preface

Recently, there was a project that separated the front end from the front end, and the front end was deployed in Nginx. Because the only Web server I had contacted was IBM WS, weblogic, etc., I had not used Nginx to do web server in production, so I stepped on a lot of pits, to record, I hope I don’t have to step on pits in Nginx for the rest of my life

The installation of the Nginx

Nginx installation has a pit, that is, it is best to install the latest stable version, because the lower version of the pit, at first we installed a lower version, and then configured HTTPS(following the SSL configuration provided by Ali Cloud, so the probability of error configuration), but can not access HTTPS. It took a long time to change the latest stable version, and then the configuration was successful. The installation process is as follows:

1. Install the PCRE dependency

yum install -y pcre pcre-devel
Copy the code

2. Install Zlib dependencies

yum install -y zlib zlib-devel
Copy the code

3. Install c++ dependencies

yum install -y gcc-c++
Copy the code

4. Install SSL dependencies (If the SSL certificate needs to be configured)

yum install -y openssl openssl-devel
Copy the code

5. Download Nginx (preferably the latest stable version)

wget -c https:/ / nginx.org/download/nginx-1.10.2.tar.gz
Copy the code

6. Decompress and use the default Settings

tar -zvxf nginx-1.10.2.tar.gz
cd nginx-1.10.2.tar.gz
./configure
Copy the code

7. Compile and install

make
make install
Copy the code

8. View the installation path and start it

whereis nginx 
nginx -t // Check the default configuration file to find the path of the configuration file
nginx -c  /etc/nginx/nginx.conf  // The configuration file path in step 2
Copy the code

Refer to the article

Reverse proxy for Nginx

1. Reverse proxy of Nginx

Combining scenario, suppose I now want to * * * * / API under all request broker to my backend interface (eg:www.mydomain.com/api/xxxxx forwarded to www.mydomain.com:8080/xxxxx), you need to configuration to the configuration file

location /api/ {
    proxy_pass http://www.mydomain.com:8080/;
}
Copy the code

One thing to note here is that Nginx is configured from the top down, which means if you’ve configured it before, as follows

location / {
    root  /www/resource/;
    index index.html index.htm;
}
location /api/ {
    proxy_pass http://www.mydomain.com:8080/;
}
Copy the code

This will not work, because any matching rule that satisfies **/ API/is also a matching rule that satisfies /**, and Nginx is configured from the top down, so it is all forwarded to/by the proxy.

More reverse proxy rules are as follows:

Location = / {# exact match /, can't have any string after the host name} location / {# because all addresses start with a /, } location /documents/ {# matches any address that starts with /documents/. If the match matches, you need to search further. } location ~ /documents/Abc {# match any address that starts with /documents/. } location ^~ /images/ {# match any address that starts with /images/. } the location ~ * \. (GIF | JPG | jpeg) ${# matches all to GIF, JPG or jpeg # at the end of the request, however, all requests/images/pictures will be config D processing, } location /images/ {# characters match to /images/. If you want to find the longest characters match to /images/ ABC, } location ~ /images/ ABC / {#} location ~ /images/ ABC / { Match the address starting with config G at the longest, continue to search, match this re, use}Copy the code

2.Nginx retrieves parameters

For the scenario, suppose I now want to get the request parameters under/API and forward them (eg:www.mydomain.com/api?img=htt…). , you need to modify the following configuration:

location /api/ { proxy_pass $arg_img; # $arg_ Parameter name: can get parameter content}Copy the code

There is a little hole here that you need to write in your configuration file if you have different fields

server {
    listen 80;
    resovler 8.8. 8.8; }Copy the code

If resovler 8.8.8.8 is not set, Nginx will report 502.

3. The Nginx setting cookies

For the scenario, suppose I now want to retrieve the request parameters under/API and set them to a Cookie (eg.www.mydomain.com/api?cookie=…).

location /api/ {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    add_header 'Set-Cookie' 'mycookie=$arg_cookie';
    add_header 'domain' '.mydomain.com'; 
    proxy_pass https://www.mydomain.com/;
}
Copy the code

The first two parameters Set the user’s access IP, Set the Cookie, which involves a problem, if the background set-cookie, the browser will not save the Cookie, because different fields, the browser will throw the Cookie, if you write set-cookie in Java

Cookie cookie = new Cookie("cookie"."cookie");
cookie.setPath("/");
cookie.setDomain(".domain.com"); Request. AddCookie (cookies);Copy the code

Mydomain.com is a domain, WWW is a domain name, and mydomain.com is a domain name. The domain name can be resolved to an IP address by DNS.

So Nginx should be careful when setting cookies

add_header 'domain' 'xxxx';
Copy the code

4.Nginx load balancing

Another well-known use of Nginx is load balancing, where there are six load balancing policies: weight, IP_hash (based on IP allocation), least_CONN (minimum number of connections), FAIR (based on response time), and URl_hash (based on URL allocation). The following uses the load balancing policy configuration as an example:

/ / assume now at https://www.mydomain.com:8090 and https://www.mydomain.com:8091 to deploy two backgroundupstream tomcat_pool {         server https://www.mydomain.com:8090 weight=4 max_fails=2 fail_timeout=30s;
      server https://www.mydomain.com:8091 weight=4 max_fails=2 fail_timeout=30s;
    }
Copy the code

Max_fails refers to the maximum number of failures. If the number of failures reaches the threshold, the node will be marked as unavailable and requests ~ after fail_timeout expires

The optimization of Nginx

1.worker_processes

Worker_processes specifies the number of WORKer_processes in Nginx.

2. I/O model

Configure Nginx’s I/O model to support epoll after Linux 2.6. If the system does not support epoll, Nginx will default to Select or Poll I/O models, as if Windows were a Select model.

events{
    use epoll;
}
Copy the code

3.worker_rlimit_nofile

Worker_rlimit_nofile Generally has the same value as the file operand (ulimit -n). Expand on how to get file operands for optimizing the system.

First modify the process’s largest file handle

ulimit -n 1048576
Copy the code

Change the maximum number of files that can be allocated to a process

echo 2097152 > /proc/sys/fs/nr_open
Copy the code

Written into the configuration file/etc/security/limits. Conf

*   soft nofile  1048576
*   hard nofile 1048576
*   soft nproc unlimited
root soft nproc unlimited
Copy the code

Finally, clear out the old files

rm -rf /etc/security/limits.d/ *Copy the code

Then modify the /etc/sysctl.conf file

fs.nr_open=2097152
fs.file-max = 1048576
Copy the code

Fs.nr_open refers to the maximum file operand that can be allocated by a single process, and file-max refers to the maximum file handle, and then the configuration file takes effect.

systcl -p
Copy the code

4.worker_connections

Worker_processes * Nginx worker_connections; worker_processes * Nginx worker_connections;

worker_connections 102400;
Copy the code

5.keepalive_timeout

Keepalive timeout period.

keepalive_timeout 60;
Copy the code