1, Introduction to Nginx
1.1 general
Nginx:
-
Nginx is a high-performance HTTP and reverse proxy server.
-
It is a lightweight high-performance web server / reverse proxy server / e-mail (IMAP/POP3) proxy server
-
A single physical server can support 30000 ~ 50000 concurrent requests.
Apache:
Apache is a process based architecture. Processes consume more system expenses than threads and are not suitable for multiprocessor environments. Therefore, when an apache Web site is expanded, it is usually to add servers or cluster nodes rather than processors.
1.2 comparison of advantages and disadvantages between nginx and Apache
(1) Advantages of nginx over apache:
-
Lightweight, it also serves as a web service, occupying less memory and resources than apache
-
Anti concurrency, nginx handles requests asynchronously and non blocking, while apache is blocking. Under high concurrency, nginx can maintain low resource consumption and high performance
-
Highly modular design, writing modules is relatively simple
(2) Advantages of apache over nginx:
-
Rewrite is more powerful than nginx's rewrite (the main function of rewrite is to jump the URL of the uniform resource locator)
-
There are many modules. You can find everything you think of
-
Fewer bugs, and nginx has more bugs
-
Superstable
Reason for existence: Generally speaking, web services that need performance, using nginx. If you don't need performance and just want stability, choose apache.
1.3Nginx as a web server compared with Apache
Compared with apache, nginx uses less resources and supports more concurrent connections, which reflects higher efficiency.
-
As a load balancing server, nginx can support both rails and php programs internally and http proxy servers externally.
-
Nginx is written in C, which has good system resource overhead and CPU efficiency.
-
As a mail proxy server: one of the earliest purposes of developing this product is also as a mail proxy server.
1.4 nginx configuration is simple and apache is complex
The core difference between 1.5 nginx and Apache
-
apache is a synchronous multi process model. One connection corresponds to one process. nginx is asynchronous. Multiple connections can correspond to one process.
-
Nginx handles static files well and consumes less memory. It is only suitable for static and reverse.
-
Apache has an advantage in dealing with dynamic,
-
nginx has good concurrency and low CPU memory consumption. If rewrite s are frequent, apache is the best choice.
-
In general, apache is still the first choice for most companies.
2, I/O in Linux
I/O in a computer refers to Input/Output. lOPS (Input/Output Per Second) is the Input/Output per second (or read / write times). It is one of the main indicators to measure disk performance. IOPS refers to the number of I/O requests that can be processed by the system in a unit time. Generally, the unit is the number of IO requests processed per second. I/O requests are usually read or write data operation requests.
A complete I/O is the complete exchange of messages between process data in user space and kernel data in kernel space. However, due to the strict isolation between kernel space and user space, the process in user space cannot directly call the stored data in kernel space, Instead, you need to copy the memory data in kernel space to the process memory in user space, so I/O is simply to copy the data from the memory data in kernel space to the process memory in user space.
-
Disk I/O: the difference between buff and cache
-
Network I/O: everything is a file. Its essence is to read and write socket files
Get the request data, the client establishes a connection with the server, sends a request, and the server accepts the request(1-3) Build the response. When the server receives the request, it processes the client's request in user space until the build response is completed (4)) After returning the data, the server passes the constructed response through the network in kernel space I/0 Send back to client(5-7)
Synchronous / asynchronous: it focuses on the message communication mechanism, that is, whether the callee provides notification of completion status when the caller is waiting for the processing result of an event.
-
Synchronization: synchronous. The callee does not provide notification messages related to the processing results of the event. The caller needs to actively ask whether the processing is completed
-
Asynchronous: asynchronous. The callee actively notifies the caller of the running status of the callee through the status, notification or callback mechanism
Blocking / non blocking: focus on the state of the caller before waiting for the result to return
-
Blocking: blocking, which means that the IO operation needs to be completely completed before returning to user space. Before the result is returned, the caller is hung up and unable to do anything else.
-
Non blocking: nonblocking, which means that the IO operation is immediately returned to the user after being invoked. It does not need to wait until the IO operation is completed. Before the final result is returned, the caller will not be hung up and can do other things.
Asynchronous non blocking I/O model
3, Detailed explanation of compilation and installation steps of Nginx
3.1 close the firewall and install the dependency package
1. #Turn off firewall [root@localhost opt]#systemctl stop firewalld [root@localhost opt]#setenforce 0 2. #Install dependency package [root@localhost opt]#yum -y install pcre-devel zlib-devel gcc gcc-c++ make
3.2 create new users and groups to facilitate management
3. #The new user nginx service program runs as nobody by default. It is recommended to create a special user account for it to more accurately control access rights [root@localhost opt]#useradd -M -s /sbin/nologin nginx
3.3 transfer the compressed package to / opt directory, compile and install
4.#Switch to the opt directory and transfer the downloaded compressed package [root@localhost opt]#cd /opt [root@localhost opt]#ls nginx-1.12.0.tar.gz 5.#Unzip file [root@localhost opt]#tar -zxf nginx-1.12.0.tar.gz [root@localhost opt]#ls nginx-1.12.0 nginx-1.12.0.tar.gz 6.#Switch to the unzipped folder and compile [root@localhost nginx-1.12.0]# ./configure \ > --prefix=/usr/local/nginx \ > --user=nginx \ > --group=nginx \ > --with-http_stub_status_module //explain --prefix=/usr/local/nginx \ #Installation path --user=nginx \ #Specify user name --group=nginx \ #Specify user groups --with-http_stub_status_module #Enable this module to support status statistics // 7.#install [root@localhost nginx-1.12.0]#make && make install -j4
3.4 make soft connection and start nginx
8. #Make a soft connection and let the system recognize the operation commands of nginx [root@localhost sbin]#ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/ 9. #Check whether the configuration file is configured correctly [root@localhost sbin]#nginx -t 10. #start nginx [root@localhost sbin]#nginx 11. #Check whether the startup is successful [root@localhost sbin]#ss -ntap|grep nginx LISTEN 0 128 *:80 *:* users:(("nginx",pid=9123,fd=6),("nginx",pid=9122,fd=6))
3.5 stop nginx
1. #First check the PID number of nginx [root@localhost sbin]#cat /usr/local/nginx/logs/nginx.pid 9122 2.#Direct kill kill -3 <PID number> [root@localhost sbin]#kill -3 9122 #You can't find the process [root@localhost logs]#ss -ntap|grep nginx #You must kill the parent process. It is useless to kill the child process #Check process number [root@localhost logs]#lsof -i :80 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME nginx 10298 root 6u IPv4 68323 0t0 TCP *:http (LISTEN) nginx 10299 nginx 6u IPv4 68323 0t0 TCP *:http (LISTEN) #View main process [root@localhost logs]#cat /usr/local/nginx/logs/nginx.pid 10298 #Kill child process [root@localhost logs]#kill -3 10299 #Process not killed [root@localhost logs]#cat /usr/local/nginx/logs/nginx.pid 10298 #Kill parent process [root@localhost logs]#kill -3 10298 #The process killed [root@localhost logs]#cat /usr/local/nginx/logs/nginx.pid #The process killed cat: /usr/local/nginx/logs/nginx.pid: There is no such file or directory
3.6 adding nginx system services
3.6.1 method 1: Script Writing
#Write the script as follows [root@localhost init.d]#vim /etc/init.d/nginx cmd="/usr/local/nginx/sbin/nginx" pid="/usr/local/nginx/logs/nginx.pid" start) $cmd ;; stop) kill -3 `cat $pid` ;; restart) $0 stop $0 start ;; reload) kill -1 `cat $pid` ;; *) echo "please input,start,reload,restart " exit 0 ;; esac exit 1 #Execute script [root@localhost init.d]#chmod +x /etc/init.d/nginx [root@localhost init.d]#chkconfig --add nginx #start nginx [root@localhost init.d]#service nginx start #Close nginx [root@localhost init.d]#service nginx stop
3.6.2 add nginx command to service
[root@localhost system]#cd /lib/systemd/system #It is recommended to copy the script directly [root@localhost system]#vim nginx.service #!/bin.bash [Unit] Description=nginx After=network.target [Service] Type=forking PIDFile=/usr/local/nginx/logs/nginx.pid ExecStart=/usr/local/nginx/sbin/nginx ExecReload=/usr/bin/kill -s HUP $MAINPID ExecStop=/usr/bin/kill -s QUIT $MAINPID PrivateTmp=true [Install] WantedBy=multi-user.target ##When the ngin service on the disk changes, run 'systemctl daemon reload' to reload the unit. [root@localhost system]#systemctl daemon-reload ##Start service [root@localhost system]#systemctl start nginx
3.7 viewing nginx version information
[root@localhost system]#nginx -v nginx version: nginx/1.12.0
4, Nginx profile
4.1 main configuration file of nginx service
[root@localhost system]#vim /usr/local/nginx/conf/nginx.conf
4.2 global configuration
#user nobody; ##Run user worker_processes 1; ##The number of working processes can be configured as the number of server cores * 2. If the website traffic is small, it is generally set to 1 #error_log logs/error.log; ####Location of the error log file #pid logs/nginx.pid; ####Location of PID file
4.3 I / O event configuration
events { use epoll; #Epoll model is used to improve performance. It is recommended to use epoll model above version 2.6 worker_connections 4096; #Each process handles 4096 connections }
epoll (socket descriptor) is a poll improved by the Linux kernel] to handle a large number of file descriptors. It is multiplexed under Linux IO An enhanced version of the interface select/poll, which can significantly improve the system CPU utilization when there are only a few active programs in a large number of concurrent connections
If the number of working processes is 8 and each process processes 4096 connections, the number of connections allowed for Nginx to provide services normally has exceeded 30000 (4096) × 8 = 32 768), of course, it depends on the performance of server hardware, network bandwidth and other physical conditions.
-
To increase the number of connections per process, you also need to execute the command "ulimit -n 65535" to temporarily modify the maximum number of files that can be opened simultaneously by each local process.
-
On the Linux platform, when processing highly concurrent TCP connections, the maximum number of concurrent connections is limited by the system to the number of files that can be opened by a single user process at the same time (this is because the system creates a socket handle for each TCP connection, and each socket handle is also a file handle).
-
You can use the ulimit -a command to view the limit on the number of files that the system allows the current user process to open.
#View the number of files that the system allows the current user process to open [root@localhost conf]#ulimit -a core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited pending signals (-i) 6911 max locked memory (kbytes, -l) 64 max memory size (kbytes, -m) unlimited open files (-n) 1024 pipe size (512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) 8192 cpu time (seconds, -t) unlimited max user processes (-u) 6911 virtual memory (kbytes, -v) unlimited file locks (-x) unlimited #Temporarily modify the maximum number of files that each local process can open at the same time [root@localhost conf]#ulimit -n 6000 #View modified [root@localhost conf]#ulimit -a core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited pending signals (-i) 6911 max locked memory (kbytes, -l) 64 max memory size (kbytes, -m) unlimited open files (-n) 6000 pipe size (512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) 8192 cpu time (seconds, -t) unlimited max user processes (-u) 6911 virtual memory (kbytes, -v) unlimited file locks (-x) unlimited
4.3 HTTP configuration
Use "http {}" to define the tag, including access log, HTTP port, Web page directory, default character set, connection retention, virtual Web host, PHP parsing and a series of settings to be discussed later. Most of the configuration statements are contained in the sub definition tag "server {}"
http { include mime.types; ##File extension and file type mapping table default_type application/octet-stream; ##Default file type ##Log format setting #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; #Log format setting sendfile on; ##Support file sending (downloading) ##This option allows or prohibits the use of the TCP cORK option of socket (cache data before sending packets). This option is only used when sendfile is used #tcp_nopush on; ##Connection hold timeout, in seconds #keepalive_timeout 0; keepalive_timeout 65; #gzip on; ##Gzip module settings, setting whether to enable gzip compressed output server { listen 80; ##Listening address and port server_name www.yxp.com; ##The site domain name can have multiple, separated by spaces #charset utf-8; #Default character set for web pages #access_log logs/host.access.log main; location / { ##Root configuration root html; ##Location of the site root directory / usr/local/nginx/html index index.html index.htm; ##Default home page file name } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; ##Feedback page for internal errors location = /50x.html { ##Error page configuration root html; }
Log format setting: $remote_addr and $http x forwarded for are used to record the ip address of the client$ remote user: used to record the client user name$ time local: used to record the access time and time zone$ Request: the url and http protocol used to record the request$ Status: used to record the request status; Success is 200, $body bytes sent: record the size of the body content of the file sent to the client$ http referer: used to record which page link to access from$ http user agent: record the relevant information of the client browser;
Usually, the web server is placed behind the reverse proxy, so you can't get the customer's IP address through sremote_ The IP address obtained by add is the IP address of the reverse proxy server. The reverse proxy server can add x to the http header information of the forwarding request_ forwarded_ For information, which is used to record the IP address of the original client and the server address requested by the original client.
location common configuration instructions, root, alias, proxy_ pass root: request ww.clj.com/test/1.jpg, and the file / usr/local/nginx/html/test/1.jpg alias (alias configuration) will be returned: www.clj.com/test/1.jpg , the file / usr / local / nginx / HTML / 1.jpg proxy is returned_ Pass (reverse proxy configuration): proxy_pass http://127.0.0.1:8080/ ; ------------- It will forward the request to http://127.0.0.1:8080/1.jpg proxy_pass http://127.0.0.1:8080 ; -------------- It will forward the request to http: / / 127.0.0.1 ∶ 8080/test/1.jpg
4.4 access status statistics configuration
-
nginx has built-in http_ STUB_ The status statistics module is used to feed back the current Web access. When configuring compilation parameters, you can add -- with HTTP_STUB_STATUS_ Module to enable this module support. You can use the command
-
You can use the command / usr/local/nginx/sbin/nginx – v to see if the installed Nginx contains HTTP_STUB_STATUS module.
-
Operation steps:
-
Modify the nginx.conf configuration file, specify the access location and add the stub_status configuration (backup before modification)
#Copy a configuration file first [root@localhost conf]#cp /usr/local/nginx/conf/nginx.conf nginx.conf.bak # Modify nginx.conf configuration file [root@localhost conf]#vim /usr/local/nginx/conf/nginx.conf events { use epoll; worker_connections 1024; } server { listen 80; server_name www.yxp.com; charset utf-8; location / { root html; index index.html index.htm; } location /status { ##The access location is / status stub_status on; ##Turn on the status statistics function access_log off; ##Turn off logging at this location }
2. Enter in the web page 192.168.59.108/status test
Active connections: 2 server accepts handled requests 2 2 4 Reading: 0 Writing: 1 Waiting: 1
Active connections: 2 # current number of active links server accepts handled requests 6 6 5 # indicates the connection information that has been processed. Three numbers at a time indicate the number of connections that have been processed, the number of successful TCP handshakes, and the number of requests that have been processed. Reading: 0 Writing: 1 Waiting: 1
3. Write shell script in combination with awk. If the number of links is too high, alarm
#/bin/bash a=$(curl 192.168.59.108/status) b=$(echo $a|awk '{print $3}') if [ $b -ge 1000 ] then echo "Too many connections"|mail -s test 1943466298@qq.com else echo "Good operation" fi
4.5 access control based on authorization password
1. Generate user password authentication file
#Installation tools [root@localhost conf]#yum install -y httpd-tools.x86_64 #Set if there is no password [root@localhost conf]#htpasswd -c /usr/local/nginx/passwd.db zhangsan #Do not add - c for the second time [root@localhost conf]#htpasswd /usr/local/nginx/passwd.db lisi [root@localhost conf]#chown nginx /usr/local/nginx/passwd.db [root@localhost conf]#chmod 400 /usr/local/nginx/passwd.db
-
Modify the directory corresponding to the main configuration file
location /status { #Add password authentication auth_basic "secret"; auth_basic_user_file /usr/local/nginx/passwd.db; # stub_status on; # access_log off; root html; index index.html index.htm; }
-
Restart service
[root@localhost conf]#nginx -t [root@localhost conf]#systemctl restart nginx.service
4. Test on the web
http://192.168.59.108 you need to enter your account and password to log in
4.6 client based access control
1. Introduction to client based access control client based access control determines whether to allow page access through the client IP address. Nginx client based access control is simpler than Apache. The rules are as follows: 1) deny IP/IP segment: deny client access to an IP or IP segment. 2) allow IP/IP segment: allows client access to an IP or IP segment. 3) The rule is executed from top to bottom. If it matches, it will stop and no longer match from bottom to top.
-
Modify profile
[root@localhost conf]#vim /usr/local/nginx/conf/nginx.conf location / { #auth_basic "secret"; #auth_basic_user_file /usr/local/nginx/passwd.db; deny 192.168.59.130; ###Client IP allow all; root html; index index.html index.htm; }
-
Restart the service and access the test
4.7 domain name based nginx virtual host
Using the virtual host, there is no need to provide a separate Nginx server or run a group of Nginx processes for each website to run. The virtual host provides the function of running multiple websites on the same server and the same group of Nginx processes. Like Apache, Nginx can also configure many types of virtual hosts, namely IP based virtual host, domain name based virtual host and port based virtual host. When using Nginx to build a virtual host server, each virtual Web site has an independent "server {}" configuration section, and the IP address and port number of their listening can be specified separately. Of course, the website name is also different.
-
Create document for virtual host
[root@localhost html]#mkdir -p /var/www/html/{yxp,accp} [root@localhost html]#echo "<h1>www.yxp.com</h1>" > /var/www/html/yxp/index.html [root@localhost html]#echo "<h1>www.accp.com</h1>" > /var/www/html/accp/index.html
-
Modify profile
vim /usr/local/nginx/conf/nginx.conf server { listen 80; server_name www.accp.com; charset utf-8; access_log logs/www.accp.access.log; location / { root /var/www/html/accp; index index.html index.htm; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } server { listen 80; server_name www.yxp.com; charset utf-8; access_log logs/yxp.access.log; location / { root /var/www/html/yxp; index index.html index.htm; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } }
3. Restart the service and test
The domain name cannot be used at this time. You need to modify the / etc/hosts configuration file
C:\Windows\System32\drivers\etc\hosts
4.8 IP address based
1. Modify the configuration file
[root@localhost html]#vim /usr/local/nginx/conf/nginx.conf server { listen 192.168.59.108:80; server_name www.yxp.com; server { listen 192.168.59.111:80; server_name www.accp.com;
4.9 port based
[root@localhost html]#vim /usr/local/nginx/conf/nginx.conf server { listen 192.168.59.108:80; server_name www.yxp.com; server { listen 192.168.59.108:8080; server_name www.accp.com;