Shulou(Shulou.com)06/03 Report--

Nginx realizes connection timeout in the enterprise website, in order to avoid the same customer occupying the connection for a long time and causing a waste of resources, you can set the corresponding connection timeout parameter to control the connection access time. Use fiddler tool to check the connection parameter timeout parameter.

Keepalive_timeout

Set the connection timeout. Generally, you can only set this parameter. The default is 65 seconds. It can be set according to the situation of the website, or closed, and can be set in the http segment, server segment, or location segment.

Client_header_timeout

Specify the timeout for waiting for the client to send a request header

Client_body_timeout

Set the request body read timeout

Modify configuration file [root@localhost ~] # cd / usr/local/nginx/conf/ [root@localhost conf] # vim nginx.conf # # modify configuration file # keepalive_timeout 0 keepalivetimeout 65 180; # # server and client timeout client_header_timeout 80; # # request header timeout client_body_timeout 80 # # request body timeout [root@localhost conf] # service nginx stop # # disable enabling service [root@localhost conf] # number of service nginx start Nginx running processes in high concurrency scenarios, you need to start more Nginx processes to ensure fast response to process users' requests and avoid blocking. You can use the ps aux command to check the number of Nginx running processes and change the number of processes.

Modify configuration file, modify process configuration parameters, modify worker_process parameters of configuration file

Generally set to the number of CPU or the number of cores

In the case of high concurrency, it can be set to the number of CPU or twice the number of cores to run more processes. When responding to access requests, Nginx will not temporarily start new processes to provide services, reducing system overhead and improving service speed. Use ps aux to check the changes in the number of running processes. By default, multiple processes of Nginx may run on a CPU, and different processes can be assigned to different CPU processing. Make full use of hardware multi-core multi-CPU in a 4-core physical server, you can configure the following to allocate processes

Worker_cpu_affinity 0001 0010 0100 10001. View current worker process information [root@localhost ~] # ps aux | grep nginx # # View process information root 7231 0.0 20548 620? Ss 01:57 0:00 nginx: master process # # main process nginx 7232 0.0 23076 1400? S 01:57 0:00 nginx: worker process # # 1 worker process root 7372 0.0 112728 972 pts/2 S + 02:07 0:00 grep-- color=auto nginx2, add CPU to the virtual machine

3. Modify the configuration file [root@localhost ~] # cd / proc/ [root@localhost proc] # cat cpuinfo # # View the number of cpu cores processor: 0 # # first... processor: 1 # # second... [root@localhost proc] # cd / usr/local/nginx/conf/ [root@localhost conf] # vim nginx.conf # # modify the configuration file # user nobody;worker_processes 2; # # the number of cores is 2worker_cpu_affinity 01 10 # # process assignment 4, check the worker process [root@localhost conf] # ps aux | grep nginx # # View Nginx process information nginx 2329 0.0 23076 1392? S 20:12 0:00 nginx: worker process # # now there are two working processes nginx 2330 0.0 23076 1384? S 20:12 0:00 nginx: worker processNginx implements the web page compression function Nginx's ngx_http_gzip_module compression module provides the function of compressing the file content, allowing the Nginx server to compress the output before sending it to the client, in order to save the website bandwidth and enhance the user's access experience. By default, you can add the corresponding compression function parameters to the configuration file to optimize the compression performance gzip on: enable gzip compression output gzip_min_length 1k: used to set the minimum number of bytes of pages allowed to be compressed gzip_buffers 4 16k: apply for 4 units of 16k memory as the compression result stream cache The default value is to apply for the same memory space as the original data to store the gzip compression result zip_http_version 1.00.It is used to set and identify the http protocol version. The default is 1.1.At present, most browsers already support gzip decompression, but the processing is the slowest and consumes server CPU resources gzip_comp_level 2: used to specify the gzip compression ratio, 1 compression ratio is the smallest and the processing speed is the fastest. 9 the compression ratio is the largest, the transmission speed is fast, but the processing speed is the slowest. Use the default gzip_types text/plain: compression type, enable compression on those web documents gzip_vary on: option allows the front-end cache server to cache the gzip compressed page experimental environment Linux server (192.168.13.142) a win10 test machine 1 Modify configuration file add compression module content [root@localhost ~] # cd / usr/local/nginx/conf/ [root@localhost conf] # vim nginx.conf # # modify configuration file # gzip on # # enable gzip compression (temporarily disabled) gzip_min_length 1k; # # compression threshold gzip_buffers 4 16k; # # buffer size is 4 16k buffer size gzip_http_version 1.1; # # compressed version gzip_comp_level 6 # # Compression ratio, 5 moderate gzip_types text/plain application/x-javascript text/css image/jpg image/jpeg image/png image/gif application/xml text/javascript application/x-httpd-php application/javascript application/json; # # supported type format gzip_disable "MSIE [1-6]\."; # # disable gzip condition and support regularity, which means that gzip gzip_vary on is not enabled below ie6 # # Let the front-end cache server cache gzip-compressed pages 2 Insert a picture in a web site [root@localhost html] # mount.cifs / / 192.168.100.3/LAMP-C7 / mnt # # mount a shared Password for root@//192.168.100.3/LAMP-C7: [root@localhost html] # ls / mntapr-1.6.2.tar.gz Discuz_X2.5_SC_UTF8.zip LAMP-php5.6.txtapr-util-1.6.0.tar.gz Error.png mysql-5.6.26.tar.gzawstats-7.6.tar.gz httpd-2.4.29.tar.bz2 nginx-1.12.0.tar.gzcronolog-1.6.2-14.el7.x86_64.rpm kali.jpg php-5.6.11.tar.bz2 [root@localhost html] # cp / mnt/11.png. / # # copy the picture to the site [root@localhost html] # vim index.html # # put the picture into the web page Welcome to nginx!

# # add Image [root@localhost html] # service nginx stop # # turn off the Nginx service [root@localhost html] # service nginx start [root@localhost html] # systemctl stop firewalld.service # # turn off the firewall [root@localhost html] # setenforce 03, view the web page information, and grab the package with fiddler

4. Enable gzip compression function [root@localhost html] # vim / usr/local/nginx/conf/nginx.conf # # modify configuration file gzip on; # # enable compression function [root@localhost html] # service nginx stop # # disable and enable Nginx service [root@localhost html] # service nginx start 5, view the web page, and use fiddler to grab the package to view the compression.

Nginx implements hotlink protection in corporate website services, it is generally necessary to configure hotlink protection to avoid illegal theft of website content, so as to cause economic losses. Nginx hotlink protection is also very powerful. By default, you only need to make a simple configuration to realize the hotlink protection experimental environment: a Linux server (192.168.13.142), a win7 hotlink website (192.168.13.135), a win10 test machine (1), create a pirated web page in the win7 hotlink website, create a web page content with text, and modify the suffix to index.html cloud computing this is test web.

# # Pictures of stolen links 2. Set up a web website and specify the address of the DNS server (192.168.13.142)

3. Install dns server [root@localhost html] # yum install bind-y # # install DNS [root @ localhost html] # vim / etc/named.conf options {listen-on port 53 {any;}; # # listen on all listen-on-v6 port 53 {:: 1;} Directory "/ var/named"; dump-file "/ var/named/data/cache_dump.db"; statistics-file "/ var/named/data/named_stats.txt" Memstatistics-file "/ var/named/data/named_mem_stats.txt"; recursing-file "/ var/named/data/named.recursing"; secroots-file "/ var/named/data/named.secroots"; allow-query {any;} # # allow all [root@localhost html] # vim / etc/named.rfc1912.zones # # configure zone "kgc.com" IN {type master; file "kgc.com.zone" # # kgc region data configuration file allow-update {none;};} [root@localhost html] # cd / var/named/ [root@localhost named] # cp-p named.localhost kgc.com.zone # # copy template [root@localhost named] # vim kgc.com.zone # # modify the zone configuration file $TTL 1D @ IN SOA @ rname.invalid. (0; serial 1D; refresh 1H Retry 1W; expire 3H) Minimum NS @ A 127.0.0.1www IN A 192.168.13.142 # # Local address [root@localhost named] # systemctl start named # # enable the dns service [root@localhost named] # systemctl stop firewalld.service # # turn off the firewall [root@localhost named] # setenforce 04, and use the test machine to visit the hotlink website Original website

5. Modify the configuration file and enable hotlink protection [root@localhost named] # vim / usr/local/nginx/conf/nginx.conf## insert hotlink protection configuration error_page 500502503504 / 50x.hml in server segment; location = / 50x.html {root html } location ~ *\. (jpg | gif | swf) ${# # support format valid_referers none blocked * .kgc.com kgc.com; # # allow kgc.com to access if ($invalid_referer) {rewrite ^ / http://www.kgc.com/error.png; for the suffix # # if not, send an error image}} [root@localhost named] # cp / mnt/error.png / usr/local/nginx/html/ # # put the hotlink protection image in the site [root@localhost named] # service nginx stop # # disable and enable the Nginx service [root@localhost named] # service nginx start 6, and use the test machine to visit the hotlink website.

Parameter optimization of FPM module implementation of PHP parsing function of Nginx if it is handled by FPM, in order to improve the speed of PHP, the parameters of FPM module can be adjusted, and the mode of starting fpm process should be adjusted according to the memory and load of the server.

Static: a fixed number of fpm processes will be generated

Dynamic: the fpm process will be generated dynamically

Specify parameters in the way FPM optimizes the parameter static through the pm parameter

Pm.max_children: a parameter that specifies the number of processes started in Dynamic mode

Pm.max_children: specifies the maximum number of processes started

Pm.start_servers: the number of initial fpm processes in dynamic mode

Pm.min_spare_servers: the minimum number of fpm empty closed processes in dynamic mode

Pm.max_spare_servers: the largest number of fpm idle processes in dynamic mode FPM optimization parameter adjustment optimization reason: the server is a CVM, running a personal forum, the memory of 1.5G FPM processes is 20, memory consumption is nearly 1G, processing slow optimization parameter adjustment: when FPM starts, there are 5 processes, minimum idle 2 processes, maximum idle 8 processes, up to 20 processes exist thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.