Shulou(Shulou.com)06/03 Report--

14.1 introduction to nginx

Nginx (pronounced engine x) is a lightweight Web server / reverse proxy server and e-mail (IMAP/POP3) proxy server and is distributed under a BSD-like protocol.

Nginx was developed by Igor Sysoev, a Russian programmer, and was originally used by Russia's large portal and search engine Rambler.

The first public version 0.1.0 was released on October 4, 2004. It distributes the source code as a BSD-like license and is known for its stability, rich feature set, sample configuration files, and low consumption of system resources. Nginx 1.0.4 was released on June 1, 2011.

Nginx is characterized by low memory and strong concurrency ability. In fact, the concurrency ability of nginx does perform well in the same type of web server. Chinese mainland uses nginx website users: Baidu, JD.com, Sina, NetEase, Tencent, Taobao and so on.

Features and advantages of 14.2 nginx

14.2.1 Features of nginx

Nginx is a powerful high-performance Web and reverse proxy server with many excellent features:

In the case of high connection concurrency, Nginx is a good substitute for Apache servers, supporting responses of up to 50000 concurrent connections

Using epoll and kqueue as the development model

Nginx serves as a load balancing server: Nginx can not only directly support external services with PHP programs, but also support external services as HTTP proxy servers.

Nginx is written in C, which is much better than Perlbal in terms of system resource overhead and CPU usage efficiency.

14.2.2 benefits of nginx

Advantages of Nginx:

High concurrent connections: official tests can support 50,000 concurrent connections, reaching 20,000 to 30,000 concurrent connections in the actual production environment.

Low memory consumption: with 30, 000 concurrent connections, 10 Nginx processes open consume only 150 megabytes of memory (15M*10=150M)

The configuration file is very simple: the style is as easy to understand as the program

Low cost: Nginx is open source software and can be used for free. On the other hand, the purchase of hardware load balancing switches such as F5 BIG-IP and NetScaler costs more than 100,000 to hundreds of thousands of yuan.

Support Rewrite rewriting rules: can divide HTTP requests into different backend server groups according to different domain names and URL

Built-in health check function: if a Web server on the Nginx Proxy backend goes down, the front-end access will not be affected.

Bandwidth savings: GZIP compression is supported, and header headers can be added to the browser's local cache

High stability: for reverse agents, the probability of downtime is minimal

Modular design: modules can be compiled dynamically

Good peripheral support: complete documentation, secondary development and more modules

Support for hot deployment: configuration files can be reloaded without downtime

Support for event-driven, AIO (AsyncIO, asynchronous IO), mmap (Memory Map, memory mapping) and other performance optimization

14.3 functions and application categories of nginx

14.3.1 basic functions of nginx

Basic functions of Nginx:

Web server for static resources that caches open file descriptors

Reverse proxy server for http, smtp, pop3 protocols

Cache acceleration, load balancing

Support FastCGI (fpm,LNMP), uWSGI (Python), etc.

Modularization (non-DSO mechanism), filter zip, SSI and image resizing

Support for SSL

14.3.2 extended capabilities of nginx

Nginx extension capabilities:

Virtual host based on name and IP

Support for keepalive

Support for smooth upgrad

Customize access logs and support the use of log buffers to improve log storage performance

Support for URL rewriting

Support path aliases

Support access control based on IP and users

Support rate limit, support concurrency limit

14.3.3 Application categories of nginx

The main application categories of Nginx:

Use Nginx combined with FastCGI to run PHP, JSP, Perl and other programs

Use Nginx for reverse proxy, load balancing and rule filtering

Use Nginx to run static HTML web pages and pictures

Combined Application of Nginx and other New Technologies

Module and working principle of 14.4 nginx

Nginx consists of kernels and modules. Among them, the design of the kernel is very small and simple, and the work done is very simple, just by looking up the configuration file to map the client request to a location block (location is an instruction in the Nginx configuration for URL matching), and each instruction configured in this location will start a different module to complete the corresponding work.

14.4.1 Module Classification of nginx

The module of Nginx is divided into core module, basic module and third-party module.

HTTP module, EVENT module and MAIL module belong to the core module.

HTTP Access module, HTTP FastCGI module, HTTP Proxy module and HTTP Rewrite module belong to basic modules.

HTTP Upstream module, Request Hash module, Notice module and HTTP Access Key module belong to the third party module.

The modules developed by users according to their own needs belong to third-party modules. It is with the support of so many modules that the function of Nginx is so powerful

Nginx modules are functionally divided into three categories, namely:

Handlers (processor module). This kind of module processes the request directly, outputs the content and modifies the headers information and so on. Generally speaking, there can be only one handlers processor module

Filters (filter module). This kind of module mainly modifies the output of other processor modules, and finally it is output by Nginx.

Proxies (Agent Module). These modules, such as Nginx's HTTP Upstream, mainly interact with back-end services such as fastcgi, and implement functions such as service proxy and load balancing.

Nginx module is divided into: core module, event module, standard Http module, optional Http module, mail module, third-party module and patch, etc.

Nginx basic module: the so-called basic module refers to the default functional module of Nginx, which provides instructions that allow you to use variables that define the basic functions of Nginx, which cannot be disabled at compile time, including:

Core modules: basic functions and instructions, such as process management and security. Most of the common core module instructions are placed at the top of the configuration file

Event module: the ability to configure network usage within Nginx. Most of the common events module instructions are placed at the top of the configuration file

Configuration module: provides an inclusion mechanism

For specific instructions, please refer to the official documentation of nginx. For more information, please see http://nginx.org/en/docs/ngx_core_module.html.

14.4.2 how nginx works

The module of Nginx is compiled directly into Nginx, so it belongs to static compilation mode.

After starting Nginx, the module of Nginx is loaded automatically, unlike in Apache, the module is first compiled into a so file, and then specified in the configuration file whether to load or not.

When parsing the configuration file, it is possible for each module of Nginx to process a request, but the same processing request can only be done by one module.

The basic architecture of Nginx:

A master process that generates one or more worker processes

Event driven: epoll (Edge trigger), kqueue,/dev/poll

Multiplexer: select,poll,rt signal

Support for sendfile,sendfile64

Support for AIO

Support for mmap

The process structure of Nginx:

When Nginx is started, a Master process is started, which does not process any client requests, but is mainly used to generate worker threads, and one worker thread is used to process n request

The following figure shows the next regular HTTP request and response of the Nginx module:

The following figure shows HTTP socket-based communication:

The following figure shows the basic WEB service request steps:

14.5 installation and configuration of nginx

14.5.1 installation of nginx

Useradd nginx- M-s / sbin/nologinyum-y install pcre-devel openssl openssl-devel gd-develyum-y groupinstall "Development Tools" mkdir-pv / data/logs/nginxcd / usr/srcwget http://nginx.org/download/nginx-1.12.0.tar.gz tar xf nginx-1.12.0.tar.gzcd nginx-1.12.0./configure\-- prefix=/usr/local/nginx\-- user=nginx\-- group=nginx\-- with-debug\-- with-http_ssl_ Module\-with-http_realip_module\-with-http_p_w_picpath_filter_module\-with-http_gunzip_module\-with-http_gzip_static_module\-with-http_stub_status_module\-http-log-path=/data/logs/nginx/access.log\-error-log-path=/data/logs/nginx/error.logmake & & make install

14.5.2 configuration file for nginx

Configuration file: / usr/local/nginx/conf/nginx.conf

When starting Nginx by default, the configuration file used is: installation path / conf/nginx.conf file

You can specify the configuration file to read with the-c option when you start nginx

The common configuration files for nginx are as follows:

Basic configuration files for nginx.conf applications

Extension files associated with the mime.typesMIME type

Fastcgi.conf configuration related to fastcgi

Proxy.conf configuration related to proxy

Sites.conf configures websites provided by Nginx, including virtual hosts

Nginx.conf configuration details:

The content of nginx.conf is divided into the following paragraphs:

Main configuration segment: global configuration segment. Main configuration segment may contain event configuration segment

Event {}: define the working characteristics of the event model

Http {}: define configurations related to the http protocol

Configuration directive: to end with a semicolon, the syntax format is as follows:

Derective value1 [value2...]

Support the use of variables:

Built-in variables: the module provides built-in variable definitions

Custom variables:

Set var_name value

14.5.3 detailed explanation of common configuration of nginx.conf

There are several types of instructions for the nginx.conf configuration segment:

Used to debug and locate problems:

Daemon {on | off}; # whether to run nginx as a daemon should be set to offmaster_process {on | off} when debugging; # whether to run nginx as a master/worker model can be set to the offerror_log location level when debugging; # configure error log

There are the following locations:

File

Stderr

Syslog:server=address [, parameter=value]

Memory:size

Optional values for the level are:

Debug: to use the debug level, you need to use the-- with-debug option when compiling nginx

Info

Notice

Warn

Error

Crit

Alert

Emerg

Configuration necessary for normal operation:

User USERNAME [GROUPNAME]; # specify users and groups running worker processes pid / path/to/pid_file; # specify the pid files of the nginx daemon worker_rlimit_nofile number; # set the maximum number of files that can be opened by all worker processes. The default is 1024worker_rlimit_core size; # indicating the overall maximum core file size that can be used by all worker processes.

Configuration that optimizes performance:

Worker_processes n; # starts n worker processes, where n is usually set to-1 or equal to the total number of cpu cores worker_cpu_affinity cpumask in order to avoid context switching. # bind the process to a cpu to avoid frequently flushing the cache # cpumask: use 8-bit binary to represent the cpu core, such as # 0000 0001: the first cpu core # 0000 0010: the second cpu core # 0000 0100: the third cpu core # 0000 1000: the fourth cpu core timer_resolution interval; # timer resolution. Lowering this value reduces the number of gettimeofday () system calls worker_priority number; # indicates the nice value of the worker process

Event-related configuration: configuration in the event {} section

Accept_mutex {off | on}; # load balancer locks used when master dispatches user requests to each worker process; on indicates that multiple worker can take turns and serialize to respond to new requests lock_file file; # accept_mutex. The file path use [epoll | rtsig | select | poll]; # indicates the event model to be used, and it is recommended that Nginx choose worker_connections #; # the maximum number of connections that each process can accept

Configuration related to network connection:

Keepalive_timeout number; # timeout of persistent connections. Default is the maximum number of resources 75skeepalive_requests number; # can request on a persistent connection keepalive_disable [msie6 | safari | none]; # disable tcp_nodelay on for specified types of UserAgeng | whether off; # uses the TCP_NODELAY option for persistent connections. To improve user experience, it is usually set to onclient_header_timeout number. # timeout for reading the header of http request message client _ body_timeout number; # timeout for reading body part of http request message send _ timeout number; # timeout for sending response message

Related configuration of fastcgi:

LNMP:php wants to enable fpm model

Example configuration:

Location ~\ .php$ {root html; fastcgi_pass 127.0.0.1 root html; fastcgi_pass 9000; define reverse proxy fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME / scripts$fastcgi_script_name; include fastcgi_params;}

Parameters that often need to be adjusted:

Worker_processesworker_connectionsworker_cpu_affinityworker_priority

Configuration used when nginx is used as a web server:

Http {...}: configuration http related, introduced by the ngx_http_core_module module. The HTTP configuration of Nginx mainly consists of four blocks, with the following structure:

Http {/ / protocol level include mime.types; default_type application/octet-stream; keepalive_timeout 65; gzipon; upstream {/ / load balancer configuration.} server {/ / server level, each server is similar to a listen80; server_name localhost; location / {/ / request level in httpd, similar to that in httpd, and is used to define the mapping relationship between URL and local file system root html Index index.html index.htm;}

Configuration directives:

Server {}: define a virtual host, as shown below:

Server {listen 80; server_name www.idfsoft.com; root "/ vhosts/web";}

Listen: specify the address and port for listening

Listen address [: port]; listen port

Server_name NAME [...]; can be followed by multiple hosts, and names can use regular expressions or wildcards

When there is more than one server, the matching order is as follows:

(1) do an accurate matching check first.

(2) left wildcard matching check, such as * .idfsoft.com

(3) right wildcard matching check, such as mail.*

(4) regular expression matching check, such as ~ ^. *\ .idfsoft\ .com $

(5) default_server

Root path; sets the resource path mapping, which is used to indicate the starting path on the file system where the resource corresponding to the requested URL resides.

Alias path; is used for location configuration segments to define path aliases

Index file; default main page

Index index.php index.html

Error_page code [...] [= code] URI | @ name indicates a specific error page based on the http response status code, such as error_page 404 / 404_customed.html

[= code]: respond with the specified response code instead of the default original response. The default means that the response code of the new resource is used as its response code, for example, error_page 404 = 200 / 404_customed.html

Log_format: define log format

Log_format main'$remote_addr-$remote_user [$time_local] "$request"'$status $body_bytes_sent "$http_referer"'"$http_user_agent"$http_x_forwarded_for"'; Note: the variables available here are built-in variables for nginx modules.

Location section, which matches the URI requested by the client by specifying the pattern

Function: allows the defined URI to be matched according to the location requested by the user. When the location is matched, the request will be handled by the configuration in the corresponding location configuration block, such as access control

Syntax:

Location [modifier] pattern {.}

Modifier:

=: exact match

~: regular expression pattern matching, case sensitive

~ *: regular expression pattern matching, case-insensitive

^ ~: prefix matching, similar to the behavior without modifiers, also starts with the specified module, except that if the pattern matches, then the search for other patterns is stopped and regular expressions are not supported.

@: define named location sections that cannot be accessed by clients and can only be accessed by internally generated requests, such as try_files or error_page

There is no modifier to indicate that you must start in the specified mode, such as:

Server {server_name www.idfsoft.com; location / abc {. }}

Then the following will match correctly:

Http://www.idfsoft.com/abc

Http://www.idfsoft.com/abc?p1=11&p2=22

Http://www.idfsoft.com/abc/

=: indicates that it must exactly match the specified pattern, such as:

Server {server_name www.idfsoft.com; location = / abc {. }}

Then the following will match correctly:

Http://www.idfsoft.com/abc

Http://www.idfsoft.com/abc?p1=11&p2=22

The following cannot be matched:

Http://www.idfsoft.com/abc/

Http://www.idfsoft.com/abc/abcde

~: indicates that the specified regular expression is case-sensitive, such as:

Server {server_name www.idfsoft.com; location ~ ^ / abc$ {. }}

Then the following will match correctly:

Http://www.idfsoft.com/abc

Http://www.idfsoft.com/abc?p1=11&p2=22

The following cannot be matched:

Http://www.idfsoft.com/abc/

Http://www.idfsoft.com/ABC

Http://www.idfsoft.com/abcde

~ *: indicates that the specified regular expression is case-insensitive, such as:

Server {server_name www.idfsoft.com; location ~ * ^ / abc$ {. }}

Then the following will match correctly:

Http://www.idfsoft.com/abc

Http://www.idfsoft.com/abc?p1=11&p2=22

Http://www.idfsoft.com/ABC

The following cannot be matched:

Http://www.idfsoft.com/abc/

Http://www.idfsoft.com/abcde

^ ~: similar to the behavior without modifiers, it also starts with the specified pattern, except that if the pattern matches, stop searching for other patterns

Search order and priority: from high to low

Exact matching with "=" takes precedence

Regular expressions are in the order they are defined in the configuration file

With the "^ ~" modifier, the beginning matches

With a "~" or "~ *" modifier, if the regular expression matches URI

An exact match without modifiers

The priority order is as follows:

(location = path) > (location ^ ~ path) > (location ~ regular) > (location ~ * regular) > (location path)

Access Control:

Allow: sets which hosts or hosts are allowed to access, and multiple parameters are separated by spaces

Deny: set which hosts or hosts are not allowed to access, and separate multiple parameters with spaces

Example:

Allow 192.168.1.1Uniplex 32 172.16.0.0 Banco 16x deny all

Based on user authentication:

Auth_basic "Welcome message"; auth_basic_user_file "/ path/to/user_auth_file"

The format of user_auth_file content is:

Username:password

The password here is an encrypted password string. It is recommended to use htpasswd to create this file:

Htpasswd-c-m / path/to/.user_auth_file USERNAME

Https Service:

Generate the private key, generate the certificate signing request and obtain the certificate, and then configure the following in nginx.conf:

Server {listen 443 ssl; server_name www.idfsoft.com; ssl_certificate / etc/nginx/ssl/nginx.crt; ssl_certificate_key / etc/nginx/ssl/nginx.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH / ssl_prefer_server_ciphers on; location / {root html; index index.html index.htm;}}

Status page:

Enable status:

Location / status {stub_status {on | off}; allow 172.16.0.0On16; deny all;}

How to access the status page:

Http://server_ip/status

Detailed information on the status page:

An example of a status page is as follows:

Active connections 2: the number of all connections currently open

Accepts: total number of connections handled

Handled: how many handshakes are created successfully

Requests: total number of requests processed

The number of Header messages read by Reading:Nginx to the client, indicating the number of connections in the receiving request state

The number of Header messages returned by Writing:Nginx to the client, indicating the number of connections that the request has been received and is in the process of processing the request or sending a response

Waiting: when keep-alive is enabled, this value equals active-(reading + writing), which means that Nginx has finished processing the resident connection waiting for the next request instruction.

ReWrite:

Syntax:

Rewrite regex replacement flag

Such as:

Rewrite ^ / p_w_picpaths/ (. *\ .jpg) $/ imgs/$1 break

$1 is used to reference the content matched by (. *\ .jpg)

Another example is:

Rewrite ^ / bbs/ (. *) $http://www.idfsoft.com/index.html redirect

As shown in the example above, replacement can be either a path or a URL

Common flag:

Last: basically use this flag to indicate the end of the current match, and proceed to the next match, with a maximum of 10 to 20 matches.

Once this rewrite rule is rewritten, it will no longer be processed by other rewrite rules

Instead, UserAgent re-initiates the request to the rewritten URL and performs a similar process from scratch

Break: aborts Rewrite and no longer matches

Once this rewrite rule rewrite is completed, the UserAgent re-initiates the request to the new URL and will no longer be checked by any rewrite rules in the current location

Redirect: returns the new URL in the temporarily redirected HTTP status 302

Permanent: returns the new URL in permanent redirected HTTP status 301

Rewrite module: used to perform URL redirection. This mechanism is conducive to the removal of malicious visits to url, but also conducive to search engine optimization (SEO).

The syntax used by Nginx is derived from the Perl-compatible regular expression (PCRE) library, and the basic syntax is as follows:

^: must start with the entity after ^

$: must end with an entity before $

.: match any character

[]: matches any character in the specified character set

[^]: matches any string that is not included in the specified character set

| |: match | previous or later entity |

(): grouping, forming a group of entities for matching, usually with | to assist

Capture subexpressions, which can capture any text placed between (), such as:

^ (hello | sir) the $string is the result captured by "hi sir": $1=hi$2=sir

The captured data can be used as variables later.

If:

Syntax:

If (condition) {...}

Application environment:

Server

Location

Common condition:

A) variable name (if the value of the variable is an empty string or starts with "0", it is false, and all other variables are true)

B) comparison expressions with variables as operands (can be tested using a similar comparison operator)

C) pattern matching operation of regular expressions

~: case-sensitive pattern matching check

~ *: case-insensitive pattern matching check

! ~ and! ~ *: reverse the above two tests

D) Test the possibility of specifying a path as a file (- fjinghewf)

E) Test the possibility of specifying a path as a directory (- djinghewd)

F) the existence of the test file (- ejinomarelle)

G) check whether the file has the right to execute (- x _ camera _ copyright _ x)

Browser-based separation case:

If ($http_user_agent ~ Firefox) {rewrite ^ (.*) $/ firefox/$1 break;} if ($http_user_agent ~ MSIE) {rewrite ^ (.*) $/ msie/$1 break;} if ($http_user_agent ~ Chrome) {rewrite ^ (.*) $/ chrome/$1 break;}

Hotlink protection:

Location ~ *\. (jpg | gif | jpeg | png) ${valid_referer none clocked www.idfsoft.com; if ($invalid_referer) {rewrite ^ / http://www.idfsoft.com/403.html;}}

14.5.4 nginx reverse proxy

Nginx is usually used as the reverse proxy of the back-end server, so it is convenient to achieve static and dynamic separation and load balancing, thus greatly improving the processing capacity of the server.

Nginx implements static and dynamic separation, in fact, when reverse proxying, if it is a static resource, it is read directly from the path published by Nginx, rather than from the backend server.

However, it should be noted that in this case, you need to ensure that the back-end programs are consistent with the front-end programs. You can use Rsync for server-side automatic synchronization or NFS or MFS distributed shared storage.

Http Proxy module, many functions, the most commonly used are proxy_pass and proxy_cache

If you want to use proxy_cache, you need to integrate a third-party ngx_cache_purge module to clear the specified URL cache. This integration needs to be done when installing nginx, such as:

. / configure-- add-module=../ngx_cache_purge-1.0.

14.5.5 nginx load balancing

Nginx uses upstream module to achieve simple load balancing. Upstream needs to be defined in the http segment.

In the upstream section, define a list of servers. The default method is polling. If you want to make sure that requests made by the same visitor are always processed by the same backend server, you can set ip_hash, such as:

Upstream idfsoft.com {ip_hash; server 127.0.0.1 weight=5; server 9080 weight=5; server 127.0.1 weight=5; server 127.0.1 weight=5; server 1111;}

Note: this method is polling in nature, and because the ip of the client may be constantly changing, such as dynamic ip, proxy, × ×, etc., ip_hash does not fully guarantee that the same client will always be handled by the same server.

After defining the upstream, you need to add the following content to the server segment:

Server {location / {proxy_pass http://idfsoft.com;}}

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.