Shulou(Shulou.com)06/02 Report--

1) Overview of Nginx services

Developed by lgor Sysoev in Russia and developed specifically for performance optimization, Nginx is best known for its stability and low system resource consumption, as well as its high standing capability for HTTP concurrent connections (a single physical server can support 30,000 to 50,000 concurrent requests). Because of this, a large number of enterprises that provide social networks, news and information, e-commerce and virtual hosting services have chosen Nginx to provide Web services.

If the Web service is built to parse static web pages, dynamic web pages, etc., and does not require too many functions, then Nginx is definitely the first choice.

2) install Nginx

This case uses yum to install, but does not use epel source, because this nginx version is updated so fast that epel can not catch up with the update speed of Nginx, so we use the official yum yum source for configuration!

[root@nginx ~] # yum install-y gcc gcc- C++ autoconf pcre pcre-devel make automake wget httpd-tools vim tree# is a minimally installed system, so install some necessary software [root@nginx ~] # vim / etc/yum.repos.d/nginx.repo# configure nginx's yum source Nginx official also has corresponding configuration information [nginx] name=nginx_repo baseurl= http://nginx.org/packages/centos/7/$basearch/gpgcheck=0enabled=1# this yum source installs by default the latest stable version of nginx [root@nginx ~] # yum-y install nginx # installation nginx [root @ nginx ~] # nginx-v # View nginx version nginx version: nginx/1.16.13) Nginx installation directory

In order to understand the full picture of Nginx software more clearly, it is necessary to introduce the overall recording structure and hardware functions of Nginx after installation.

[root@nginx ~] # rpm-ql nginx# view directories related to nginx

The following figure explains the installation directory of nginx in detail!

4) the compilation parameters of Nginx [root@nginx ~] # nginx-V# View the compilation parameters of nginx

The following figure shows the options and functions of Nginx compilation parameters!

5) Nginx common modules

Nginx module is divided into Nginx official module and Nginx third module! As shown in the chart:

The function of Nginx compilation option module is that ngx_http_core_module contains http parameter configuration of "some cores", corresponding to the configuration block of Nginx, part of ngx_http_access_module access control module, "to control" station users' access to Nginx, ngx_http_gzip_module compression module, compression of data returned by Nginx, belongs to performance optimization module ngx_http_fastcgi_modulefastci module, and dynamic response related modules. For example, the PHPngx_http_proxy_moduleproxy proxy module ngx_http_upstream_module load balancing module can implement the load balancing function and node health check ngx_http_rewrite_moduleURL address rewriting module ngx_http_limit_conn_module limit the number of concurrent connections and requests module ngx_http_limit_req_module limit Nginx request processing rate access to the log module according to the defined keyngx_http_log_module Record the Nginx customer access log and other information in the specified format ngx_http_auth_basic_moduleWeb authentication module, set the Web account to access the Nginxnginx_http_ssl_modulessl module through the account password, and use the encrypted http connection, such as https6) Nginx built-in variable $uri: the URI of the current request, without parameters $request_uri: the URI of the request with full parameters; the host header in the $host:http request message, if not, the name of the virtual host handling the request; $hostname:nginx service running on the host name of the host; $remote_addr: client IP;$remote_port: client port; $remote_user: the user name entered by the client user when using user authentication $request_filename: the local file path mapped by the URI in the user's request after local root or alias conversion; $request_method: request method: GET, POST, PUT$server_addr: server address; $server_name: server name; $server_port: server port; $server_protocol: protocol when the server sends a response to the client, such as http/1.1 http/1.0;$scheme: use scheme in the request to intercept http in http://xxxx.com $http_HEADER: match the HEADER;$http_host specified in the request message: match the host header in the request message; $document_root: the root configuration to which the current request is mapped; $http_user_agent: get the client's access device from the header information of the http request; $status: the status code returned in the response message; $body_bytes_sent: respond to the client body information size from the server; $http_referer:http upper-level page, hotlink protection, user behavior Http information carried by $http_x_forwarded_for:http request; time of $time_local:nginx; 7) configuration file of Nginx

The Nginx master configuration piece / etc/nginx/nginx.conf is a pure piece of this type, and the entire configuration piece is organized in the form of blocks. As usual, each block begins and ends with "pair" parentheses {}.

/ / nginx default configuration syntax user / / set the system of nginx service to make the user worker_processes / / process, the configuration and the number of CPU keep the log of "causing error_log / / error" Followed by the path pid// Nginx service startup pid//events event module events {/ / event module worker_connections / / each worker process Maximum number of connections held by use / / Kernel Model Select,poll,epoll} / / the configuration or public configuration of the virtual host is defined within the http {} segment, and the http {. / / outside the server {} segment must make the virtual machine configuration site, and each virtual machine must have the server {} segment 'server' {listen 80' / / listener terminal. Default is 80 server_name localhost. / / the domain name or hostname of the service provided / / controls the access path of the website 'location' / {root / usr/share/nginx/html / / index index.html index.htm the path to the storage station / / specify the error code by default, define the error code, and redirect the error code to the new Locaiton error_page 500502503504 / 50x.html 'location' = / 50x.html {root html }}. / / the first virtual host configuration 'server' {.}} 8) Nginx log configuration / / configuration syntax: including: error.log access.logSyntax: log_format Name [escape=default | json] string... Default: log_format combined "..."; Context: http//Nginx default configuration log_format main'$remote_addr-$remote_user [$time_local] "$request"'$status $body_bytes_sent "$http_referer"'"$http_user_agent"$http_x_forwarded_for"' / / Nginx log variable $remote_addr / / indicates the client address $remote_user / / http client request nginx authentication "time of user name $time_local / / Nginx $request / / Request request" GET and other methods, http protocol version $status / / respoence return status code $body_bytes_sent / / response from the server to the client body information "$http_referer / / http", hotlink protection, "user" to analyze $http_user_agent / / http header information Http information carried by client access device $http_x_forwarded_for / / http request 9) Nginx status monitoring

-- with-http_stub_status_module records the basic access status information of Nginx clients!

The specific configuration is as follows:

Location / mystatus {stub_status on; access_log off;} / / Nginx_status Overview Active connections:2 / / Nginx current active connections server accepts handled requests16 16 19server represents the total number of times Nginx processes receive grips. Accepts represents the total number of connections received by the Nginx process. Number of requests lost = (number of grips-number of connections) you can see that this status shows that there are no lost requests. Handled requests, indicating that a total of 19 requests were processed. Reading Nginx read data Writing Nginx write Waiting Nginx open keep-alive connection, neither read nor write, build the connection 10) Nginx download site

Nginx does not allow browsing and downloading of the entire directory by default!

Syntax: autoindex on | off;Default: autoindex off;Context: http, server, location//autoindex constant parameter autoindex_exact_size off; defaults to on, which shows the exact size of the item (in bytes). Change it to off to show the outline of the item, in kB or MB or GB. Autoindex_localtime on; defaults to off, and the display time is GMT time. Change to on, and the display time is the server time of the piece. The garbled code is recorded in charset utf-8,gbk; by default and added to solve the garbled code.

Configure the directory browsing feature

/ / Open the directory and browse location / down {root / usr/share/nginx/html; autoindex on; autoindex_localtime on; autoindex_exact_size off } 11) Nginx access restrictions connection frequency restrictions: limit_conn_module request frequency restrictions: limit_req_module

Connection and request of http Protocol

HTTP is built on TCP. To complete a HTTP request, you need to first establish a "TCP three-way grip" (called TCP connection), and make a HTTP request on the basis of the connection.

Connection and request of HTTP Protocol

HTTP protocol version connection relationship HTTP1.0TCP cannot reuse HTTP1.1 sequential TCP multiplexing HTTP2.0 multiplexing TCP multiplexing HTTP requests are based on one TCP connection; one TCP request generates at least one HTTP request 1) Nginx connection restrictions / / Nginx connection restrictions syntax Syntax: limit_conn_zone key zone=name:size;Default:-Context: httpSyntax: limit_conn zone number;Default:-Context: http, server, location// are configured as follows: http {/ / http segment configures connection restrictions, allowing only two client IP connections to limit_conn_zone $binary_remote_addr zone=conn_zone:10m; at the same time. Server {... Location / {/ / only one client IP is allowed to connect to limit_conn conn_zone 1 at the same time } / / Press test yum install-y httpd-toolsab-n 50-c 20 http://127.0.0.1/index.html2) Nginx request limit / / Nginx request limit syntax Syntax: limit_req_zone key zone=name:size rate=rate;Default:-Context: httpSyntax: limit_conn zone number [burst=number] [nodelay] Default:-Context: http, server, location// are configured as follows: http {/ / http segment configuration request limit, rate limit rate, limit up to "second" IP request limit_req_zone $binary_remote_addr zone=req_zone:10m rate=1r/s;... Server {... Location / {/ / 1r/s only receives several requests, and the rest of the requests refuse to be processed and return the error code to the client limit_req zone=req_zone / / if the request exceeds 1r/s, the rest will be delayed. The number of requests exceeds the number defined by burst. The excess requests will return 503 # limit_req zone=req_zone burst=3 nodelay. } / / Press test yum install-y httpd-toolsab-n 50-c 20 http://127.0.0.1/index.html

Is the connection request valid without the request limit?

1) multiple requests can be built on top of multiple TCP connections, so our limit on the precision of requests, of course, on individual connections will be more effective.

2) because only one connection request is allowed at the same time

3) but at the same time, multiple requests can be accessed through a single connection.

4) so the request limit is the "better solution".

12) Nginx access control based on IP: http_access_module based on login authentication: http_auth_basic_module1) access control based on IP / / allow configuration syntax Syntax: allow address | CIDR | unix: | all;Default:-Context: http, server, location, limit_except// reject configuration syntax Syntax: deny address | CIDR | unix: | all Default:-Context: http, server, location, limit_except// configuration rejects one IP, and all others allow location ~ ^ / 1.html {root / usr/share/nginx/html; index index.html; deny 192.168.10.1 # Note that the check order is from top to bottom allow all;} / / only one segment is allowed to access, and all others are denied location / {root html; index index.php index.html index.htm; allow 192.168.10. Deny all;}

Limitations of http_access_module:

The following figure shows how to make http_x_forwarded_for record the real client IP address and the proxy server IP

Solution:

1) use HTTP header information to control access, proxy and web services to enable http_x_forwarded_for

2) combine geo module

3) pass it as a variable through HTTP actions

2) based on user login authentication / / configuration syntax Syntax: auth_basic string | off;Default: auth_basic off;Context: http, server, location, limit_except// account password record configuration Syntax: auth_basic_user_file file Default:-Context: http,server, location, limit_except// need to install dependent components [root@nginx ~] # yum install httpd-tools [root@nginx ~] # htpasswd-c / etc/nginx/auth_conf zhangsan # newly created user [root@nginx ~] # htpasswd-b / etc/nginx/auth_conf lisi 123456 # add the-b option and specify the password / / available in http,server Add the following information under location auth_basic "Please enter your user name and password!" Auth_basic_user_file / etc/nginx/auth_conf

User authentication limitations:

1) user information depends on file mode

2) there are too many files managed by users and cannot be linked together

3) operate and manage machinery with low efficiency

Solution:

1) Nginx combined with LUA to achieve efficient authentication

2) Nginx combined with nginx-auth-ldap module

13) Nginx virtual host

The so-called virtual host, in the web server "is a unique" site, this site corresponds to the unique domain name (may also be IP or terminal), has a unique directory of programs and resources, and can independently provide services for customers to access.

1) configure the domain name-based virtual host 1. Create a web site directory [root@nginx conf] # mkdir / soft/code/ {www,bbs} [root@nginx conf] # echo "www" > / soft/code/www/index.html [root@nginx conf] # echo "bbs" > / soft/code/bbs/index.html2. Configure the virtual host [root@nginx conf] # cat conf.d/ {www,bbs} .confserver {listen 80; server_name www.nginx.com; root / soft/code/www;.} server {. Listen 80; server_name bbs.nginx.com; root / soft/code/bbs;} 2) configure different terminals to access different virtual hosts / / just modify the listen listener port, but do not conflict with the server {... Listen 8001;.} server {. Listen 8002;...} 3) configure virtual host alias

The so-called virtual host alias means that the virtual host sets up "domain names" other than the main domain name, so as to realize the function that multiple domain names accessed by users correspond to "virtual host" stations.

Take the virtual host of the www.nginx.com domain as an example: when adding "individual name nginx.com" to it, the content of the website appears and the access to the www.nginxi.com is the same. The specific configuration is as follows:

/ / default configuration [root@nginx ~] # vim / etc/nginx/nginx.confserver {listen 80; server_name www.nginx.com;} / / alias configuration [root@LNMP ~] # vim / etc/nginx/nginx.confserver {listen 80; server_name www.nginx.com nginx.com .} / / make the curl test results [root@LNMP conf] # curl nginx.comwww.nginx.com [root@LNMP conf] # curl www.nginx.comwww.nginx.com// access with and without www under Linux look the same, except alias implementation can also be implemented through rewrite

-this is the end of this article. Thank you for reading-

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.