Nginx knowledge that front-end engineers must know

“Perception: 🌟🌟🌟🌟🌟“

“Taste: Tiger skin egg“

“Cooking time: 10min“

This article has been included in the front-end canteen namesake warehouse Github github.com/Geekhyt, welcome to the canteen, if you think the food and wine is delicious, reward a Star for the canteen boss is a great encouragement.

Historical background

The globalization of the Internet led to the rapid growth of the amount of data, the Internet and in the failure of Moore’s law on the CPU at the turn of the century, towards multi-core CPU, and Apache apparently did not ready to multi-core architecture, it’s a process at the same time can only handle one connection, treatment after a request to the next, This certainly cannot cope with the huge number of users on the Internet today. And the cost of switching between processes is very high. In this context, Nginx was born to easily handle millions and millions of connections.

Nginx advantage

• High concurrency performance
• Good scalability
• High reliability
• Hot deployment
• Open source license

Main application scenarios of Nginx

• Static resource services that are provided through the local file system
• Reverse proxy services and load balancing
• API services and permission control to reduce pressure on application servers

Nginx configuration file and directory

You can run the RPM -ql nginx command to view the nginx installation configuration file and directory.

The following figure shows the configuration file and directory of the latest stable version of Nginx that I installed on the xyz cloud.

• /etc/nginx/nginx.conf Core configuration file
• The/etc/nginx/conf. D/default. Conf HTTP server configuration file by default
• The/etc/nginx/fastcgi_params fastcgi configuration
• The/etc/nginx/scgi_params scgi configuration
• The/etc/nginx/uwsgi_params uwsgi configuration
• /etc/nginx/koi-utf
• /etc/nginx/koi-win
• The three files in /etc/nginx/win-utf are encoded mapping files because the authors are Russian
• /etc/nginx/mime.types Sets the relationship between the content-type and the extension name of the HTTP protocol
• /usr/lib/systemd/system/nginx-debug.service
• /usr/lib/systemd/system/nginx.service
• /etc/sysconfig/nginx
• The /etc/sysconfig/nginx-debug file is used to configure daemon management
• /etc/nginx/modules Basic shared libraries and kernel modules
• /usr/share/doc/nginx-1.18.0 help document
• /usr/share/doc/nginx-1.18.0/copyright
• The/usr/share/man/man8 / nginx. 8. Gz manual
• /var/cache/nginx Cache directory of nginx
• /var/log/nginx Indicates the log directory of nginx
• /usr/sbin/nginx Is an executable command
• /usr/sbin/nginx-debug Debugging runs executable commands

Common Nginx commands and configuration file syntax are easy to find. This article will not elaborate on them. The following is a look at the functions and actual scenarios of Nginx and what configuration items Nginx can provide in each scenario. Before that, let’s make two concepts clear:

Forward proxy

The object of the forward proxy is the client. The server cannot see the real client.

Resolver 8.8.8.8# Google domain name resolution address

server {

 location / {

      When a client requests me, I forward the request to it

      $request_URI specifies the request path

      proxy_pass http://$http_host$request_uri;

 }

}

Copy the code

Reverse proxy

Reverse proxy: the object of reverse proxy is the server. The client cannot see the real server.

Cross domain

Cross-domain is a scenario that front-end engineers face, and there are many cross-domain solutions. However, be aware that in production, either CORS or Nginx reverse proxies will be used to resolve cross-domain issues. Do the following in the Nginx configuration file:

server {

    listen   80;

    server_name   localhost; # User access localhost and reverse proxy to http://webcanteen.com

    location / {

        proxy_pass http://webcanteen.com

    }

}

Copy the code

Gzip

Gzip is a very common data compression format on the Internet, for plain text can be compressed to 40 percent of its original size, can save a lot of bandwidth. Note, however, that the minimum version of HTTP required to enable Gzip is 1.1.

location ~ .*\. (jpg|png|gif)$ {

    gzip off; # Turn off compression

    root /data/www/images;

}

location ~ .*\. (html|js|css)$ {

    gzip on; # Enable compression

    gzip_min_length 1k; # Files over 1K are compressed only

Gzip_http_version 1.1;The lowest version of HTTP required to enable gZIP compression

    gzip_comp_level 9; The higher the compression ratio, the smaller the size of the file to be compressed

    gzip_types text/css application/javascript; # Type of file to compress

    root /data/www/html;

}

Copy the code

Request limits

For heavy traffic malicious access, will cause bandwidth waste, increase pressure on the server. The number of connections and concurrent connections of the same IP address are often limited.

There are two main types of request restrictions:

• Limit_conn_module Connection frequency limit
• Limit_req_module Request frequency limit

# $binary_remote_addr remote IP address zone zone name 10m memory area size

limit_conn_zone $binary_remote_addr zone=coon_zone:10m;

server {

    # conn_zone sets the number of shared memory regions corresponding to 1 to the limit

 limit_conn conn_zone 1;

}

Copy the code

# $binary_remote_addr Remote IP address zone Zone name 10 MB memory size Rate: request frequency 1s once

limit_req_zone $binary_remote_addr zone=req_zone:10m rate=1r/s;

server {

    location / {

        # Set the threshold for the maximum number of burst requests in the shared memory region

        limit_req zone=req_zone burst=5 nodelay;

    }

}

Copy the code

Access control

There are two main types of access control:

• -http_access_module IP – based access control
• -http_auth_basic_module Login based on user trust

(Login based on user trust is not very secure, so this article will not introduce the configuration.)

The following is ip-based access control:

server {

 location ~ ^/index.html {

  # Match index.html pages are accessible except for 127.0.0.1

Deny 127.0.0.1;

  allow all;

 }

}

Copy the code

Ab command

The ab command is called Apache Bench, which is Apache’s own stress testing tool. It can also test Nginx, IIS and other Web servers.

• -n Indicates the total number of requests
• -c Indicates the number of concurrent requests

Ab -n 1000-c 5000 http://127.0.0.1/

Copy the code

Preventing hotlinking

The principle of anti-linkedness is to obtain the source of the web page according to the referer in the request header, so as to realize access control. This can prevent website resources from being illegally embezzled, thus ensuring information security, reducing bandwidth loss, reducing server pressure.

location ~ .*\.(jpg|png|gif)$ { # Match the file type of the anti-linkedresource

    $invalid_referer is invalid. 403 is returned

Valid_referers none blocked 127.0.0.1;

    if ($invalid_referer) {

        return 403;

    }

}

Copy the code

Load Balance

When our website needs to solve the high concurrency, massive data problems, we need to use load balancing to schedule servers. The request is properly distributed to one server in the application server cluster.

Nginx can provide us with load balancing capability. The specific configuration is as follows:

# upstream Specifies the back-end server address

# weight Sets the weight

The # server will forward the request for http://webcanteen to the upstream pool

upstream webcanteen {

Server 127.0.0.1:66 weight = 10;

Server 127.0.0.1:77 weight = 1;

Server 127.0.0.1:88 weight = 1;

}

server {

    location / {

        proxy_pass http://webcanteen

    }

}

Copy the code

Back-end server status

The back-end server supports the following status configurations:

• Down: Indicates that the current server does not participate in load balancing
• Backup: Standby server when all other nodes are unavailable
• Max_fails: The number of times requests are allowed to fail, and sleep if they fail
• Fail_timeout: Specifies the server pause time after max_fails fails. The default value is 10 seconds
• Max_conns: limits the maximum number of received connections per server

upstream webcanteen {

Server 127.0.0.1:66 down;

77 backup server 127.0.0.1:;

Server 127.0.0.1:88 max_fails = 3 fail_timeout = 10 s.

Server 127.0.0.1:99 max_conns = 1000;

}

Copy the code

allocation

• In polling (default), each request is assigned to a different back-end server in turn in time order, and if a back-end server goes down, the Nginx polling list automatically removes it.
• Weight (weighted polling) is an enhanced version of polling. Weight is proportional to access probability and is mainly used in scenarios where back-end server performance is uneven.
• Ip_hash, each request is assigned based on the hash result of the access IP, so that each access can be fixed to a back-end server.
• Url_hash, which allocates requests based on the hash result of the URL accessed, so that each URL is directed to the same back-end server. This is mainly applied when the back-end server is cached.
• Any keyword is used as the hash key to implement load balancing of the hash algorithm
• Fair, the request is allocated according to the response time of the back-end server, and the short response time is allocated first.

❤️ love triple strike

1. When you see this, please click a “like” to support it. Your “like” is the motivation for my creation.

2. Pay attention to the public number front canteen, “your front canteen, remember to eat on time”!

3. This article has been included in the front canteen Github github.com/Geekhyt, for a small Star, thank Star.