Shulou(Shulou.com)06/02 Report--

WEB Server-Virtual Host, Log, Authentication and Optimization of Nginx

Overview

Nginx ("engine x") is a high-performance HTTP and reverse proxy server, as well as an IMAP/POP3/SMTP server. Nginx was developed by Igor Sysoev for the second most visited Rambler.ru site in Russia, and the first public version 0.1.0 was released on October 4, 2004. It distributes the source code as a BSD-like license and is known for its stability, rich feature set, sample configuration files, and low consumption of system resources. Nginx 1.0.4 was released on June 1, 2011.

Nginx is a lightweight Web server / reverse proxy server and email (IMAP/POP3) proxy server, and is distributed under a BSD-like protocol. Developed by Igor Sysoev, a Russian programmer, for use by Russia's large portal and search engine Rambler. It is characterized by less memory and strong concurrency ability. in fact, the concurrency ability of nginx does perform well in the same type of web server. Chinese mainland uses nginx website users: Baidu, JD.com, Sina, NetEase, Tencent, Taobao and so on.

Important characteristics and applications of Nginx

1) important features of Nginx

(1) highly concurrent access and caching can be told for static resources

(2) reverse proxy acceleration can be used and data caching can be performed.

(3) it has simple load balancing, node lecture check and fault tolerance function.

(4) support cache acceleration for original fastcgi services

(5) support multiple virtual host sites based on domain name, port and IP.

2) Application of main enterprise functions of Nginx

(1) as web service software

Nginx is a web software that supports high performance and high concurrency. As a web server, Nginx can support more concurrent connection access, and occupies less resources and is more efficient.

(2) as a reverse proxy or load balancer

In the aspect of reverse proxy or load balancing service, Nginx can be used as web service, dynamic service of php and java and proxy service of memcache cache.

(3) Front-end business data caching service

Nginx can implement professional cache software functions such as squid through its own proxy_cache module.

Nginx's WEB service

1) the main application scenarios of Nginx as a web server include:

(1) use N information to run HTML, JS, CSS and other static data

(2) running dynamic programs such as PHP with Nginx and fastcgi (using fastcgi_pass mode)

(3) Nginx supports java dynamic programs in combination with Tomcat and Resin (using proxy_pass mode)

2) the overall performance of Nginx is better than that of Apache.

Nginx uses the latest epoll and kqueue asynchronous network IO models, while Apache uses the traditional select model. At present, the high concurrent access squid and memcache software under Linux are all based on epoll model. When Dai Liang connects to read and write, Apache uses a relatively low select network IO model.

3) Technical comparison between Apache select and Nginx epoll

Index

Select

Epoll

Performance

With the increase of the number of connections, the number of myocardial infarction decreased.

With the increase in the number of connections, performance basically does not change.

Number of connections

The number of connections is limited, and the maximum number of connections handled is not more than 1024

Unlimited number of connections

Internal processing mechanism

Linear polling

Callback callback

Development complexity

Low

High

In-depth Analysis of Nginx Technology

The reason why Nginx software is powerful is that it has many power modules.

1. There are four main roles in Nginx module:

(1) core (core module): build nginx basic services and manage other modules.

(2) handlers (processing module): used to process HTTP requests and then generate output.

(3) filters (filter module): filter the output generated by handler.

(4) load-balancers (load balancer module): when there is more than one back-end alternative server, select one to forward HTTP requests.

When Nginx sends files or forwards requests to other servers, services are provided by handlers (processing module) or load-balancers (load balancing module)

When Nginx is required to compress the output or add something to the server, filters (filter module) provides the service.

2. Several common modules of Nginx

1) Nginx core module, the core function module of Nginx

The Nginx trusted function module loads the global application, mainly for the main block and events block area of the main configuration file, where there are many global parameters necessary for Nginx.

2) Standard set of http functional modules

Although these standard http functional modules are not necessary for Nginx software, they are very commonly used, so most of them are installed into Nginx software by default.

In the production process, the configuration, tuning and optimization of Nginx software is mainly realized by modifying the corresponding parameters according to the functions of these modules.

Nginx http function module

Module description

Ngx_http_core_moudle

Includes some core http parameter configurations, and the corresponding nginx is configured as http block

Ngx_http_access_moudle

Access control module, which is used to control the access of website users to Nginx

Ngx_http_gzip_moudle

The compression module, which compresses the data returned by Nginx, belongs to the myocardial infarction optimization module

Ngx_http_fastcgi_moudle

FastCGI modules, dynamically related modules, such as PHP/JAVA

Ngx_http_proxy_moudle

Proxy proxy module

Ngx_http_upstream_moudle

Load balancing module, which can realize the load balancing function of the website and the health check of the node.

Ngx_http_rewrite_moudle

URL address rewriting module

Ngx_http_limit_conn_moudle

Limit the number of concurrent connections and request module

Ngx_http_limit_req_moudle

Limit the Nginx request process rate according to the defined key

Ngx_http_log_moudle

Access log module to record information such as Nginx customer access log in a specified format

Ngx_http_auth_basic_moudle

Web authentication module, setting web users to access Nginx through account and password

Ngx_http_ssl_moudle

Ssk module for encrypted httpd connections, such as https

Ngx_http_stub_status_moudle

Recording Nginx basic access status information and other modules

I. Experimental objectives

1. Actual combat: Nginx's multiple virtual hosts based on domain name, port and IP

2. Actual combat: alias function of Nginx virtual host

3. Actual combat: Nginx optimization based on multiple virtual addresses and ports

4. Actual combat: the status information function of Nginx

5. Practice: access authentication of Nginx

6. Actual combat: Nginx access log and polling cutting

Second, the experimental environment

System environment

Hostnam

IP address

Software

Rhel6.5

Yu63

192.168.1.63

Nginx

Third, the experimental steps

1. Install nginx

[root@yu63~] # service httpd stop

[root@yu63~] # service iptables stop

[root@yu63~] # yum install pcre pcre-devel openssl openssl-devel

[root@yu63~] # mkdir / opt/yu & & cd / opt/yu/

[root@yu63 yu] # wget-Q http://nginx.org/download/nginx-1.13.0.tar.gz

[root@yu63 yu] # tar-zxvf nginx-1.13.0.tar.gz

[root@yu63 yu] # cd nginx-1.13.0

[root@yu63 nginx-1.13.0] # useradd nginx- s / sbin/nologin

[root@yu63 nginx-1.13.0] # / configure-- user=nginx-- group=nginx-- prefix=/usr/local/nginx-- with-http_stub_status_module-- with-http_ssl_module

[root@yu63nginx-1.13.0] # make-j 4

[root@yu63nginx-1.13.0] # make install

[root@yu63 nginx-1.13.0] # cd / usr/local/nginx/

[root@yu63 nginx] # / usr/local/nginx/sbin/nginx-c / usr/local/nginx/conf/nginx.conf

[root@yu63 nginx] # / usr/local/nginx/sbin/nginx-t

[root@yu63 nginx] # / usr/local/nginx/sbin/nginx

Practice of Nginx virtual host configuration

The concept of virtual host

The so-called virtual host, in the web service is an independent website site, this site corresponds to the duld domain name, IP, port. With independent programs and resource directories, it can independently provide services for users to access.

For Apache, virtual host tags are usually included in ~ ~, while Nginx software uses server {} tags to represent a virtual host. A web service can have multiple virtual host tags, that is, it can support multiple virtual host sites at the same time.

Type of virtual host

1) Virtual host based on domain name

2) Port-based virtual host

3) Virtual host based on IP address

Practice 1: multiple virtual hosts based on domain name and port

[root@yu63 nginx] # cd conf/

[root@yu63 conf] # egrep-v'# | ^ $'nginx.conf.default > nginx.conf

[root@yu63nginx] # rm-rf html/index.html

[root@yu63nginx] # mkdir-p html/mobanche

[root@yu63nginx] # mkdir-p html/mobanche1

[root@yu63nginx] # mkdir-p html/mobanche2

[root@yu63nginx] # echo 'mobanche' > html/index.html

[root@yu63nginx] # echo 'mobanche----1' > html/mobanche1/index.html

[root@yu63nginx] # echo 'mobanche----2' > html/mobanche2/index.html

[root@yu63nginx] # vim conf/nginx.conf

[root@yu63nginx] # cat conf/nginx.conf

Worker_processes 1

Events {

Worker_connections 1024

}

Http {

Include mime.types

Default_type application/octet-stream

Sendfile on

Keepalive_timeout 65

Server {

Listen 80

Server_name www.mobanche.com

Location / {

Root html/mobanche

Index index.html index.htm

}

}

Server {

Listen 81

Server_name bbs.mobanche1.com

Location / {

Root html/mobanche1

Index index.html index.htm

}

}

Server {

Listen 82

Server_name blog.mobanche2.com

Location / {

Root html/mobanche2

Index index.html index.htm

}

}

}

[root@yu63nginx] # / usr/local/nginx/sbin/nginx-t

[root@yu63nginx] # / usr/local/nginx/sbin/nginx-s reload

[root@yu63nginx] # cat / etc/hosts

192.168.1.63 www.mobanche.com bbs.mobanche1.com blog.mobanche2.com

The hosts file under Windos

Alias function of practical 2:Nginx virtual host

[root@yu63nginx] # vim conf/nginx.conf

[root@yu63nginx] # cat conf/nginx.conf

Worker_processes 1

Events {

Worker_connections 1024

}

Http {

Include mime.types

Default_type application/octet-stream

Sendfile on

Keepalive_timeout 65

Server {

Listen 80

Server_name www.mobanche.com mobanche.com

Location / {

Root html/mobanche

Index index.html index.htm

}

}

Server {

Listen 81

Server_name bbs.mobanche1.com mobanche1.com

Location / {

Root html/mobanche1

Index index.html index.htm

}

}

Server {

Listen 82

Server_name blog.mobanche2.com mobanche2.com

Location / {

Root html/mobanche2

Index index.html index.htm

}

}

}

Optimization of practical 3:Nginx based on multiple domain names, ip and ports

[root@yu63 conf] # mkdir extra

173 sed-n'11 nginx.conf 18p 'nginx.conf > extra/mobanche.conf

176 sed-n'19 26p 'nginx.conf > extra/mobanche1.conf

Sed-n'27. 34p 'nginx.conf > extra/mobanche2.conf.

[root@yu63nginx] # vim nginx.conf # Delete lines 11-34

Sed-I'10 I include extra/mobanche.conf;\ ninclude extra/mobanche1.conf;\ ninclude extra/mobanche2.conf;' nginx.conf

[root@yu63 nginx] # cat conf/extra/mobanche.conf

Server {

Listen 80

Server_name www.mobanche.com

Location / {

Root html/mobanche

Index index.html index.htm

}

}

[root@yu63nginx] # / usr/local/nginx/sbin/nginx-t

[root@yu63nginx] # / usr/local/nginx/sbin/nginx

The status Information function of 4:Nginx in practice

There is a ngx_http_stub_status_moudle module in the Nginx software function module, the main function of this module is to record the abridged access status information of Nginx, so that users know the working status of Nginx, such as the number of connections and other information.

[root@yu63 nginx] # cd extra

[root@yu63 extra] #

Cat > > status.conf > # status

> > server {

> > listen 80

> > server_name status.mobanche.com

> > location / {

> > stub_status on

> > access_log off

> >}

> >}

[root@yu63 extra] # sed-I'13 I include extra/status.conf;'.. / nginx.conf

[root@yu63 extra] #.. /.. / sbin/nginx-t

[root@yu63 extra] #. . /.. / sbin/nginx-s reload

Access authentication of practical 5:Nginx

[root@yu63extra] # pwd

/ usr/local/nginx/conf/extra

[root@yu63extra] # vim mobanche.conf

Server {

Listen 80

Server_name www.mobanche.com mobanche.com

Location / {

Root html/mobanche

Index index.html index.htm

Auth_basic "welcome please enter user and passwd"

Auth_basic_user_file / usr/local/nginx/conf/htpasswd

}

}

[root@yu63conf] # htpasswd-bc / usr/local/nginx/conf/htpasswd yu 123456

Adding password for user yu

[root@yu63conf] # chmod 400 htpasswd

[root@yu63conf] # chown nginx htpasswd

[root@yu63conf] # cat htpasswd

Yu:c5XqWgCfsgKoo

[root@yu63extra] #.. /.. / sbin/nginx-t

[root@yu63extra] #.. / sbin/nginx-s reload

Practice 6: access log and polling cutting

The Nginx software records the log information of each user's visit to the website in the specified entry file for the website provider to analyze the user's browsing behavior.

1. Control the parameters of log

Parameters.

Description

Log_format

Used to define the format of logging (multiple log formats can be defined)

Access_log

Used to specify the path to the log file and what log format to use to record the log

2. Main default parameters of Nginx access log

Log_format main'$remote_addr-$remote_user [$time_local] "$request"'

'$status $body_bytes_sent "$http_referer"'

'"$http_user_agent"$http_x_forwarded_for"'

3. Log variable description

Log variable

Description

$remote_addr

Used to record the ip address of the client

$remote_user

Used to record the client user name

$time_local

Used to record access time and time zone

$request

Url and http protocols used to record requests

$status

Used to record the status of the request; success is 200

$body_bytes_sent

The number of body bytes sent by the server to the client response

$http_referer

Used to record the links accessed from that page

$http_user_agent

Record the relevant information of the client browser

$http_x_forwarded_for

When there is a proxy server at the current end, the configuration of the web node to record the client address is not set. This parameter takes effect only if the x_forwarded_for setting is also performed on the proxy server.

[root@yu63nginx] # cat conf/nginx.conf

[root@yu63 nginx] # cat conf/nginx.conf

Worker_processes 1

Error_log logs/error.log

Events {

Worker_connections 1024

}

Http {

Include mime.types

Default_type application/octet-stream

Log_format main'$remote_addr-$remote_user [$time_local] "$request"'

'$status $body_bytes_sent "$http_referer"'

'"$http_user_agent"$http_x_forwarded_for"'

Sendfile on

Keepalive_timeout 65

Include extra/mobanche.conf

Include extra/mobanche1.conf

Include extra/mobanche2.conf

}

[root@yu63 nginx] # cat conf/extra/mobanche.conf

Server {

Listen 80

Server_name www.mobanche.com

Location / {

Root html/mobanche

Index index.html index.htm

}

Access_log logs/access_mobanche.log main

}

[root@yu63 nginx] # cat conf/extra/mobanche1.conf

Server {

Listen 81

Server_name www.mobanche1.com

Location / {

Root html/mobanche

Index index.html index.htm

}

Access_log logs/access_mobanche1.log main

}

[root@yu63 nginx] # cat conf/extra/mobanche2.conf

Server {

Listen 82

Server_name www.mobanche2.com

Location / {

Root html/mobanche

Index index.html index.htm

}

Access_log logs/access_mobanche2.log main

}

[root@yu63 nginx] # tail-1 logs/access_mobanche.log

192.168.1.63-[15/May/2017:22:25:42 + 0800] "GET / HTTP/1.1" 2009 "" curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.3.0 zlib/1.2.3 libidn/1.18 libssh3/1.4.2 ""-"

[root@yu63extra] #.. /.. / sbin/nginx-t

[root@yu63extra] #.. / sbin/nginx-s reload

[root@yu63 nginx] # tail-3 logs/access_mobanche.log

192.168.1.105-[15/May/2017:22:26:51 + 0800] "GET / favicon.ico HTTP/1.1" 404 571 "http://www.mobanche.com/"" Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.104 Safari/537.36 Core/1.53.2669.400 QQBrowser/9.6.10990.400 ""-"

192.168.1.105-[15/May/2017:22:26:51 + 0800] "GET / HTTP/1.1" 304 0 "-" Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.104 Safari/537.36 Core/1.53.2669.400 QQBrowser/9.6.10990.400 ""-"

192.168.1.105-[15/May/2017:22:26:51 + 0800] "GET / HTTP/1.1" 304 0 "-" Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.104 Safari/537.36 Core/1.53.2669.400 QQBrowser/9.6.10990.400 ""-"

Note: when access is not enabled, the contents in the log are only the IP address of the machine. After configuration, you can see the host IP of the client.

3. Nginx access log polling cutting script

[root@yu63 extra] # cat cut_nginx_log.sh

#! / bin/sh

Dateformat= `date +% Y% m% d`

Basedir= "/ usr/local/nginx"

Nginxlogdir= "$Basedir/logs"

Logname= "access_www"

[- d $Nginxlogdir] & & cd $Nginxlogdir | | exit 1

[- f ${Logname} .log] | | exit 1

/ bin/mv ${Logname} .log ${Dateformat} _ ${Logname} .log

/ bin/mv access_mobanche1.log ${Dateformat} _ access_mobanche1.log

/ bin/mv access_mobanche2.log ${Dateformat} _ access_mobanche2.log

$Basedir/sbin/nginx-s reload

[root@yu63 extra] # crontab-l # crontab-e

45 22 * / bin/bash / usr/local/nginx/sbin/cut_nginx_log.sh

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.