Nginx clearance guide
- Nginx profile
1.1 summary of Nginx
-
NGINX is a free, open source, high-performance, lightweight HTTP and reverse proxy server, as well as an E-mail (IMAP/POP3) proxy server, which is characterized by less memory and strong concurrency. Nginx is known for its stability, rich library of modules, flexible configuration, and low resource consumption. At present should be almost all project construction necessary.
-
Nginx consists of a kernel and a series of modules. The kernel provides basic functions of Web services, such as enabling network protocols, creating an operating environment, receiving and allocating client requests, and handling interactions between modules. The various functions and operations of Nginx are implemented by modules. Nginx modules are structurally divided into core modules, basic modules and third-party modules.
1. Core modules: HTTP module, EVENT module and MAIL module
2. Basic modules: HTTP Access module, HTTP FastCGI module, HTTP Proxy module and HTTP Rewrite module
3. Third-party modules: HTTP Upstream Request Hash module, Notice module, HTTP Access Key module and modules developed by users themselves
This design makes Nginx easy to develop and extend, which is what makes Nginx so powerful. Nginx modules are compiled into Nginx by default. If you need to add or remove modules, you need to recompile Nginx, which is not as convenient as Apache’s dynamically loaded modules. If there is a need to dynamically load the module, you can use the Web server Tengine initiated by Taobao, on the basis of Nginx added a lot of advanced features, fully compatible with Nginx, has been adopted by many domestic websites.
There are many extensions to Nginx
-
The open source version of nginx.org
-
Commercial NGINX Plus
-
Taobao initiated the Web server Tengine
-
OpenResty, a Web platform based on Nginx and Lua
1.2 Nginx as a Web server
A Web Server is also called a WORLD WIDE Web (WWW) Server. It provides information browsing services on the Internet, usually in Browser/Server (B/S) mode.
The application layer uses HTTP. HTML document format. Browser Uniform resource Locator (URL).Copy the code
Nginx can be used as a Web server for static pages and supports dynamic CGI languages such as Perl, PHP, etc., but does not support Java. Java programs are generally done in conjunction with Tomcat.
As a Java ape, you must understand the difference between Nginx and Tomcat:
Nginx, Apache and Tomcat
Nginx -- a lightweight, high-concurrency HTTP server developed by Russian programmer Igor Sysoev; Apache HTTP Server Project, an Apache Foundation HTTP service Project, is similar to Nginx functionality; Apache Tomcat, another project of the Apache Foundation, is an Application Server, or more specifically, a servlet Application container. Compared to Apache HTTP Server and Nginx, Tomcat dynamically generates resources and returns them to clients.Copy the code
Apache HTTP Server and Nginx do not support dynamic page generation themselves, but they can support it through other modules (e.g. dynamic content generation via Shell, PHP, Python scripts);
An HTTP Server is concerned with transport and access control at the HTTP protocol level, so on Apache/Nginx you can see proxy, load balancing, and so on. Clients access resources (HTML files, image files, and so on) stored on the Server through HTTP Server. With CGI, it is possible to distribute processed content through an HTTP Server, but an HTTP Server always simply transfers files from the Server to the client over HTTP protocol.
An application server, on the other hand, is a container for application execution. It first needs to support the running of a development language (Java in the case of Tomcat) to ensure that the application runs properly on the application server. Second, you need to support application-specific specifications, such as class libraries and security features. For Tomcat, it is necessary to provide JSP/Sevlet running required standard library, Interface, etc. For convenience, application servers often integrate HTTP Server functions, but they are not as powerful as professional HTTP servers. Therefore, application servers often run behind HTTP Servers to execute applications and convert dynamic content into static content. Distribute to clients through HTTP Server. 1.3 Forward Proxy
Forward proxy: If the Internet outside the LAN is regarded as a huge resource library, clients on the LAN need to access the Internet through a proxy server. This proxy service is called forward proxy.
Forward proxy The forward proxy is the client.
For example, when you work from home and need to connect to your company’s VPN, this is called “forward proxy”. And so do our visits to Google. The picture
1.4 Reverse Proxy and Load Balancing
The reverse proxy is just the reverse of forward agent, reverse proxy refers to a proxy server to receive the Internet connection request, and then forwards the request to the server on the internal network, and will get the results returned to the client on the server, proxy server external performance is a server at this time, the client’s agent is no perception.
The reverse proxy “proxy” is the server.
For example, if you want to watch a “romantic movie” separately on Youku, Youku.com will distribute your request to the machine where the movie is stored, a so-called “reverse proxy.” The picture
Why a reverse proxy
Protect and hide raw resources Server encryption and SSL acceleration Load balancing by caching static resources to speed up Web requestsCopy the code
Load balancing address redirection
The main function of Rewrite in Nginx is to implement URL rewriting
For example, enter 360.com to jump to 360.cn, baidu.cn to jump to baidu.com 1.5 static and static separation
In order to speed up the site’s resolution speed, dynamic pages and static pages can be resolved by different servers, speed up the resolution, reduce the original single server pressure. By this I mean dynamic applications (Java, PHP) accessing the application server, caches, images, JS, CSS etc accessing Nginx. 2. Nginx installation
Download Nginx wget http://nginx.org/download/nginx-1.16.1.tar.gz need to compile the plug-in installation yum install GCC c + + yum install - y pcre pcre - devel Yum install -y zlib zlib-devel yum install -y openssl openssl-devel yum install -y zlib-devel Pcre, a regular expression library written in C (using the rewrite module); Zlib, a function library for data compression; Nginx tar -zxvf nginx-1.15.tar.gz CD nginx-1.16.1 /configure make && sudo make install nginx-1.16.1./configure make && sudo make install nginx-1.16.1./configure make && sudo make install nginx-1.16.1./configure make && sudo make install nginx-1.16.1 /nginx -s reload /nginx -s reload /nginx -s reloadCopy the code
- The configuration file
The nginx.conf configuration file consists of three parts: global block, Events block, and HTTPS block.
Nginx configuration syntax:
Configuration files are made up of instructions and blocks of instructions, each with a semicolon (;). At the end, instructions and arguments are separated by a space block of instructions with curly braces {} Group multiple instructions together Include statements allow multiple configuration files to be combined to improve maintainability using # add comments using $to define variables Parameters of some instructions support regular expressionsCopy the code
3.1 the global piece
The global configuration section is used to configure parameters that are valid for the entire server. Some configuration instructions affecting the overall operation of the Nginx server are mainly set, including the configuration of users (groups) running the Nginx server, the number of worker processes allowed to be generated, process PID storage path, log storage path and type, and the introduction of configuration files, etc. Example:
user nobody; worker_processes 4; error_log /data/nginx/logs/error.log notice;
3.2 events block
The instructions involved in the Events block mainly affect the network connection between the Nginx server and the user. The commonly used Settings include whether to enable serialization of network connections under the multi-work process, whether to allow multiple network connections to be received at the same time, and which event-driven model to process connection requests. Maximum number of connections that each Word process can support at the same time, etc.
# worker_connections = 1024; }
3.3 HTTP block
This is the most frequent part of the Nginx server configuration, where most functions such as proxies, caching, and logging definitions are configured, as well as third-party modules. Note that HTTP blocks can also include HTTP global blocks and server blocks. 3.3.1 HTTP Global Blocks
HTTP global block configuration instructions include file import, MIME-Type definition, log customization, connection timeout, maximum number of single link requests, and so on.
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
Copy the code
3.3.2 rainfall distribution on 10-12 server block
This and virtual host has a close relationship, virtual host from the user’s point of view, and an independent hardware host is exactly the same, the technology is produced in order to save the cost of Internet server hardware.
Each HTTP block can contain multiple Server blocks, and each server block is equivalent to a virtual host.
Each Server block is also divided into global Server blocks and can contain multiple Locaton blocks simultaneously.
The global server block, also known as the "virtual server" section, describes a set of resources logically divided according to different server_name directives. These virtual servers respond to HTTP requests and are therefore contained in the HTTP section. The most common configuration is the listening configuration of the host and the name or IP configuration of the host. server { listen 80; #server_name also supports wildcards such as *. Example.com, www.example.*,. Example.com server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; Location block A server block can be configured with multiple Location blocks. The main purpose of this block is to process a specific request based on the request string received by the Nginx server (e.g. Server_name/URI-string), matching any string other than the virtual host name (or IP alias) (e.g. / URI-string). Address targeting, data caching and response control, as well as many third-party modules are configured here. Location directive Description This directive is used to match urls. Syntax is as follows: the location [= | | | ~ ~ * ^ ~] uri {}? Note: If the URI contains a regular expression, it must be marked with ~ or ~*. When a request comes in, the URI will be detected to match an optimal location. location / { root html; index index.html index.htm; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } location / {#try_files will be matched in the given order of parameters try_files $uri $uri/ /index.html; } Locations without regular expressions are considered the best match, independent of the order of locations with regular expressions; Matches regular expressions in the search order in the configuration file. The search ends after the first regular expression match is found. Request processing is provided by this optimal location. = : This modifier uses an exact match and terminates the search. ~ : This modifier is matched using a case-sensitive regular expression. ~* : This modifier is matched using a case-insensitive regular expression. ^ ~ : Before using urIs without regular expressions, the Nginx server is required to find the location with the highest matching degree between the identifying URI and the request string, and immediately use this location to process the request, instead of using the regular URI in the Location block to match the request string.Copy the code
Nginx. conf detailed configuration
#定义Nginx运行的用户和用户组
user www www;
#nginx进程数,通常设置成和cpu的数量相等
worker_processes 4;
#全局错误日志定义类型,[debug | info | notice | warn | error | crit]
#error_log /data/nginx/logs/error.log;
#error_log /data/nginx/logs/error.log notice;
#日志文件存放路径 access_log path [format [buffer=size | off]]
access_log /data/nginx/logs/lazyegg.com/web/access.log combinedio;
#进程pid文件
#pid logs/nginx.pid;
#指定进程可以打开的最大描述符:数目
#工作模式与连接数上限
##这个指令是指当一个nginx进程打开的最多文件描述符数目,理论值应该是最多打开文件数(ulimit -n)与nginx进程数相除,但是nginx分配请求并不是那么均匀,所以最好与ulimit -n 的值保持一致。
#这是因为nginx调度时分配请求到进程并不是那么的均衡,所以假如填写10240,总并发量达到3-4万时就有进程可能超过10240了,这时会返回502错误。
worker_rlimit_nofile 65535;
################################# events ###############################
events {
#参考事件模型,use [ kqueue | rtsig | epoll | /dev/poll | select | poll ]; epoll模型
use epoll
#单个进程最大连接数(最大连接数=连接数+进程数)
worker_connections 1024;
#keepalive 超时时间
keepalive_timeout 60;
#客户端请求头部的缓冲区大小。
client_header_buffer_size 4k;
#这个将为打开文件指定缓存,默认是没有启用的,max指定缓存数量,建议和打开文件数一致,inactive是指经过多长时间文件没被请求后删除缓存。
open_file_cache max=65535 inactive=60s;
#这个是指多长时间检查一次缓存的有效信息。
open_file_cache_valid 80s;
#open_file_cache指令中的inactive参数时间内文件的最少使用次数,如果超过这个数字,文件描述符一直是在缓存中打开的,如上例,如果有一个文件在inactive时间内一次没被使用,它将被移除。
open_file_cache_min_uses 1;
#语法:open_file_cache_errors on | off 默认值:open_file_cache_errors off 使用字段:http, server, location 这个指令指定是否在搜索一个文件是记录cache错误.
open_file_cache_errors on;
}
############################## http ##################################
#设定http服务器,利用它的反向代理功能提供负载均衡支持
http{
#文件扩展名与文件类型映射表
include mime.types;
#默认文件类型
default_type application/octet-stream;
#默认编码
charset utf-8;
#服务器名字的hash表大小
server_names_hash_bucket_size 128;
#客户端请求头部的缓冲区大小。
client_header_buffer_size 32k;
#客户请求头缓冲大小。
large_client_header_buffers 4 64k;
#允许客户端请求的最大单个文件字节数
client_max_body_size 8m;
#开启高效文件传输模式,sendfile指令指定nginx是否调用sendfile函数来输出文件,对于普通应用设为 on,如果用来进行下载等应用磁盘IO重负载应用,可设置为off,以平衡磁盘与网络I/O处理速度,降低系统的负载。注意:如果图片显示不正常把这个改成off。
sendfile on;
#开启目录列表访问,适合下载服务器,默认关闭。
autoindex on;
#此选项允许或禁止使用socke的TCP_CORK的选项,此选项仅在使用sendfile的时候使用
tcp_nopush on;
tcp_nodelay on;
#长连接超时时间,单位是秒
keepalive_timeout 120;
#FastCGI相关参数是为了改善网站的性能:减少资源占用,提高访问速度。下面参数看字面意思都能理解。
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
#gzip模块设置
gzip on; #开启gzip压缩输出
gzip_min_length 1k; #最小压缩文件大小
gzip_buffers 4 16k; #压缩缓冲区
gzip_http_version 1.0; #压缩版本(默认1.1,前端如果是squid2.5请使用1.0)
gzip_comp_level 2; #压缩等级
gzip_types text/plain application/x-javascript text/css application/xml; #压缩类型,默认就已经包含textml,所以下面就不用再写了,写上去也不会有问题,但是会有一个warn。
gzip_vary on;
#开启限制IP连接数的时候需要使用
#limit_zone crawler $binary_remote_addr 10m;
#负载均衡配置
upstream lazyegg.net {
#upstream的负载均衡,weight是权重,可以根据机器配置定义权重。weigth参数表示权值,权值越高被分配到的几率越大。
server 192.168.80.121:80 weight=3;
server 192.168.80.122:80 weight=2;
server 192.168.80.123:80 weight=3;
#nginx的upstream目前支持4种方式的分配
#1、轮询(默认)
#每个请求按时间顺序逐一分配到不同的后端服务器,如果后端服务器down掉,能自动剔除。
#2、weight
#指定轮询几率,weight和访问比率成正比,用于后端服务器性能不均的情况。
#例如:
#upstream bakend {
# server 192.168.0.14 weight=10;
# server 192.168.0.15 weight=10;
#}
#2、ip_hash
#每个请求按访问ip的hash结果分配,这样每个访客固定访问一个后端服务器,可以解决session的问题。
#例如:
#upstream bakend {
# ip_hash;
# server 192.168.0.14:88;
# server 192.168.0.15:80;
#}
#3、fair(第三方)
#按后端服务器的响应时间来分配请求,响应时间短的优先分配。
#upstream backend {
# server server1;
# server server2;
# fair;
#}
#4、url_hash(第三方)
#按访问url的hash结果来分配请求,使每个url定向到同一个后端服务器,后端服务器为缓存时比较有效。
#例:在upstream中加入hash语句,server语句中不能写入weight等其他的参数,hash_method是使用的hash算法
#upstream backend {
# server squid1:3128;
# server squid2:3128;
# hash $request_uri;
# hash_method crc32;
#}
#tips:
#upstream bakend{#定义负载均衡设备的Ip及设备状态}{
# ip_hash;
# server 127.0.0.1:9090 down;
# server 127.0.0.1:8080 weight=2;
# server 127.0.0.1:6060;
# server 127.0.0.1:7070 backup;
#}
#在需要使用负载均衡的server中增加 proxy_pass http://bakend/;
#每个设备的状态设置为:
#1.down表示单前的server暂时不参与负载
#2.weight为weight越大,负载的权重就越大。
#3.max_fails:允许请求失败的次数默认为1.当超过最大次数时,返回proxy_next_upstream模块定义的错误
#4.fail_timeout:max_fails次失败后,暂停的时间。
#5.backup: 其它所有的非backup机器down或者忙的时候,请求backup机器。所以这台机器压力会最轻。
#nginx支持同时设置多组的负载均衡,用来给不用的server来使用。
#client_body_in_file_only设置为On 可以讲client post过来的数据记录到文件中用来做debug
#client_body_temp_path设置记录文件的目录 可以设置最多3层目录
#location对URL进行匹配.可以进行重定向或者进行新的代理 负载均衡
}
#虚拟主机的配置
server {
#监听端口
listen 80;
#域名可以有多个,用空格隔开
server_name lazyegg.net;
#默认入口文件名称
index index.html index.htm index.php;
root /data/www/lazyegg;
#对******进行负载均衡
location ~ .*.(php|php5)?$
{
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
}
#图片缓存时间设置
location ~ .*.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 10d;
}
#JS和CSS缓存时间设置
location ~ .*.(js|css)?$
{
expires 1h;
}
#日志格式设定
#$remote_addr与$http_x_forwarded_for用以记录客户端的ip地址;
#$remote_user:用来记录客户端用户名称;
#$time_local: 用来记录访问时间与时区;
#$request: 用来记录请求的url与http协议;
#$status: 用来记录请求状态;成功是200,
#$body_bytes_sent :记录发送给客户端文件主体内容大小;
#$http_referer:用来记录从那个页面链接访问过来的;
#$http_user_agent:记录客户浏览器的相关信息;
#通常web服务器放在反向代理的后面,这样就不能获取到客户的IP地址了,通过$remote_add拿到的IP地址是反向代理服务器的iP地址。反向代理服务器在转发请求的http头信息中,可以增加x_forwarded_for信息,用以记录原有客户端的IP地址和原来客户端的请求的服务器地址。
log_format access '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $http_x_forwarded_for';
#定义本虚拟主机的访问日志
access_log /usr/local/nginx/logs/host.access.log main;
access_log /usr/local/nginx/logs/host.access.404.log log404;
#对 "/connect-controller" 启用反向代理
location /connect-controller {
proxy_pass http://127.0.0.1:88; #请注意此处端口号不能与虚拟主机监听的端口号一样(也就是server监听的端口)
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
#后端的Web服务器可以通过X-Forwarded-For获取用户真实IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#以下是一些反向代理的配置,可选。
proxy_set_header Host $host;
#允许客户端请求的最大单文件字节数
client_max_body_size 10m;
#缓冲区代理缓冲用户端请求的最大字节数,
#如果把它设置为比较大的数值,例如256k,那么,无论使用firefox还是IE浏览器,来提交任意小于256k的图片,都很正常。如果注释该指令,使用默认的client_body_buffer_size设置,也就是操作系统页面大小的两倍,8k或者16k,问题就出现了。
#无论使用firefox4.0还是IE8.0,提交一个比较大,200k左右的图片,都返回500 Internal Server Error错误
client_body_buffer_size 128k;
#表示使nginx阻止HTTP应答代码为400或者更高的应答。
proxy_intercept_errors on;
#后端服务器连接的超时时间_发起握手等候响应超时时间
#nginx跟后端服务器连接超时时间(代理连接超时)
proxy_connect_timeout 90;
#后端服务器数据回传时间(代理发送超时)
#后端服务器数据回传时间_就是在规定时间之内后端服务器必须传完所有的数据
proxy_send_timeout 90;
#连接成功后,后端服务器响应时间(代理接收超时)
#连接成功后_等候后端服务器响应时间_其实已经进入后端的排队之中等候处理(也可以说是后端服务器处理请求的时间)
proxy_read_timeout 90;
#设置代理服务器(nginx)保存用户头信息的缓冲区大小
#设置从被代理服务器读取的第一部分应答的缓冲区大小,通常情况下这部分应答中包含一个小的应答头,默认情况下这个值的大小为指令proxy_buffers中指定的一个缓冲区的大小,不过可以将其设置为更小
proxy_buffer_size 4k;
#proxy_buffers缓冲区,网页平均在32k以下的设置
#设置用于读取应答(来自被代理服务器)的缓冲区数目和大小,默认情况也为分页大小,根据操作系统的不同可能是4k或者8k
proxy_buffers 4 32k;
#高负荷下缓冲大小(proxy_buffers*2)
proxy_busy_buffers_size 64k;
#设置在写入proxy_temp_path时数据的大小,预防一个工作进程在传递文件时阻塞太长
#设定缓存文件夹大小,大于这个值,将从upstream服务器传
proxy_temp_file_write_size 64k;
}
#本地动静分离反向代理配置
#所有jsp的页面均交由tomcat或resin处理
location ~ .(jsp|jspx|do)?$ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080;
}
}
}
Copy the code
- Nginx configuration example
4.1 Reverse Proxy Demo1
Use the nginx reverse proxy to access test.com directly to your own machine 127.0.0.1:8080
Start tomcat. Enter 127.0.0.1:8080 in the address box of the browser. The following screen is displayedCopy the code
The picture
By modifying the local host file (C:\Windows\System32\drivers\etc) and adding 127.0.0.1 www.12345.com map www.12345.com to your own machine IP after configuration is complete, You can access the initial Tomcat interface shown in step 1 at www.test.com:8080. How can I jump to the Tomcat initial screen by typing www.12345.com? Nginx's reverse proxy is used. Modify the nginx.conf configuration file and add the following configuration: proxy_pass server {listen 80; server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; Location / {proxy_pass http://127.0.0.1:8080; } In the preceding configuration, we listen on port 80 and access the domain name www.12345.com. If no port number is added, the default port number is port 80. Therefore, when accessing this domain name, we switch to 127.0.0.1:8080. Enter www.12345.com in the browser. The result is as follows:Copy the code
The picture
4.2 Reverse Proxy Demo2
Implementation effect: The nginx reverse proxy is used to jump to a service on a different port based on the access path
Go to http://127.0.0.1/java/ and jump to 127.0.0.1:8080
Go to http://127.0.0.1/egg/ and jump to 127.0.0.1:8081
Create two Tomcat servers and change one of them to port 8081. Add two folders in each tomcat/webapps/ directory and create a random HTML page), I created Java /index.html and egg/index.html
Nginx. conf: add serve{} server {listen 80; server_name localhost; Location ~ / Java / {proxy_pass http://127.0.0.1:8080; } location /egg/ {proxy_pass http://127.0.0.1:8081; }} Restart nginx to verify the effect imageCopy the code
4.3 Nginx Configuration – Load Balancing
With the explosive growth of Internet information, load balance is no longer a very strange topic. As the name implies, load balance is to allocate the load to different service units, so as to ensure the availability of the service and ensure the response is fast enough to give users a good experience. The rapid growth of visitors and data traffic has led to the birth of a variety of load balancing products. Many professional load balancing hardware provide good functions but are expensive, which makes load balancing software popular. Nginx is one of them. Under Linux, there are Nginx, LVS, Haproxy and other services to provide load balancing services.
Nginx load balancing is implemented by proxy module and upstream module. The upstream module enables a new configuration section that defines a set of upstream servers.
Effect: Load balancing is configured
Start two Tomcat servers at the same time (for verification, change the Tomcat port number and change the index. JSP in apache-tomcat-9.0.29/webapps/ROOR) Look at the picture of “balls” on the welcome page of 8081
"Nginx. conf HTTP {upstream myserver {server localhost:8080; server localhost:8081; } server { listen 80; location / { proxy_pass http://myserver; }}}Copy the code
Restart nginx to verify the effect (default polling mode, each time you open a new window, 8080 and 8081 will appear alternately, the same window must be closed browser cache)
Nginx allocation policy:
Polling (default) Each request is allocated to a different backend server one by one in chronological order. If the backend server goes down, the weight representation is automatically removed. The default value of weight is 1. Used when the back-end server performance is uneven. Upstream server_pool{server 192.168.5.21 weight=10; Server 192.168.5.22 weight = 10; } ip_hash Each request is allocated according to the hash result of the access IP address. In this way, each visitor has a fixed access to the back-end server, which can solve the session problem. Upstream server_pool{ip_hash; Server 192.168.5.21:80; Server 192.168.5.22:80; } FAIR (third party) allocates requests based on the response time of the back-end server, with priority given to those with short response times. Upstream server_pool {server 192.168.5.21:80; Server 192.168.5.22:80; fair; }Copy the code
4.4 Nginx Configuration – Static and dynamic separation
Nginx separation of dynamic and static requests is simply a separation of dynamic and static requests. It cannot be understood as simply a physical separation of dynamic and static pages. Use Nginx to process static pages, and Tomcat to process dynamic pages. Static and static separation can be roughly divided into two kinds from the perspective of current implementation. One kind is purely to separate static files into a separate domain name and put it on an independent server, which is also the mainstream recommended scheme at present. Another option is to mix dynamic and static files and publish them separately via Nginx. Different request forwarding is implemented by specifying different suffixes through location. The Expires parameter allows the browser to cache an expiration date, reducing requests and traffic to the server. Specific Expires definition: Sets an expiration time for an asset. That is, the browser can directly confirm the expiration of an asset without going to the server to verify. Therefore, no additional traffic will be generated. This approach is well suited to resources that are not subject to constant change. (If the file is frequently updated, it is not recommended to use Expires to cache.) I set 3d here, which means that the URL will be accessed within 3 days, a request will be sent, the last update time of the file will not be changed, and the status code 304 will be returned. If there is any change, Then download it directly from the server again and return the status code 200. The picture
Nginx. conf server {listen 80; server_name localhost; location /static/ { root /usr/data/www; } location /image/ { root /usr/data/; autoindex on; }./nginx -s reload, verify the effect imageCopy the code
Check whether the Nginx configuration is correct. Then test whether the static separation is successful. Delete a static file on the back-end Tomcat server to check whether it can be accessed. If you can access static resources nginx directly returns, do not go to the backend Tomcat server 4.5 nginx Rewrite
Rewrite is an important feature provided by the Nginx server, which enables URL rewriting and redirection.
Scene:
URL access jump, support development and design. SEO optimization (Nginx pseudo-static support) background maintenance, traffic forwarding and other security (dynamic interface camouflage)Copy the code
This directive changes the URI through the use of regular expressions. One or more instructions can exist simultaneously. Urls need to be matched and processed in sequence.
This directive can be configured in a server block or a Location block, and its basic syntax is as follows:
rewrite regex replacement [flag];
Using the example in reverse proxy Demo2, modify nginx.conf(just add a line to rewrite) server {listen 80; server_name localhost; Location/Java / {proxy_pass http://127.0.0.1:8080; rewrite ^/java /egg/ redirect; } location /egg/ {proxy_pass http://127.0.0.1:8081; }}./nginx -s reload, verify the effect (IP/Java/was redirected to egg) imageCopy the code
The rewrite directive can be configured in either a server block or a Location block, with the following basic syntax:
rewrite regex replacement [flag];
What rewrite means: This is the directive that implements URL rewriting. What regex means: A regular expression used to match urIs. Replacement: Replaces the content matched by the regex re with replacement. Flag: indicates the flag flag, which has the following values: last: Indicates that new location URI rules are matched after this rule is matched. (uncommon) break: This rule terminates when the match is complete and does not match any subsequent rules (uncommon). Redirect: Returns the 302 temporary redirect. The browser address displays the redirect URL. Permanent: returns 301 permanent redirection. The browser address displays the new URL address.Copy the code
rewrite ^/(.*) www.360.cn/$1 permanent;
4.6 Nginx high availability
If you think of a Web server cluster as a city, then a load balancing server is the equivalent of a gate. If the gate is closed, access to the outside world is cut off. If there is only one Nginx load server, when the failure goes down, the entire site can be accessed without harm. So we need more than two Nginx for failover and high availability. The picture
Configuring high Availability
Dual-system hot backup solution
This solution is the most common high availability solution in domestic enterprises. Dual-system hot backup actually means that one server is providing services while the other is in the standby state of a certain service. When one server is unavailable, the other one will replace it.
What is Keepalived?
Keepalived was originally designed for LVS load balancing software to manage and monitor the status of each service node in an LVS cluster system. The highly available Virtual Router Redundancy Protocol (VRRP) was later added. Therefore, Keepalived is not only able to manage LVS software, but also can be used as a high availability solution for other services such as Nginx, Haproxy, MySQL etc
Failover mechanism
Keepalived Failover between high availability services is implemented through VRRP. While Keepalived is working correctly, the Master node sends heartbeat messages to the standby node continuously (in multicast mode) to tell the standby node that it is still alive. When the Master node fails, it cannot send heartbeat messages. Therefore, the standby node cannot detect the heartbeat of the Master node and invokes its own takeover program to take over the IP resources and services of the Master node. When the active Master node recovers, the standby Backup node releases the IP resources and services that the active Master node takes over when the active Master node fails and restores to the original standby role.
implementation
Prepare two install Nginx and keepaliver (yum install keepalived - y) server to modify both servers/etc/keepalived/keepalived. Host the conf # # vrrp_script test script Chk_http_port {script "/usr/local/ SRC /check_nginx.sh" # check whether nginx is enabled Vrrp_instance VI_1 {state MASTER # Specifies keepalived roles, MASTER as the primary, Use ifconfig to query your network interface card virtual_Router_id 66 # Priority 100 # advert_int 1 # Check interval, The default value is 1s(VRRP multicast interval seconds) # Authentication {auth_type PASS # Set the authentication type and password. MASTER and BACKUP must use the same password to communicate auth_pass 1111} track_script {chk_http_port #} virtual_ipaddress { 192.168.16.150 # define virtual IP address (VIP) Vrrp_script chk_http_port {script "/usr/local/ SRC /check_nginx.sh" Vrrp_instance VI_1 {state BACKUP # Specifies keepalived roles, Ens33 # ens33 # ens33 # ifconfig virtual_Router_id 66 # ens33 # ens33 Priority 99 # advert_int 1 # Check interval, The default value is 1s(VRRP multicast interval seconds) # Authentication {auth_type PASS # Set the authentication type and password. MASTER and BACKUP must use the same password to communicate auth_pass 1111} track_script {chk_http_port #} virtual_ipaddress { }} create check script (chmod 775 check_nginx.sh) #! / bin/bash # test whether nginx launched A = ` ps - C nginx - no - the header | wc -l ` if [$A - eq 0]; Then # if there is no start will start nginx nginx systemctl start nginx # restart nginx if [` ps - C nginx - no - the header | wc -l ` - eq 0]; Then #nginx fails to restart keepalived service Killall Keepalived fi Fi Start Nginx and Keepalived (systemctl start Keepalive.service) simulate Nginx failure (shut down primary server Nginx), verify, The virtual IP address can still be accessed. OkCopy the code
- Nginx principle and optimization parameter configuration
By default, Nginx works in multi-process mode. After Nginx starts, it will run a master process and multiple worker processes. Master acts as the interactive interface between the whole process group and users, monitors the process, manages worker processes, and realizes functions such as restarting services, smoothing upgrades, replacing log files, and taking effect of configuration files in real time. Workers are used to process basic network events. Workers are equal and compete with each other to process images requested from clients
Benefits of master-workers mechanism
Nginx-s reload hot deployment can be used. Each worker is an independent process without locking, which saves the overhead caused by locking. The use of independent processes can not affect each other. After one process exits, other processes are still working and the service will not be interrupted. The master process will soon start a new worker process.Copy the code
How many workers need to be set
Similar to Redis, Nginx adopts IO multiplexing mechanism. Each worker is an independent process, but there is only one main thread in each process. Requests are processed in an asynchronous and non-blocking way, even thousands of requests are not a problem. Each worker thread can maximize the performance of one CPU. Therefore, it is most appropriate for the number of workers to be equal to the number of cpus on the server. Setting too little will waste CPU, while setting too much will cause CPU consumption due to frequent context switching.
Set the number of workers. Worker_processes 4 # Work binding CPU (4 work binding 4CPU) Worker_cpu_affinity 0001 0010 0100 1000 # WorkER_CPU_Affinity 0001 0010 0100 1000 # Worker_CPU_Affinity 0001 0010 0100 1000 # Worker_CPU_Affinity 0001 0010 0100 1000 # WorkER_CPU_affinity worker_cpu_affinity 0000001 00000010 00000100 00001000
The number of connections worker_connection
This value represents the maximum number of connections each worker process can make, so the maximum number of connections an nginx can make is worker_connections * worker_processes. The maximum number of connections that can be supported by HTTP is worker_connections * worker_processes. Http1.1-enabled browsers require two connections per visit, so the maximum number of concurrent static queries is Worker_connections * worker_processes/ 2, whereas for HTTP as a reverse proxy the maximum number of concurrent requests should be worker_connections * worker_processes/4. As a reverse proxy server, each concurrency establishes a connection to the client and a connection to the back-end server, occupying two connections. Nginx request processing image
- Nginx module development
Because of the modular nature of Nginx, it can support module configuration, can also be customized modules, Nginx module development, programmers do not need to go too far
Nginx module classification image
Nginx configuration options
Configuration example after decompressing nginx
./configure –prefix=/usr/local/nginx –with-http_stub_status_module –with-pcre –with-http_ssl_module
–prefix= root directory of Nginx installation, All other installation paths depend on this option — sbin-path = specify the path to the Nginx binaries –conf-path= specify the path to the nginx.conf configuration file — error-log-path = specify the path to the error file –user=name Worker user running the process –group= group running the worker process –with-http_ssl_module Uses the HTTPS protocol module. This module is not built by default. –with-http_image_filter_module this module is used as an image filter. –with-http_stub_status_module Enables this module to collect information about Nginx’s own state, often used for monitoring. –with-mail Enables the mail module, Default not enabled –without-http_autoindex_module disabled: If a directory does not have an index file, the module can collect files and list them –add-module= add a third party external module, and recompile each time a new module is added
Congratulations on making it to the big Ape interview without a welcome mat
Nginx functionality, Nginx for your project? Reverse proxy server load balancing as static resource server as HTTP server Nginx /sbin/nginx -s stop./sbin/nginx -s quit Reload the configuration./sbin/nginx -s reload service nginx Reload reloading the specified configuration file. / / usr/local/sbin/nginx - c nginx/conf/nginx. Conf view nginx version. / sbin/nginx - v check whether the configuration file is correct. / sbin/nginx - t The help information is displayed./sbin/nginx -h Common nginx configurations? worker_processes 4; # work_connections 65535; # each process ability of concurrent error_log/data/nginx/logs/error log. How does Nginx achieve high concurrency? Nginx uses a multi-process (single thread) & multiplex IO multiplexing model, asynchronous, non-blocking. There is a master process and multiple workers. Each worker process can handle multiple requests. The master process is mainly responsible for collecting and distributing requests. Each time a request comes in, the master pulls up a worker process to handle the request. The Reactor (I/O multiplexing) model is used to support the Reactor process (Reactor /O multiplexing, Reactor /O multiplexing, Reactor /O multiplexing, Reactor /O multiplexing). ** In the I/O multiplexing model, the most important system call function is select (epoll, etc.). This method can monitor the read and write status of multiple file descriptors at the same time (each network connection actually has a file descriptor). When some file descriptors are readable or writable, The select method returns the number of file descriptors that are readable and writable. The Nginx Work process uses the I/O multiplexing module to listen for multiple FD (file descriptors) at the same time. When accept, read, write, or close events occur, the operating system calls back the FD-bound event handler, and the Work process processes the corresponding events. Instead of blocking and waiting on a requested connection. This enables one process to handle multiple connections simultaneously. Each worker process processes multiple connection requests through I/O multiplexing; In order to reduce the performance loss of process switching (requiring system calls), the number of worker processes is generally set to be the same as the number of cpus. The difference between Nginx and Apache? Nginx processes requests asynchronously and non-blocking, while Apache is blocking. Under high concurrency, Nginx can maintain low resource consumption, low performance and high modular design. The core difference is that Apache is a synchronous multi-process model, one connection for one process; While nginx is asynchronous, multiple connections can correspond to one process's upstream load balancing. Polling (default) weight: specifies the weight. Ip_hash: Allocates each request based on the hash result of the access IP address, so that each visitor accesses the same backend server. Worker_processes: refers to the number of workers to be generated by Nginx. Best practice is to maximize worker_connections by running 1 worker process per CPU. Compress the file size, reduce the client HTTP transmission bandwidth, and therefore improve page loading speed. Enable caching for static files. Disable access_logs: Access logging, which records every Nginx request and therefore consumes a lot of CPU resources, thus reducing Nginx performanceCopy the code