First contact with Nginx

Some time ago, I logged into the server used for testing the company’s website and accidentally saw an access.log.gz file package. My curiosity drove me to download it from the remote server to the local, then unzip it, open it, and see that it was an access.log.gz file. Logs, I always heard them mention access logs in operation and maintenance. I only had an impression of it in my mind, but I didn’t know what it was. Now I know it. Then, if I don’t understand, I have to ask. I learned about something called nginx server software. After a brief understanding in my spare time, I wondered if I could install nginx on my computer. During daily development and debugging, I could also monitor the most commonly used ports. Although it doesn’t feel meaningful, it can also be regarded as A kind of learning. After all, you will have a deeper experience by doing it yourself than just reading books or materials. Today we will only talk about configuration. As the study progresses, we will also come into contact with load balancing, reverse proxy, optimization, etc. If anything is incorrect, please correct me, learn from each other, and make progress together!

Compared with Apaceh and others, Nginx has many advantages. There are many information on them. I won’t emphasize them too much here. They are nothing more than high concurrent connections, low memory consumption, low cost, simple configuration files, etc.

(1) Installation

Installing nginx on the ubuntu system is very simple and can be done with just one command.

sudo apt-get install nginx

By the way, if you get an error during installation, the terminal prompts "Unable to parse or open the package list or status file", the details are as follows:

E: Encountered a section with no Package: header

E: Problem with MergeList /var/lib/apt/lists/cn.archive.ubuntu.com_ubuntu_dists_natty_main_i18n_Translation-en

E: Unable to parse or open the package list or status file.

Solution:

sudo rm /var/lib/apt/lists/* -vf //If it cannot be deleted, you can use forced deletion, add the parameter -r

sudo apt-get update

Another point is If Apache is installed on your computer and is already running, stop Apache because the default ports of Apache and Nginx are both 80.

After successful installation, there will be an executable command. Open the terminal and enter the command nginx -h, and some command parameter information will appear.

nginx -h View command help

nginx -v Display version information

nginx -V Display version information and configuration options

nginx -t Test configuration file

nginx -T Test config file and dump

nginx -q Suppress non-error messages during configuration testing

nginx -s signal Send a signal to the main program, where the signals include stop, stop nginx; quit, exit; reopen, reopen;

nginx -p prefix Set the prefix path, the default is /usr/share/nginx/

nginx -c filename Set the configuration file, the default is /etc/nginx/nginx.conf

ngnix -g directives The setting exceeds the scope of the configuration file Global commands

Note: If an error occurs when using these commands, it may be a permission issue. Just switch to root and execute.

(2) Configuration file

The main configuration file is nginx.conf, and the default path is under /etc/nginx/

Related to PHP is fastcgi_params, and related to Python is uwsgi_params

Configuration file parameters and their meanings As follows:

user www www ;

Nginx user and group.

worker_processes 8;

number of worker processes is not specified under window. Depending on the hardware adjustment, it is usually equal to the total number of CPU cores or twice the total number of cores.

error_log /var/logs/error.log crit;

Error log storage path and level, the level can be [debug|info|notice|warn|error|crdit]

For each error log level, please refer to the blog post http ://blog.csdn.net/solmyr_biti/article/details/50634533

pid /run/nginx.pid;

pid process identifier storage path. The pid file is a text file with only one line of content, recording the ID of the process. The purpose of the pid file is to prevent a process from starting multiple copies. Only the process that has obtained the write permission (F_WRLCK) of the pid file (fixed path and fixed file name) can start normally and write its own PID into the file. Other redundant processes of the same program will automatically exit.

Use nginx's pid file to stop, restart, and restart smoothly nginx.如 The command format is as follows:

kill-signal type `cat /run/nginx.pid`

where the signal types are mainly:

TERM, int quickly shut down; Load the configuration file

USER1       Reopen the log file, which is very useful when cutting the log

USER2                                                  .        .         -                                                                                                    The largest descriptor that can be opened number.

This command refers to the maximum number of file descriptors opened by an nginx process. The theoretical value should be the maximum number of open files (ulimit -n) divided by the number of nginx processes. However, nginx allocation requests are not so even, so it is best to match The value of ulimit -n remains consistent.

Now the number of open files under the Linux 2.6 kernel is 65535, and worker_rlimit_nofile should be filled in with 65535 accordingly.

This is because the allocation of requests to processes during nginx scheduling is not so balanced, so if you fill in 10240 and the total concurrency reaches 30,000-40,000, the number of processes may exceed 10240, and a 502 error will be returned.

events

{

use epoll;

Use epoll’s network I/O model. Linux recommends epoll, FreeBSD recommends kqueue, and it is not specified under window.

You can check relevant information about when epoll, select, and kqueue are used.

worker_connections 204800;

The maximum number of connections per worker process. Adjust according to the hardware and use it in conjunction with the previous working process. Try to make it as large as possible, but don't run the CPU to 100%. The maximum number of connections allowed per process. Theoretically, the maximum number of connections per nginx server is worker_processes*worker_connections

keepalive_timeout 60;

keepalive timeout.

client_header_buffer_size 4k;

The buffer size of the client request header. This can be set according to your system paging size. Generally, the size of a request header will not exceed 1k. However, since system paging is generally larger than 1k, the paging size is set here.

The paging size can be obtained with the command getconf PAGESIZE.

But there are also cases where client_header_buffer_size exceeds 4k, but the value of client_header_buffer_size must be set to an integral multiple of "system paging size".

open_file_cache max=65535 inactive=60s;

This will specify the cache for open files. It is not enabled by default. max specifies the number of caches. It is recommended to be consistent with the number of open files. Inactive refers to how long the file has not been requested. Then delete the cache.

open_file_cache_valid 80s;

This refers to how often to check the cached valid information.

open_file_cache_min_uses 1;

The minimum number of uses of the file during the inactive parameter in the open_file_cache directive. If this number is exceeded, the file descriptor is always opened in the cache. As in the above example, if a file is not used once within the inactive time is used, it will be removed.

}

##The following is to set up the http server and use its reverse proxy function to provide load balancing support

http

{

include mime.types;

Set the mime type, the type is by mime.type File definition

default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '

'$status $body_bytes_sent "$http_referer" '

'"$ http_user_agent" "$http_x_forwarded_for"';

log_format log404 '$status [$time_local] $remote_addr $host$request_uri $sent_http_location';

Log format setting.

$remote_addr and $http_x_forwarded_for are used to record the client’s IP address;

$remote_user: used to record the client user name;

$time_local: used to record the access time and time zone;

$request: used to record the request url and http protocol;

$status: used to record the request status; success is 200,

$body_bytes_sent: record the size of the body content of the file sent to the client;

$http_referer: used to record the page link accessed from ;

$http_user_agent: records relevant information of the customer's browser;

Usually the web server is placed behind the reverse proxy, so that the customer's IP address cannot be obtained. The IP address obtained through $remote_add is reverse The IP address of the proxy server. The reverse proxy server can add x_forwarded_for information in the http header information of the forwarded request to record the IP address of the original client and the server address of the original client's request.

access_log logs/host.access.log main;

access_log logs/host.access.404.log log404;

After setting the log format using the log_format directive, you need to use the access_log directive to specify the storage path of the log file;

gzip on:

Enable gzip compression output to reduce network transmission.

gzip_min_length 1k

Set the minimum number of bytes of the page that is allowed to be compressed. The number of page bytes is obtained from the content-length of the header. The default value is 20. It is recommended to set the number of bytes to be greater than 1k. If it is less than 1k, it may become more and more compressed.

gzip_buffers 4 16k

Set the system to obtain several units of cache for storing the gzip compression result data stream. 4 16k means to apply for memory in units of 16k, which is 4 times the original data size of the installation in units of 16k.

gzip_http_version 1.0

Used to identify the version of the http protocol. Early browsers did not support Gzip compression, and users would see garbled characters, so this option was added to support earlier versions. If you use Nginx’s reverse proxy If you also want to enable Gzip compression, please set it to 1.0 since the end communication is http/1.0.

gzip_comp_level 6

gzip compression ratio, 1 has the smallest compression ratio and the fastest processing speed, 9 has the largest compression ratio but the slowest processing speed (fast transmission but consumes more CPU)

gzip_types

Match mime type for compression, whether specified or not, "text/html "Types are always compressed.

gzip_proxied any

Enabled when Nginx is used as a reverse proxy, it determines whether to enable or disable compression of the results returned by the backend server. The prerequisite for matching is that the backend server must return a header containing "Via".

gzip_vary on

is related to the http header. Vary: Accept-Encoding will be added to the response header, which allows the front-end cache server to cache gzip-compressed pages. For example, use Squid to cache Nginx-compressed data. .

server_names_hash_bucket_size 128;

The hash table that saves server names is controlled by the instructions server_names_hash_max_size and server_names_hash_bucket_size. The parameter hash bucket size is always equal to the size of the hash table and is a multiple of the processor cache size. After reducing the number of accesses in memory, it is possible to speed up the search for hash table key values ​​in the processor. If the hash bucket size is equal to the size of the processor cache, then when searching for a key, the number of searches in the memory is 2 in the worst case. The first time is to determine the address of the storage unit, and the second time is to find the key value in the storage unit. Therefore, if Nginx gives a prompt that the hash max size or hash bucket size needs to be increased, the first thing to do is to increase the size of the previous parameter.

client_header_buffer_size 4k;

The buffer size of the client request header. This can be set according to your system paging size. Generally, the header size of a request will not exceed 1k. However, since system paging is generally larger than 1k, the paging size is set here. The paging size can be obtained with the command getconf PAGESIZE.

large_client_header_buffers 8 128k;

Client request header buffer size. By default, nginx will use the client_header_buffer_size buffer to read the header value. If the

header is too large, it will use large_client_header_buffers to read it.

open_file_cache max=102400 inactive=20s;

This command specifies whether the cache is enabled. The maximum number of caches and the cache time are also specified. We can set a relatively high maximum time so that we can clear them after they are inactive for more than 20 seconds

open_file_cache_errors on | off

Default value: open_file_cache_errors off Using fields: http, server, location, this directive specifies whether in Searching a file records cache errors.

open_file_cache_min_uses

Syntax: open_file_cache_min_uses number Default value: open_file_cache_min_uses 1 Usage fields: http, server, location This directive specifies the minimum value that can be used within a certain time range in the invalid parameters of the open_file_cache directive. Number of files. If a larger value is used, the file descriptor is always open in the cache.

open_file_cache_valid

Syntax: open_file_cache_valid time Default value: open_file_cache_valid 60 Usage fields: http, server, location This directive specifies when it is needed Check the valid information of cached items in open_file_cache.

client_max_body_size 300m;

Set the size of files uploaded through nginx

sendfile on;

Enable efficient file transfer mode. The sendfile instruction specifies whether nginx calls the sendfile function to output files, reducing Context switch from user space to kernel space. Set it to on for ordinary applications. If it is used for disk IO heavy load applications such as downloading, it can be set to off to balance the disk and network I/O processing speed and reduce the system load.

tcp_nopush on;

This option allows or disables the TCP_CORK option of using socket. This option is only used when using sendfile.

proxy_connect_timeout 90;

The timeout of the backend server connection, the timeout for initiating a handshake and waiting for a response

proxy_read_timeout 180;

Waiting time for the backend server to respond after a successful connection. In fact, it has already entered the backend queue waiting for processing (it can also be said to be the time for the backend server to process the request)

proxy_send_timeout 180;

Backend server data The return time means that the back-end server must transmit all the data within the specified time.

proxy_buffer_size 4k;

Set the buffer size of the first part of the response read from the proxy server. Usually, this part of the response contains A small response header. By default, the size of this value is the size of a buffer specified in the proxy_buffers directive, but it can be set to smaller

proxy_buffers 4 32k;

is set to read responses (from being The number and size of buffers of the proxy server), the default is also the paging size, which may be 4k or 8k depending on the operating system

proxy_busy_buffers_size 64k;

Buffer size under high load (proxy_buffers*2)

proxy_temp_file_write_size 64k;

When caching proxied server responses to temporary files, this option limits the size of the temporary file written each time. proxy_temp_path (can be specified during compilation) to which directory to write to.

proxy_temp_path /data0/proxy_temp_dir;

The paths specified by proxy_temp_path and proxy_cache_path must be in the same partition

proxy_cache_path /data0/proxy_cache_dir levels=1:2 keys_zone=cache_one:200m inactive=1d max_size=30g;

#Set the memory cache space size to 200MB, content that has not been accessed for 1 day will be automatically cleared, and the hard disk cache space size is 30GB .

keepalive_timeout 120;

Long connection timeout in seconds. This parameter is very sensitive and involves the type of browser, the timeout setting of the back-end server, and the setting of the operating system. You can write another article. When a long connection requests a large number of small files, it can reduce the cost of reestablishing the connection. However, if a large file is uploaded, failure to complete the upload within 65 seconds will result in failure. If the setup time is too long and there are many users, maintaining the connection for a long time will occupy a lot of resources.

send_timeout 120;

is used to specify the timeout period for responding to the client. This timeout is limited to the time between two connection activities. If this time is exceeded without any activity on the client, Nginx will close the connection.

tcp_nodelay on;

tells nginx not to cache the data, but to send it piece by piece - when data needs to be sent in time, this attribute should be set to the application, so that when sending a small piece of data information, the return value cannot be obtained immediately.

client_body_buffer_size 512k;

If you set it to a relatively large value, such as 256k, then it is normal to submit any image smaller than 256k whether using firefox or IE browser. The problem arises if you comment out this directive and use the default client_body_buffer_size setting, which is twice the operating system page size, 8k or 16k.

Whether using firefox4.0 or IE8.0, submitting a relatively large image of about 200k will return a 500 Internal Server Error

proxy_intercept_errors on;

means to make nginx block responses with HTTP response codes of 400 or higher .

upstream bakend {

server 127.0.0.1:8027;

server 127.0.0.1:8028;

server 127.0.0.1:8029;

hash $request_uri;

}

This is designed with load balancing issues in mind.

nginx’s upstream currently supports the following allocation methods

1. Polling (default)

Each request is allocated to different back-end servers one by one in chronological order. If the back-end server goes down, it can be automatically eliminated.

2. Weight

specifies the polling probability. Weight is proportional to the access ratio and is used when the back-end server performance is uneven.

For example:

upstream bakend {

server 192.168.0.14 weight=10;

server 192.168.0.15 weight=10;

}

3, ip_hash

Each request is allocated according to the hash result of the access ip, In this way, each visitor has fixed access to a back-end server, which can solve the session problem.

For example:

upstream bakend {

ip_hash;

server 192.168.0.14:88;

server 192.168.0.15:80;

}

4. fair (third party)

press backend server Requests are allocated according to the response time, and those with short response times are allocated first.

upstream backend {

server server1;

server server2;

fair;

}

5, url_hash (third party)

Distribute requests according to the hash result of the accessed URL, so that each URL is directed to the same A backend server, which is more effective when the backend server is a cache.

Example: Add a hash statement to the upstream. Other parameters such as weight cannot be written in the server statement. hash_method is the hash algorithm used

upstream backend {

server squid1:3128;

server squid2:3128;

hash $request_uri;

hash_method crc32;

}

#Define the IP and device status of the load balancing device

upstream bakend{

ip_hash;

server 127.0.0.1:9090 down;

server 127.0 .0.1: 8080 weight=2;

server 127.0.0.1:6060;

server 127.0.0.1:7070 backup;

}

In the server that needs to use load balancing, add

proxy_pass http://bakend/;

The status of each device is set to:

1.down means that the previous server is temporarily not participating in the load

2.weight. The larger the weight, the greater the weight of the load.

3.max_fails: The number of allowed request failures defaults to 1. When the maximum number is exceeded, the error defined by the proxy_next_upstream module is returned.

4.fail_timeout: The pause time after max_fails failures.

5.backup: When all other non-backup machines are down or busy, request the backup machine. So this machine will have the least pressure.

nginx supports setting up multiple groups of load balancing at the same time for use by unused servers.

client_body_in_file_only is set to On. You can record the data from the client post to a file for debugging.

client_body_temp_path sets the directory of the recorded file. You can set up to 3 levels of directories.

location matches the URL. You can redirect or create a new one. Proxy load balancing

##Configure virtual machine

server

{

listen 80;

Configure listening port

server_name image.***.com;

Configure access domain name

location ~* .( mp3|exe)$ {

Regular expression to load balance addresses ending with "mp3 or exe"

proxy_pass http://img_relay$request_uri;

Set the port or socket of the proxy server, and URL

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

The purpose of the above three lines is to transmit the user information received by the proxy server to the real server

}

location /face {

if ($http_user_agent ~* "xnp") {

rewrite ^(.*)$ http://211.151.188.190:8080/face.jpg redirect;

}

#This involves the issue of Nginx’s Rewrite rules. Due to limited space, we will discuss it in the next section

proxy_pass http ://img_relay$request_uri;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header

}

}

}

It can also be seen from the above that the main format of the nginx.conf file is:

...

events

{

...

}

http

{

 …

           server

                                                                                                        

                                                               

}

 ...

}

The configuration of Nginx is a major feature. It can be compared to the definition of styles in CSS files. Child elements will inherit the style definition of parent elements and can choose whether to overwrite it. A similar inheritance relationship also exists in nginx configuration.

In order to understand the inheritance model of nginx configuration, you need to know that nginx configuration has several blocks. A block is also called a context. For example, instructions defined in the server context are stored in the server{} block, and in the http context The defined instructions are stored in the http{} block.

There are 6 possible contexts in nginx, the order from high to low is:

Global

Http

Server

If

Location

Nested Location

if in location

limit_except

Default The inheritance model direction is that the lower layer inherits the higher layer, not horizontally or reversely. A common scenario is that the rewrite request jumps from one location to another location. Then the instructions defined in the first location block will be ignored, and only the instructions defined in the second location block are in the location context. Medium and effective, here is just a brief mention.

In fact, Nginx configuration is not just these, there are others. After all, Nginx has many modules, and each module may have some special configuration commands. Here I only talk about some basic configuration information. You can learn it and understand it more deeply. , and then add it step by step. Any mistakes are welcome to criticize and correct!