThe user initiates a connection request, and the connection is completeTCPAfter three handshakes, the kernel does not scheduleworkerProcess to process the link,
                    Only the user actually posted the data(The network adapter receives the request packet)The kernel wakes upworkerProcess to process,
        server_name name ;It can be followed by multiple host names.Separate with a stop sign
                   'nginx Once the request is received, it is removed firstHeaderIn the headerhost, the rootserverIf there are more than one matchesserver,Which one will be selected based on the priority of the matchserver,
                    If you can't find them, use themserver_name Is emptyserverblock'
        server_name_in_redirect on|off The default ison
                   'If it is enabled, search firstserver_name, if not found, look for the request headerHOSTField, if not, to the current server'sIPFor Mosaic
        location [=|~|~*|^~|@] /uri/ {} uriYou can use re in arguments
                   location = / {} The user request is/When the match
                   ~ URICase sensitivity~ *matchingURIIgnore case when^ ~The first half is case-sensitive matching, as in
                        location ^~ /images/ {}In order to/images/ The initial request will all match
                    @saidnginxRedirection between internal requests.Do not process user requests directly
        root path   File path, default isroot html
                    rootThe configuration can also be locatedhttpUnder the module orlocationDown, if it is locatedlocationThe meanings are as follows
                        location /download/ {
                            root /opt/web/html/;
                        }
                        If the user request is/download/test.html,webThe server will return to the server/opt/web/html/download/test.htmlContents of the file
         location /conf { locationThe following configuration description
            alias /usr/local/nginx/conf/
                If the user request is/conf/nginx.conf,The user actually wants access/usr/local/nginx/conf/nginx.conf,You can use italiasconfiguration
                aliasOnly on thelocationIn the
            root path;
            index Home page file;
         }
         error_page code uri|@named_location  Can also belocationBlock configuration
            You can perform the following configuration
                error_code 404 /404.html
                error_code 501 502 504 /50x.html
                error_code 403 http://example.com/forbidden.html
                error_code 404 = @fetch
            You can also change the error code
                error_page 404 =200 /empty.gif
                Or no error code is specified Is determined by the actual processing after redirection
                error_page 404  /empty.gif
            If you don't want to change ituri,I just want to be directed to another onelocation, can be configured as follows
                location / { error_code 404 @fallback
                }
    
    <span class="hljs-keyword">location</span> <span class="hljs-title">@fallback</span> { proxy_pass http://backend; } try_files path1 path2 uri <span class="zh-hans"> try to access each </span>path<span class="zh-hans"> end request if found </span> <span Class = "useful - Hans" >, </span> URI <span class="zh-hans"> </span>uri<span class="zh-hans"> </span> <span class="hljs-keyword">type</span> {MIME<span class="zh-hans"> type Settings </span>,< SPAN class="zh-hans"> can be located on </span>server Location <span class="zh-hans"> block </span><span class="hljs-keyword">type</span><span Class ="zh-hans"> this means that different file types are opened by different applications. </span> }Copy the code

    Copy the code

    }
    "httpThere are many thieves in the configuration Such astcpThe network link Memory Resource Management Restrictions on client requests File operation optimization and so on, and so on can be studied in detail"

    }

    Configure the reverse proxy server

Nginx has a high concurrency and load capability, and can be used as a Web server to provide static file services to users. However, some complex services are not suitable to be directly placed on the Nginx server. At this time, Apache and other servers will be used to process them. Nginx is used as a static Web server and reverse proxy server, and requests that are not suitable for nginx processing are directly transferred to the upstream server

Nginx reverse proxy mode

The HTTP request--->Nginx drops the request content onto the server's hard disk or memory---->Initiate a connection to the upstream serverCopy the code
  • Advantages: Reduce the load on the upstream business server, and try to put the pressure on the Nginx server
    • The client and the proxy server are connected through the public network, and the network environment is complicated. However, the proxy server and the upstream service server are connected through an internal private network. After receiving a user request, the proxy server forwards the request quickly on the Intranet. If it is receiving and forwarding at the same time, the poor speed of the external network will drag down the internal network.
  • Disadvantages: Increased request processing time, increased memory and disk space on the Nginx server

Load balancing is configured in the HTTP module

http {

upstream backen {
    ip_hash;
    server backend1.example.com  weight= 5; server backend2.example.com  max_failes3  fail_timeout=30s;
}
    #It defines an object calledbackendA cluster of upstream servers
    #server After can follow domain name IPAddress port, etc.
    #weightForward weight
    #max_failemThe default is1, 0Indicates the number of failed checks; faile_timeoutThe default is10s   30sInternal forwarding failed3The server is considered to be unavailable
    #ip_hashGuarantee the sameipRequests to the same server.Can't withweightAt the same time,
    If a machine in the server cluster is down, the configuration cannot be deleted.And you want to usedownLabel to ensure the consistency of forwarding policies
    #The reverse proxy also provides variables such as:$remote_addr $time_local  $request , etc. Can be found inaccess_logthelog_formatLog format configuration using??
Copy the code

}

The reverse proxy configuration is as follows in the Location module

upstream backen {
.....
}
Copy the code

server{ location /{ proxy_pass http://backend; proxy_set_header Host $host #A reverse proxy does not forward requests by defaulthostThe head.If forwarding is required, useproxy_set_headerconfiguration}}

Nginx advanced