Nginx service optimization methods

Nginx service optimization can be optimized from several aspects: hiding version numbers, changing users and groups, configuring web page cache time, log cutting, and setting connection timeouts.

1. Hidden version number

The Nginx version number needs to be hidden in the production environment to avoid leaking the Nginx version and preventing users from targeting a specific version. To check the Nginx version, use the command curl -I http://172.16.10.10/ in CentOS.

[[email protected] ~]# curl -I http://172.16.10.10/ HTTP/1.1 200 OK Server: nginx/1.12.0   #Nginx版本信息 Date: Fri, 29 Jun 2018 08:52:27 GMT Content-Type: text/html Content-Length: 483 Last-Modified: Fri, 29 Jun 2018 06:56:20 GMT Connection: keep-alive ETag: "5b35d814-1e3" Accept-Ranges: bytes<br>

There are two ways to hide the version number. One is to modify the Nginx source code file to specify not to display the version number. The second is to modify the Nginx main configuration file.

The method to modify the main configuration file is as follows:

Set the server_tokens option value in the Nginx configuration file to off. If there is no such configuration item, just add it.

[[email protected] ~]# vim /usr/local/nginx/conf/nginx.conf   ...........    #省略内容     http {        include       mime.types;        default_type  application/octet-stream;        server_tokens     off;    #关闭版本号 ............    #省略内容<br>

rrree

Visit the website again, only Nginx is displayed, and the version number has been hidden.

[[email protected] ~]# nginx -t    #测试配置文件 nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful<br>

The source code file of Nginx contains version information, which can be set at will. Then recompile and install, and the version information will be hidden.

[[email protected] ~]# service nginx restart #重新启动nginx服务 [[email protected] ~]# curl -I http://172.16.10.10/ HTTP/1.1 200 OK Server: nginx       #nginx隐藏了版本号 Date: Fri, 29 Jun 2018 09:09:36 GMT Content-Type: text/html Content-Length: 483 Last-Modified: Fri, 29 Jun 2018 06:56:20 GMT Connection: keep-alive ETag: "5b35d814-1e3" Accept-Ranges: bytes<br>

Recompile and install

[[email protected] ~]# vim /opt/nginx-1.12.0/src/core/nginx.h #编辑源码文件 #define NGINX_VERSION      "1.1.1"              #修改版本号 #define NGINX_VER          "IIS" NGINX_VERSION  #修改服务器类型<br>

When you visit the URL again, only the modified version information will be displayed.

[[email protected] ~]# cd /opt/nginx-1.12.0/ [[email protected] nginx-1.12.0]#./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module && make && make install<br>

2. Modify users and groups

The Nginx runtime process requires user and group support to implement access control when reading website files. The main process is created by root, and the child processes are created by specified users and groups. Nginx uses the nobody user account and group account by default, which generally need to be modified.

(1) Specify the user and group when compiling Nginx, that is, when configuring nginx, specify the user and group parameters after ./configure.

[[email protected] nginx-1.12.0]# service nginx restart      #重启nginx服务 [[email protected] nginx-1.12.0]# curl -I  http://172.16.10.10/HTTP/1.1 200 OK Server: IIS1.1.1            #nginx的版本信息 Date: Fri, 29 Jun 2018 09:30:09 GMT Content-Type: text/html Content-Length: 483 Last-Modified: Fri, 29 Jun 2018 06:56:20 GMT Connection: keep-alive ETag: "5b35d814-1e3" Accept-Ranges: bytes<br>

(2) Modify the Nginx configuration file nginx.conf to specify the user and group.

[[email protected] ~]# cd /opt/nginx-1.12.0/ [[email protected] nginx-1.12.0]#./configure --prefix=/usr/local/nginx  --user=nginx    #指定用户名是nginx --group=nginx   #指定组名是nginx --with- && make && make install<br>

Restart nginx to check the running status of the process. The main process is created by the root account, and the sub-process is created by nginx.

[[email protected] ~]# vim /usr/local/nginx/conf/nginx.conf  user nginx nginx;     #修改用户为nginx，组为nginx<br>

3. Configure web page cache time

After Nginx returns the web page data to the client, the cache time can be set so that future requests for the same content can be returned directly to avoid repeated requests and speed up access. Generally, this is only set for static resources, and there is no need to set the cache time for dynamic web pages. The operation steps are as follows:

(1) Use images as cache objects and place game.jpg in the Nginx website directory.

[[email protected] ~]# ps aux | grep nginx root      14923  0.0  0.0  20540   624 ?        Ss   17:30   0:00 nginx: master process /usr/local/nginx/sbin/nginx   #主进程由root创建 nginx     14925  0.0  0.1  22984  1412 ?        S    17:30   0:00 nginx: worker process           #子进程由nginx创建 root      19344  0.0  0.0 112720   984 pts/0    R+   17:47   0:00 grep --color=auto nginx<br>

(2) Visit http://172.16.10.10/game.jpg, then use the Fidder tool to capture the packet and check the response message. There is no cached image information.

(3) Modify the configuration file, add the expire parameter to the new location section, and specify the cache time, 1d means one day.

[[email protected] ~]# cd /usr/local/nginx/html/    #Nginx的网站目录 [[email protected] html]# ls 50x.html  error.png  game.jpg  index.html  test.html<br>

(4) Restart the nginx service, access the URL to capture packets, and the response message contains the Expire parameter, which indicates the cache time.

[[email protected] ~]# vim /usr/local/nginx/conf/nginx.conf     location ~\.(gif|jpg|jepg|png|bmp|ico)$ {    #加入新的location         root html;         expires 1d;     #指定缓存时间         }<br>

[

The above is the detailed content of Nginx service optimization methods. For more information, please follow other related articles on the PHP Chinese website!