小于 1 分钟
3. nginx配置文件详解
配置文件详解
user nginx;
worker_processes 8;
worker_cpu_affinity auto;
#worker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000 01000000 10000000;
error_log /var/log/nginx/error.log error;
pid /var/run/nginx.pid;
worker_rlimit_nofile 65535;
events {
use epoll;
worker_connections 20480;
}
http {
include mime.types;
default_type application/octet-stream;
log_format prod '$remote_addr|$remote_user|[$time_local]|$request|'
'$status|$body_bytes_sent|$http_referer|'
'$http_user_agent|$request_time|$host|$upstream_addr|$upstream_response_time';
access_log /var/log/nginx/access.log prod;
charset utf-8;
fastcgi_intercept_errors on;
server_names_hash_bucket_size 256;
client_header_buffer_size 32k;
large_client_header_buffers 4 128k;
server_tokens off;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
#支持ssi包含文件
ssi on;
ssi_silent_errors on;
# ssi_types text/html;
keepalive_timeout 90;
client_header_timeout 10;
client_body_timeout 20;
client_max_body_size 200m;
client_body_buffer_size 128k;
# include /etc/nginx/gzip.conf;
gzip on;
gzip_buffers 4 8k;
gzip_comp_level 6;
gzip_disable "MSIE [1-6]\.";
gzip_http_version 1.1;
gzip_min_length 1000;
gzip_proxied any;
gzip_vary on;
gzip_types text/plain text/css application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript application/json image/jpeg image/gif image/png image/jpg;
# include /etc/nginx/proxy.conf;
proxy_connect_timeout 90;
proxy_read_timeout 90;
proxy_send_timeout 90;
proxy_buffer_size 32k;
proxy_buffers 4 64k;
proxy_busy_buffers_size 128k;
# include /etc/nginx/backend.conf;
upstream my_server_pool {
server 192.168.1.109:80 weight=1 max_fails=2 fail_timeout=30;
server 192.168.1.108:80 weight=2 max_fails=2 fail_timeout=30;
}
include /etc/nginx/conf.d/h5.conf;
}
大约 11 分钟
4. 内核参数优化
linux内核参数优化(网络模块)
在Linux下调整内核参数,可以直接编辑配置文件/etc/sysctl.conf,然后执行sysctl -p命令生效
文件内容如下:
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 268435456
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.somaxconn = 262144
net.core.netdev_max_backlog = 262144
net.ipv4.tcp_max_orphans = 262144
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 30000
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 30
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 65536 4194304
net.ipv4.tcp_mem = 524288 699050 1048576
vm.swappiness = 0
vm.min_free_kbytes = 65536
大约 6 分钟
1. 初识Nginx
1 Nginx的三个主要应用场景
三个主要应用场景为:
- 静态资源服务(通过本地文件系统提供服务)
- 反向代理服务
- API服务(OpenRestydeng )
1.1 反向代理服务
1.1.1 负载均衡
大约 17 分钟
2. nginx架构基础
1 Nginx请求处理流程
2 Nginx进程结构
3 Nginx进程管理:信号
大约 2 分钟
3.1 nginx全局块和events块配置
1 example
# 运行Nginx进程的用户
user nginx;
worker_processes 8;
worker_cpu_affinity auto;
# 定义存储某类型的全局错误的日志位置
# nginx日志分为很多级别 [debug | info | notice | warn | error | crit | alert | emerg]
error_log /var/log/nginx/error.log error;
# 指定进程ID(pid)存放的路径
pid /var/run/nginx.pid;
# 一个nginx进程打开的最多文件描述符数目,理论值应该是系统的最多打开文件数(ulimit -n)与nginx进程数相除,但是nginx分配请求并不是那么均匀,所以最好与ulimit -n的值保持一致。
worker_rlimit_nofile 65535;
events {
# 使用epoll的I/O模型,用这个模型来高效处理异步事件
use epoll;
# 每个进程允许的最多连接数,理论上每台nginx服务器的最大连接数为worker_processes*worker_connections。
worker_connections 20480;
}
大约 2 分钟
3.2 nginxHTTP块配置
1 配置块的嵌套
http {
upstream {...}
split_clients {...}
map {...}
geo {...}
server {
if () {...}
location {
limit_except {...}
}
location {
location {
}
}
}
server {
}
}
大约 3 分钟
3.4 nginxLOCATION块配置
nginx中location的匹配模式有以下几种:
-
精确匹配:以
=开头,只有完全匹配才能生效,例子location = /uri -
非正则匹配:以
^~开头,^表示非、~表示正则,例子location ^~ /uri -
正则匹配:
- 以
~开头,表示区分大小写的正则匹配,例子location ~ pattern - 以
!~开头,表示区分大小写不匹配的正则,例子location !~ pattern - 以
~*开头,表示不区分大小写的正则匹配,例子location ~* pattern - 以
!~*开头,表示不区分大小写不匹配的正则,例子location !~* pattern
- 以
-
普通匹配:不带任何修饰符,例子
location /uri、location /
大约 6 分钟
3.5 nginx常用模块
1 Module ngx_http_gzip_module
该ngx_http_gzip_module模块是一个使用“gzip”方法压缩响应的过滤器。这通常有助于将传输数据的大小减少一半甚至更多。
使用SSL / TLS协议时,压缩的响应可能会受到 BREACH攻击。
大约 9 分钟
6. nginx的常见问题
nginx 配置支持 websocket 连接
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
大约 6 分钟