Nginx "part I" (nginx source code compilation and installation, nginx concurrency optimization, nginx smooth upgrade, nginx load balancing and current limiting)

lamp architecture

LAMP is an abbreviation for a group of free software commonly used together to run dynamic websites or servers

Linux, operating system;
Apache, web server;
MySQL, database management system (or database server);
PHP and sometimes Perl or Python, scripting languages.

Here we use Nginx instead of Apache

Installation and configuration of nginx

First, prepare the nginx source code compression package nginx-1.20.1.tar.gz


tar zxf nginx-1.20.1.tar.gz

Enter the unzipped nginx source directory

cd nginx-1.20.1

The installation of source code generally consists of three steps: configure, make, and make install

Configuration of one of the source compilation Trilogy

First, you can view the configuration options through. / configure --help

To start the configuration, we set the installation path as / usr/local/nginx

./configure --with-http_ssl_module --with-http_stub_status_module --prefix=/usr/local/nginx

Prompt missing gcc

yum install gcc -y

Missing pcre

yum install pcre-devel -y

Missing openssl

yum install openssl-devel -y

Configure again and display success

Source compilation trilogy II compilation



Display successful

Then the Makefile is generated in the objs directory of the nginx decompression directory

Source compilation trilogy III installation


make install

Startup of nginx

cd /usr/local/nginx/sbin

You can see the nginx file
Make a soft link to / usr/local/sbin / to store third-party software that can only be used by super users

ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/

start nginx


Then check the port and you can see that port 80 is turned on

netstat -antlp

Browser view

How can nginx customize the content of header information

View header information

curl -I

Modify src/core/nginx.h in the extracted directory

vim  src/core/nginx.h

Modify #define nginx_ After ver, it is renamed nginx

Close nginx first

nginx -s stop



Replace the files in the installation directory with the newly generated files

\cp overwrites the original file without asking

\cp objs/nginx /usr/local/nginx/sbin/nginx

Start nginx again and check the header information

You can see that the header information has changed

How to downsize nginx and speed up compilation

Modify the relevant configuration and slim down nginx. The compiled nginx is smaller and faster

First, check the size of nginx before you lose weight
Close nginx

nginx -s stop	

Modify auto/cc/gcc in the extracted directory

vim nginx-1.20.1/auto/cc/gcc 		

Close c language compilation debug

Comment out the item under debug

Empty the cache makdfile and execute it in the extracted directory

make clean				

to configure

./configure --with-http_ssl_module --with-http_stub_status_module --prefix=/usr/local/nginx



Never make install, or the installation will be overwritten

At this time, view the nginx size in the objs directory of the extracted directory

Display 928 K

Copy and replace the nginx to the nginx file in the installation directory, and the new nginx program will overwrite the old one

cp nginx /usr/local/nginx/sbin/nginx

Nginx startup and startup settings (use systemctl to control nginx)

First, make sure nginx is not started. If it is started, first use nginx -s stop to close nginx

vim /usr/lib/systemd/system/nginx.service

Description=The NGINX HTTP and reverse proxy server

ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID


Refresh service list

systemctl daemon-reload

Start and set startup self startup nginx

systemctl enable --now nginx

At this point, nginx can be controlled through systemctl

Modify the owner of nginx process

Default owner
Add an nginx user

useradd -M  -d /usr/loacl/nginx -s /sbin/nologin nginx

Modify nginx.conf in nginx installation directory

vim /usr/local/nginx/conf/nginx.conf   #According to the conf/nginx.conf in your installation directory

Restart reload

nginx -s reload

You can see the owner change

nginx concurrency optimization

Enter the installed directory of nginx

cd /usr/local/nginx/conf

Modify profile

vim conf/nginx.conf

The number of modified work processes is 2

Detection syntax

nginx -t 

nginx restart

nginx -s reload

View the worker process of nginx

ps ax |grep nginx

Nginx is not enabled by default. We can use multi-core CPU by adding worker_cpu_affinity configuration parameters to take full advantage of the performance of multi-core CPUs. CPU is the most critical resource for task processing and computing. The more CPU cores, the better the performance

2 nucleus cpu,Start 2 processes
worker_cpu_affinity 01 10;

4 individual cpu,Start 4 processes,and so on
worker_cpu_affinity 0001 0010 0100 1000;

Set worker_ The mode of processes is changed to auto. Here, the number of workers will be determined according to the number of cpu cores of the host. A core is a worker

vim conf/nginx.conf

worker_connections the maximum number of connections (including all connections) that each worker process can handle (initiate) concurrently cannot exceed the maximum number of file openings

Here, you need the maximum number of file openings supported by the kernel > the maximum number of file openings supported by the system > the maximum number of file openings supported by the worker

vim conf/nginx.conf

How to view the maximum number of file openings supported by the kernel

sysctl -a |grep file

How to view the maximum number of file openings supported by the system

ulimit -a

The maximum number of files opened by the system can be modified

vim /etc/security/limits.conf

*: Represents all users. You can also specify a specified user or user group
soft: Indicates the limit of the maximum number of files that can be opened at the application level
hard: Indicates the maximum number of files that can be opened at the operating system level

*   soft   nofile  65536  
*   hard   nofile  65536 

Log in to the shell again and use ulimit -a to check whether the value of the open files line is valid

Verify that the maximum number of files that can be opened by the nginx process takes effect

Restart nginx

nginx -s stop

Find the pid value of nginx's worker process

ps aux | grep nginx

View max open files

cat /proc/pid/limits

nginx smooth upgrade

First, prepare the source code compilation package of the new version 1.21.1


Enter the decompressed directory, modify the relevant configuration, reduce nginx and speed up compilation

vim auto/cc/gcc

Comment out debug

to configure

./configure --with-http_ssl_module --with-http_stub_status_module --prefix=/usr/local/nginx



Do not install (do not make install)

Save backup old version nginx

cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx-old

Overwrite the old nginx in the installation directory with the generated nginx

\cp -f objs/nginx /usr/local/nginx/sbin/nginx

Gets the pid of the current nginx main process

ps ax|grep nginx

Upgrade new program

kill -USR2 master of id Mine is 3150

View new programs

ps ax|grep nginx

Close the original worker process but keep the main process in order to have a chance to fall back

kill -WINCH old master of id Mine is 3150

At this time, the old worker no longer exists

ps ax|grep nginx

Test: curl -I

The display version has been to 1.21.1

How to version fallback?

Use nginx old, which has just saved the old version in advance

Enter / usr/local/nginx/sbin/

reduction nginx Procedure:# cp -f nginx-old nginx
 Wake up the original process:# kill -HUP old version id
 Recycle new version master Process: kill -WINCH 3150
 Close the new version main process: kill -QUIT 3150

nginx load balancing

At this time, three virtual machines are needed for the experiment

Configure two hosts without nginx

On the installed host:
ssh the installed nginx directory using the scp command

scp -r /usr/local/nginx/ server2:/usr/local/nginx/
scp -r /usr/local/nginx/ server3:/usr/local/nginx/

Tell system d how to start the Unit and use systemctl to control nginx

scp /usr/lib/systemd/system/nginx.service server2:/usr/lib/systemd/system/
scp /usr/lib/systemd/system/nginx.service server3:/usr/lib/systemd/system/

Then go to the other two hosts to execute them respectively
To create soft links, you can use nginx directly

ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/

Create nginx user

useradd -M  -d /usr/loacl/nginx -s /sbin/nologin nginx

Refresh service list

systemctl daemon-reload

Start and set startup self startup nginx

systemctl enable --now nginx

The default publishing page for server2 host modification is server2, and the default publishing page for server3 host modification is server3

echo server2(3) > /usr/local/nginx/html/index.html

Return to server1

Using http upstream module of nginx to realize load balancing of client accessing backend

Modify the configuration file vim /usr/local/nginx/conf/nginx.conf

Add the upstream module in http, and the module is named 808bass

Add server instruction

Save exit

nginx -t #Check whether the syntax is correct
nginx -s reload # Refresh service

Add address resolution to the host to be accessed

vim /etc/hosts

Test access:

for i in {1..10}; do curl; done

You can see load balancing on access

Modify the configuration file again

vim /usr/local/nginx/conf/nginx.conf

Modify the weight. The weight of is 2, and there is a two-thirds chance of being accessed. defaults to 1, and there is a one-third chance of being accessed
Save exit

nginx -t #Check whether the syntax is correct
nginx -s reload # Refresh service

Test access:

for i in {1..10}; do curl; done

You can see that server2 is about twice as large as server3 when accessing

Modify the configuration file again

vim /usr/local/nginx/conf/nginx.conf

Add backup. As long as you add an additional backup parameter after the server ip that you want to become a backup server, this server will become a backup server. When it is not used at ordinary times, nginx will not forward any requests to it. Nginx will enable this node only when all other nodes cannot be connected. Once a node is available to restore service, the node is no longer used and enters the backup state.
Save exit

nginx -t #Check whether the syntax is correct
nginx -s reload # Refresh service

Change the default publishing page content

echo error > /usr/local/nginx/html/index.html

At this time, the nginx simulation of manually closing server2 and server3 fails

Execute nginx -s stop on both servers

Test access:

for i in {1..10}; do curl; done

You can see that both server2 and server3 have been hung up, and the backup host starts to be enabled

Modify the configuration file again

vim /usr/local/nginx/conf/nginx.conf

ip_ According to personal understanding, the load balancing mode of hash is: for example, multiple users access the back-end nginx cluster through nginx. At this time, because there are different users, the IP is also different. The hash values calculated by ip+hash algorithm are transmitted to nginx, and nginx records the IP and hash values. Then the same IP will be allocated to the nginx server next time.

ip_hash cannot be used with backup

Save exit

nginx -t #Check whether the syntax is correct
nginx -s reload # Refresh service

Test access:

for i in {1..10}; do curl; done

You can see that only server2, the nginx server, is accessed

cookie based load balancing using nginx sticky

Modify profile

vim /usr/local/nginx/conf/nginx.conf

Turn off nginx service

nginx -s stop

You have to install a plug-in plugin package
Download the unzip compression tool and unzip the file

yum install unzip -y

Enter the source compilation directory of nginx

Configure the onboard module -- add module = / root / nginx-goods-nginx-sticky-module-ng-08a395c66e42

./configure --with-http_ssl_module --with-http_stub_status_module --prefix=/usr/local/nginx --add-module=/root/nginx-goodies-nginx-sticky-module-ng-08a395c66e42

make compilation

Display successful

Do not install!!!

You can see that nginx from 928 to 936 indicates that the plug-in installation is complete
The new nginx overwrites the old nginx

cp -f objs/nginx /usr/local/nginx/sbin/nginx

Close nginx

nginx -s stop



Browser Test (ensure nginx of server2 and server3 starts)

Always server2
Enter browser settings

delete cookie


You can see that you have been accessing server3

nginx current limiting

nginx can use limit_conn_zone and limit_req_zone two components to limit the frequency and number of client access to directories and files

Modify profile

vim /usr/local/nginx/conf/nginx.conf

limit_conn_zone $binary_remote_addr zone=addr:10m; Limit access frequency
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s	The access frequency is limited. Here, it is limited to 1 time per second

limit_conn addr 1	Limit concurrency
limit_rate 50k	Limit bandwidth
limit_req zone=one burst=5 nodelay Limit to 1 s It can only be used once in a row, and only five people can be queued. Those behind do not wait

Pressure test with ab command

ab -c10 -n10 #c is the number of concurrent operations and n is the number of times

Tags: Operation & Maintenance Nginx lnmp lamp

Posted on Sat, 04 Sep 2021 15:57:21 -0400 by brendandonhue